James G. Sack (jim) wrote:
Ralph Shumaker wrote:
..
Actually, if it's possible to disable remote login, that's probably good
enough. But are there ways someone could crack rafael remotely without
logging in? If I give wide open sudo access to user rafael, I just want
to minimize risk that someone could gain root access. If I cannot limit
that risk, then why not just run as root in the first place?
It _is_ good to worry (ask questions) about security. One implied
question is how do malicious things happen? Here are a few that I can
think of just now -- perhaps others will expand.
1. You (or your user) somehow does "a bad thing".
2. You install a program that does bad things.
I generally stick with yum in the trusted default repositories. It's
the times when I venture outside this that worry me.
3. You run a program allowing externally-initiated connections (a
service), and the program has an exploitable bug -- or you allow more
freedom than you intended.
I'd like to have those shut off, unless necessary.
4. You execute a program (or plugin) that both has some exploitable
security bug and that exposes you (in normal operations, such as web
browsing) to someone "out there" looking for a connection vulnerable to
this particular exploit.
Which is why I hesitate to add plugins to fireFox and tBird. Hopefully,
they remain secure.
The big headache over security breaches is that there are so many ways
to do such "bad things" that there is essentially no recovery from this
except to reinstall your entire OS and working environment from "known
good" sources.
Having given that scary warning, how does a ordinary person survive?
- Avoid running as root except when necessary.
I may leave a root console or gnome-terminal open for convenience, but
it just sits idle for me except when I need root, which is often enough
that I prefer to leave it open.
- Be careful about destructive or non-undoable operations.
- When root, be ESPECIALLY careful and cautious.
Exactly my practice.
- Backup any data that is valuable to you.
I need to develop a better routine for this, and keep up on it.
- Do not run _any_ services (eg ftp, nfs, ssh) without exploring the
security consequences, and gaining some understanding of security
configuration details. This could be a separate book!
- Be religious about security updates.
I do yum update every time new packages become available. This way, if
something breaks, it's a short list of what could have done it.
- Be aware of fuzzy security situations (risk may be present but is hard
to detect and/or measure or is arguable). Examples that come to mind are
javascript and flash. In a Windows environment there would be many more.
Isn't javascript and flash implementation on Linux much more secure than
on M$ WhenDoze?
This is essentially a single user machine. I have a couple of users for
myself (for convenience of separating work and personal). I have a
couple other users, for whenever they visit, though they don't keep
anything that needs to be backed up or safeguarded.
Maybe I'm just overthinking the whole thing. It's hard to know what I
need when I barely even know what I need to know. I probably should
have put this on the newbie list, but it seemed a little to technical
for that forum.
Currently, whenever I want root access, I generally launch
gnome-terminal, "su -", and then type the command "gnome-terminal" so
that I can hit Shift-Ctrl-T and have multiple root tabs without having
to enter root password more than once. But others have persuaded me
that sudo command logging can be a valuable tool for "How the hell did
*that* happen?".
I don't know how vulnerable I have made myself with keeping root-owned
gnome-terminals open. And I don't have anything crucial on here, but I
still wouldn't want to have to re-create any of it if not needed. sudo
sounds like it would insulate me more than my current practice.
OK, this last part might possibly deserve a separate discussion. But
briefly, here are a couple of points:
- Leaving root windows open makes it easy for you (or maybe even anybody
else who wanders by) to accidentally (or intentionally) do bad things.
If others could wander by, I would not leave root terminals open. I
trust myself (just barely) with a root terminal. Even without a root
shell open, I lock up the PC in screensaver mode if others could wander by.
- Even just having one root shell on the desktop somewhere may be
somewhat dangerous if you are prone to inadvertently typing destructive
commands. I like to use a "custom profile" (for gnome-ternminal,
konsole, etc) with a distinctive background color (red-ish?) for those
times when I open a root shell. Then I am not relying solely on noticing
the '#' prompt.
Agreed. But I also found it annoying trying to locate a nondescript
command line when scrolling back up. Here's my solution:
$ cat .bashrc
# .bashrc
# Source global definitions
if [ -f /etc/bashrc ]; then
. /etc/bashrc
fi
if [ "$TERM" = "linux" ]
then
# we're on the system console, or maybe telnetting in
export PS1="\[\e[30;42m\](Creating this prompt on \d at
\t.)\[\e[32;[EMAIL PROTECTED] \w\[\e[0m\]\n\$ "
else
# we're NOT on the console, assume an xterm
export PS1="\[\e[30;42m\](Creating this prompt on \d at
\t.)\[\e[0m\]\n\$ "
fi
# User specific aliases and functions
(Creating this prompt on Mon Aug 04 at 21:47:47.)
$
On my terminals (all of them, white text on black background), this
gives me what looks like dark gray text on green background for the
prompt info, and tells me the time that the prompt was given back. The
prompt itself, on its own line is merely the "$ ". It also causes
gnome-terminal to display the [EMAIL PROTECTED] and the current path in the
titlebar. Since consoles F1-F6 cannot do that, I had to do something
different there. I prefer to keep "$ " on its own line. My commands do
not tend to be that long. So for the few that are, I prefer to keep
line-wrapping to a minimum.
My root .bashrc has the same modifications except that the info line(s)
preceding the "$ " prompt have a red background.
I no longer feel the previous frustrations of having to scan slowly for
the command line, and then having to scan for it again and again each
time I look elsewhere and back, because it was blending in so damn
well. Now I can scroll up and down quickly and easily find the command
lines and where the output begins and ends.
And, I tend to be very cautious, with *any* commands, _*especially*_ as
root. I think I've made very few blunders as a direct result.
If I run X as rafael, and someone uses an exploit to crack rafael, they
could conceivably use passwd to set their own password. This seems like
a bad thing in a very direct way if rafael also has full sudo
privileges. But they could probably, almost as easily, set a keystroke
sniffer and wait for rafael to pull up a gnome-terminal and "su -" to
root. Maybe I should only become su on a console (F1-F6)???
--
Ralph
--------------------
Let it not be said that no one cared, that no one objected once it's
realized that our liberties and wealth are in jeopardy.
--Congressman Ron Paul 2003-07-10
--
[email protected]
http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
