02.05.2010 17:23, Krzysztof Pawlik wrote: > Interesting... to me that's not only stupid but also kinda useless - there's > no > difference between brute-forcing a password for user named 'foo' or 'root' - > user name doesn't matter much. > It's better to disable password-based remote login altogether in sshd_config. > Security by obscurity is a nice way to make pseudo-sys-admins feel warm and fuzzy :]
The username is 50% of what you need to know to be able to log in, and security by obscurity can support environments where the attacker cannot gain insight easily, in contrast to e.g. security by obscurity in hardware like telephones that are shipped to you and can be examined closely. However, it cannot be seen as effective countermeasure against attacks and AFAIR the BSI also says, that you shouldn't allow root logins and need a second user for logging in. All of it is a bit ridiculous, because when you're in a position to try gaining uid 0, you probably can read /etc/passwd already. So, of course, it's really dumb and only creates problems. One can try to explain that to an auditor - but it will cause not only a few problems and definitively delay and/or endanger your certification, if this was a "MUST" and not a "SHOULD". If it is a "SHOULD", you need to explain (in convincing written form, of course) why you do not want to implement it. Back to topic: I think it would be nice be able to rename root, but I'm not sure how much work this is, and doubt many people would actually benefit from it. In scripts I use to deploy things to both BSI and non-BSI systems, I'm simply using "chown 0:0 foo". I think we could do that in our eclasses without breaking things, but helping poor souls that renamed root. ;) A quick look revealed that the tetex.eclass already does this and that there are several other eclasses that use "chown -R root:0". Best regards, Craig
