On Fri, 10 May 2002, Khuzairi Yahaya wrote:
> I was asked to look into the possibility of Disabling or Renaming
> the Root ID.
>
> Should I be doing this? Is there any concerns? What should look into?
It get's you litle aditional security. 99% of exploits go after
uid 0, not user root. The only thing you can avoid is script kiddies
telnetting or ssh'ing your server as root, trying to break root account.
I'm sure you dont allow telnet, and have "PermitRootLogin no" on
/etc/sshd_config, right?
--
Regards,
Luis Pinto
-----------------------------------------------------------------------
http://student.dei.uc.pt/~lmpinto PHONE: +351-96-2433471 ICQ #15663369
-----------------------------------------------------------------------
"Open source software - with no walls and fences, who needs Windows and
Gates?"
