On 8/18/05, Scott Plumlee <[EMAIL PROTECTED]> wrote: > Nick Holland wrote: > > Tim wrote: > > > >>Hello > >> > >>1. I have a old computer that is slow and has little memory. But I > >>want to keep it updated with patches. I can't compile these patches > >>on the system but I could do it on another faster system. But how can > >>I later apply the compiled patches to the weak system? > > > > > > In addition to the previously mentioned release(8) process (also > > documented here: http://www.openbsd.org/faq/faq5.html#Release), there is > > another thing you could do: run snapshots. They will have all the > > security and reliability updates (before they are in -stable, in fact), > > but also feature updates. > > > > > >>2. Alot of you seem to use sudo instead of su - when you want to do > >>something that requires privileges. Why is this? What settings are > >>you using for sudo? > > > > > > Took me a while to get interested in sudo, which is unfortunate. Way > > cool program. > > > > When I set up an OpenBSD system, one of the first things I do is create > > a personal user for myself, put myself in the wheel group, configure > > sudo to let wheel users do anything, log in as that user, and disable > > root logins. Completely disable. This does a few things... > > Is your preferred method for doing so to remove the root user, or set > the shell to nologin, or something else? I like the idea, but I'd > rather not shoot myself in the foot doing it.
Disabling root locally is extremely dangerous in my opinion. Just disable any remote root logins, but keep root locally accessable. If the attacker has local access, not being able to login as root doesn't do much. Jason
