[arm-allstar] General Observation
Sam Nabkey
sam.nabkey at gmail.com
Wed May 17 04:10:17 EST 2017
In my experience, I received a call that someone had compromised my node
and was mining bitcoin and weak PlayStation account logins.
I have changed the ssh port on all my nodes up and away from standard, I've
changed the SIP port also as I run SIP to connect an IP phone as a node
monitor.
I also run a ubiquity router that I've added scripts on to automatically
adjust the firewall to change a blacklist of ip addresses from a few
different databases every hour.
I'm a green rookie on network security but when a subnet gets poisoned by a
ddos attack you learn really quick.
Sam
On May 17, 2017 00:46, David Lang via arm-allstar <arm-allstar at hamvoip.org>
wrote:
> On Wed, 17 May 2017, "Nathaniel Biser via arm-allstar" wrote:
>
> The one consistency that I have read and heard about Linux is that you
>> shouldn't run as root on a regular basis. The specific reasons escape me
>> at the moment but I'm gonna go out on the limb and hypothesize that it's
>> because if your system was compromised, and you are running as root, it
>> would be much more detrimental then if you were running as a user.
>>
>
> my day job is security (banking and such)
>
> The "don't run as root" dates back to the days of Unix machines running
> multiple users, and since root can do anything, if a process running as
> root has a flaw, the attacker then has full control over the machine.
>
> When a machine is only running for one purpose (in this case the allstar
> software), and the machine doesn't have any special permissions on your
> network, it really doesn't matter much if an attacker ends up as root on
> the machine, or as the user that runs everything that matters on the machine
>
> https://xkcd.com/1200/
>
> I am curious as to why is the Allstar software page defaults to running as
>> root upon installation. Like I said, I am only a student in all of this
>> but I would like to hear the pros and cons of doing so.
>>
>
> running as root is much simpler to setup, and even if it was running as
> the user 'allstar' with permissions added for anything it needs to do, the
> damage that someone could do on the pi once they get in is virtually
> identical, so it's arguably not worth the effort to set it up to run as a
> different user.
>
> Davdi Lang
> _______________________________________________
>
> arm-allstar mailing list
> arm-allstar at hamvoip.org
> http://lists.hamvoip.org/cgi-bin/mailman/listinfo/arm-allstar
>
> Visit the BBB and RPi2/3 web page - http://hamvoip.org
>
More information about the arm-allstar
mailing list