Even with highest security, you are still at risk.
Blocking all the other services doesn't help if you have one that is insecure
(or running as root).
If you have nothing on the machine but a web server, and through the combination
of it running as root (unlikely) and a misconfiguration or summat, it's just as
easy to break into as a machine with no firewall and a whole bunch of other
programs, all properly secured, with the buggy/misconfigured web server.
Moral of the story: root != (everyday user || service account)
--agenthh
SQLBoy wrote:
Not even if "with the highest security on?"
On Tue, 2003-02-11 at 19:35, Oscar N wrote:
hmm, running stuff as root is not secure, not in any way, not even close...
/Oscar
White Tiger* wrote:
He's wise! I love him :p
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]] On Behalf Of agenthh
Sent: Tuesday, February 11, 2003 6:01 PM
To: [EMAIL PROTECTED]
Subject: Re: RE: [hlds_linux] Linux don't create logs
Crazy.
As the linux kernel README says, "Never take the name of root in vain."
It is easy and simple to run HLDS as a separate user. Sure, you may only
have HLDS on the box, but that doesn't make it good security policy.
What if some l4m3r somehow gets in and trashes the box, due to the fact
that HLDS is running as root? Basically, you can run HLDS as root, it's
just that running as another user has less risk, for no real work. Oh,
and habits. Who knows, I've done this before, you might be working on
some other box, and your default policy is to run stuff as root. You
might just install something as root, especially something insecure.
BAD.
--agenthh
-------Original Message-------
From: John Hemmingsen <[EMAIL PROTECTED]>
Sent: 02/11/03 11:47 AM
To: [EMAIL PROTECTED]
Subject: RE: [hlds_linux] Linux don't create logs
I currently run it as root, with highest security on.
Only 5 ports are allowed in/out on server (the ones that hl/cs require)
Got nothing else on the dedicated server, it is also outside my router.
With own ip address.
So I don't think running as root is dangerous :)
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives,
please visit: http://list.valvesoftware.com/mailman/listinfo/hlds_linux
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives, please visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives, please visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux
--
SQLBoy <[EMAIL PROTECTED]>
http://www.playway.net
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives, please visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux
_______________________________________________
To unsubscribe, edit your list preferences, or view the list archives, please visit:
http://list.valvesoftware.com/mailman/listinfo/hlds_linux
