Hi all.
I have read an article in the February 2005 Sys Admin magazine, I
thought the group might find interesting.
Basically the author suggests setting up a cronjob to reset root's
password every minute to a random value, hence there would be no
direct
root access available as even the admin would not know the password.
All
access is through sudo commands. The author gives a method for
achieving
a root session by sudo su -
I wonder what you all think of this method?
Certainly, not having any direct root access provides a bit more
security, but if the sudoer file is written to exclude all users
(either
accidentally or under attack), then won't there be no root access at
all, and no possibility of regaining root access?
Also I wonder if it would be possible to use this method under
kerberos,
which I have just been introduced to. I have been considering my Home
Auto system again and thought that I might use that to implement a
centralised user database.
http://www.samag.com/documents/s=9494/sam0502h/0502h.htm
--
Keith Wyse
This is my Origami and it is strong
-
----------------------------------------------------------------------
You can find the EdLUG mailing list FAQ list at:
http://www.edlug.org.uk/list_faq.html