I want to thank everyone for their input on this issue. I will take
everyone's input into serious consideration, before I fo forward.

Thanks.....

Cam


----- Original Message -----
From: "Lars Fredriksen" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Cc: "Cameron Haegle" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Tuesday, June 19, 2001 1:58 PM
Subject: Re: Securing the root account


> Very well put!
>
> Lars
> Bill Vermillion wrote:
>
> > On Tue, Jun 19, 2001 at 12:33:44PM -0500, Cameron Haegle thus
> > sprach:
> >
> > > I come from the Windoze side of the playground, where you are able
> > > to rename the Administrator account name, in order to provide a
> > > bit more security.
> >
> > > Can a similar thing be done with FreeBSD?
> >
> > You could, but what you are proposing is the classic 'Security
> > through obsurity model'.  That never works.
> >
> > Root is a traditional account name since 1969, but it also maps to
> > user ID 0 as someone else mentioned.  Every system requires
> > a user ID 0 no matter whether it is root, larry, manny or moe.
> >
> > Make sure that no one can log in as root anywhere except at the
> > console.  You can even elminate root login at the console if your
> > system is not in a 10000% secure location :-)
> >
> > Then the only memember who can use root are those you put in the
> > 'wheel' group.
> >
> > Let's get back to UID 0 for a moment.  If anyone can get into that
> > machine, even if they don't have the ability to become super user,
> > and you have named your root account mxtylplx, then anyone on that
> > machine will know that is the admin account by listing any
> > directory in which used ID 0 has a file it owns.
> >
> > Don't putz around with security 'ideas'.  Do security in the right
> > manner.  Limit the wheel account users.  Make sure they keep their
> > login password secure, and keep the root password secure.
> >
> > Get rid of all telnet account and put in SSH so that no clear text
> > passwords ever cross the net.   That's just a small step on the
> > way, to locking down a system, but just changing login  names won't
> > do it.
> >
> > Bill
> >
> > --
> > Bill Vermillion -   bv @ wjv . com
> >
> > To Unsubscribe: send mail to [EMAIL PROTECTED]
> > with "unsubscribe freebsd-net" in the body of the message
>


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message

Reply via email to