Skip to main content

View Diary: SoapBlox Press Release on Yesterday's Event (168 comments)

Comment Preferences

  •  Yes, you can configure Sudo for specific commands (0+ / 0-)

    I do it all the time for my clients' users so they can run specific commands as root or other accounts. Few sysadmins use the no password option. Sudo is set up by default to request the password of the account from which the sudo command is running. If the account is compromised, the cracker has the password so it's not a deterrent. When I set someone up for root shell, sudo is configured so they have to know the root password.

    I've been doing this for nearly 15 years now. I think I know what sudo does and how it works. On my own servers I'm the only one who has command line access so sudo isn't an advantage for me.

    Best practices for Unix security:

    Don't allow remote logins for root
    Use only certificate authentication for SSH
    Shut down all unused services

    If you do those three things, the likelihood of getting cracked and compromised is just a hair above null. That's because with all the other unsecured systems out there it's not worth a cracker's time to try to gain control of your system. Sure it's possible someone dedicated to the cause could get in but it's likely you'll notice the attempts long before that person is successful.

    So many impeachable offenses, so little time... -6.0 -5.33

    by Cali Techie on Thu Jan 08, 2009 at 02:51:19 PM PST

    [ Parent ]

Subscribe or Donate to support Daily Kos.

Click here for the mobile view of the site