Ralph Shumaker wrote: >.. > Actually, if it's possible to disable remote login, that's probably good > enough. But are there ways someone could crack rafael remotely without > logging in? If I give wide open sudo access to user rafael, I just want > to minimize risk that someone could gain root access. If I cannot limit > that risk, then why not just run as root in the first place?
It _is_ good to worry (ask questions) about security. One implied question is how do malicious things happen? Here are a few that I can think of just now -- perhaps others will expand. 1. You (or your user) somehow does "a bad thing". 2. You install a program that does bad things. 3. You run a program allowing externally-initiated connections (a service), and the program has an exploitable bug -- or you allow more freedom than you intended. 4. You execute a program (or plugin) that both has some exploitable security bug and that exposes you (in normal operations, such as web browsing) to someone "out there" looking for a connection vulnerable to this particular exploit. The big headache over security breaches is that there are so many ways to do such "bad things" that there is essentially no recovery from this except to reinstall your entire OS and working environment from "known good" sources. Having given that scary warning, how does a ordinary person survive? - Avoid running as root except when necessary. - Be careful about destructive or non-undoable operations. - When root, be ESPECIALLY careful and cautious. - Backup any data that is valuable to you. - Do not run _any_ services (eg ftp, nfs, ssh) without exploring the security consequences, and gaining some understanding of security configuration details. This could be a separate book! - Be religious about security updates. - Be aware of fuzzy security situations (risk may be present but is hard to detect and/or measure or is arguable). Examples that come to mind are javascript and flash. In a Windows environment there would be many more. > > This is essentially a single user machine. I have a couple of users for > myself (for convenience of separating work and personal). I have a > couple other users, for whenever they visit, though they don't keep > anything that needs to be backed up or safeguarded. > > Maybe I'm just overthinking the whole thing. It's hard to know what I > need when I barely even know what I need to know. I probably should > have put this on the newbie list, but it seemed a little to technical > for that forum. > > Currently, whenever I want root access, I generally launch > gnome-terminal, "su -", and then type the command "gnome-terminal" so > that I can hit Shift-Ctrl-T and have multiple root tabs without having > to enter root password more than once. But others have persuaded me > that sudo command logging can be a valuable tool for "How the hell did > *that* happen?". > > I don't know how vulnerable I have made myself with keeping root-owned > gnome-terminals open. And I don't have anything crucial on here, but I > still wouldn't want to have to re-create any of it if not needed. sudo > sounds like it would insulate me more than my current practice. OK, this last part might possibly deserve a separate discussion. But briefly, here are a couple of points: - Leaving root windows open makes it easy for you (or maybe even anybody else who wanders by) to accidentally (or intentionally) do bad things. - Even just having one root shell on the desktop somewhere may be somewhat dangerous if you are prone to inadvertently typing destructive commands. I like to use a "custom profile" (for gnome-ternminal, konsole, etc) with a distinctive background color (red-ish?) for those times when I open a root shell. Then I am not relying solely on noticing the '#' prompt. Regards, ..jim -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
