Re: (PM) Root logins through PM's

Charles Scott (cscott@freeway.net)
Sat, 24 Jan 1998 11:51:08 -0500 (EST)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Roy: "Re: (PM) bad collision ratio"
Previous message: Norris Sydnor: "(PM) IP Setup"

Stephen:
You might want to check if your servers will allow root login from
anywhere but the console. They should be configured such that you can't
do that. It should instead require you to first login as a user who has
special priviledges to su to root (wheel). They would therefore have to
guess or comprimize 2 passwords to get in (unless you leave your office
unlocked).

Chuck

On Fri, 23 Jan 1998, NOT a LE employee wrote:

> On Fri, 23 Jan 1998, Stephen Fisher wrote:
>
> >
> > Anyone ever considered the fact that a user can log into your Portmasters
> > and do password guessing for your Unix's root account pretty easily and get
> > in through a shell account if the password is guessed right?
> >
> > Maybe I'm not thinking straight but I put these entries in my users file:
> >
> > ## REJECT ATTEMPTS TO LOGIN AS ROOT THROUGH DIALINS #########################$
> > root Auth-Type = Reject
> >
> > Proot Auth-Type = Reject, Prefix = "P"
> >
> > root Auth-Type = Reject, Framed-Protocol = PPP
>
> isn't the last one redundant?
>
>
> --
> Aloha from Paradise,
>
> Sherwood
>
> -
> To unsubscribe, email 'majordomo@livingston.com' with
> 'unsubscribe portmaster-users' in the body of the message.
>
-
To unsubscribe, email 'majordomo@livingston.com' with
'unsubscribe portmaster-users' in the body of the message.

Next message: Roy: "Re: (PM) bad collision ratio"
Previous message: Norris Sydnor: "(PM) IP Setup"