[arm-allstar] General Internet Security --was: General Observation
dan at ozment.net
dan at ozment.net
Wed May 17 11:21:36 EST 2017
Really good discussion in this thread.
If I can I would like to offer another thought to the "run as root" part
of it. When I set up linux machines I normally disallow root login
after creating a non-root account. I allow my non-root account to use
sudo to run apps and even (sometimes) "sudo to root". From what I've
seen a lot of the bots that are trying to compromise these systems first
start with attacking the root user account. If root cannot log in they
won't get far. With root login disabled you have to first guess the
user account, then you have to guess the password.
If the set up script could have the user create a personal user account,
give that account sudo access, and disable root login in sshd.conf I
think it would lock the nodes down a little better.
...my 1.25 cents!
73
Dan
W4DTO
More information about the arm-allstar
mailing list