On Mon, 2010-11-01 at 19:42 +0100, Sylvain Beucler wrote: > Not checking root's mails is bad practice IMHO though. > I can't count the number of times I got warned of issues that way.
I can confirm it. We alias most daemons accounts and the root one to a central mailing list at Bearstech. It's not that noisy wen all details have been taken care of, we get 5-10 mails/day for 150 servers. Sorry about the authorized_keys overwrite. I warned about that on [email protected] if I recall correctly, I tried to identify some key owner (it's backup bot, now I know...). We do have a centralized ssh-key repo and I check every key in all authorized_keys from time to time, but this only happen on root accounts. Regular user accounts have a much more relaxed policy. _______________________________________________ Project mailing list [email protected] https://mail.gna.org/listinfo/project
