From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1O8eGw-0003hj-1Q for garchives@archives.gentoo.org; Sun, 02 May 2010 18:52:10 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 09249E0642; Sun, 2 May 2010 18:52:06 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id 600B5E057F for ; Sun, 2 May 2010 18:51:46 +0000 (UTC) Received: from [192.168.0.1] (f049175194.adsl.alicedsl.de [78.49.175.194]) (using TLSv1 with cipher DHE-RSA-CAMELLIA256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTP id 9BC4E1B40D1 for ; Sun, 2 May 2010 18:51:45 +0000 (UTC) Message-ID: <4BDDC9D1.70805@gentoo.org> Date: Sun, 02 May 2010 20:52:01 +0200 From: Stefan Behte User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.9) Gecko/20100421 Thunderbird/3.0.4 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] A policy to support random superuser account names References: <20100430200726.298ae94c@pomiot.lan> <4BDD968E.7050309@gentoo.org> <4BDD98E1.7080601@gentoo.org> In-Reply-To: <4BDD98E1.7080601@gentoo.org> X-Enigmail-Version: 1.0.1 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Archives-Salt: b7594fa6-54df-42e7-9c8d-0dceeecca6fb X-Archives-Hash: d824f8f2b88d21a062e12db58cfec41b 02.05.2010 17:23, Krzysztof Pawlik wrote: > Interesting... to me that's not only stupid but also kinda useless - there's no > difference between brute-forcing a password for user named 'foo' or 'root' - > user name doesn't matter much. > It's better to disable password-based remote login altogether in sshd_config. > Security by obscurity is a nice way to make pseudo-sys-admins feel warm and fuzzy :] The username is 50% of what you need to know to be able to log in, and security by obscurity can support environments where the attacker cannot gain insight easily, in contrast to e.g. security by obscurity in hardware like telephones that are shipped to you and can be examined closely. However, it cannot be seen as effective countermeasure against attacks and AFAIR the BSI also says, that you shouldn't allow root logins and need a second user for logging in. All of it is a bit ridiculous, because when you're in a position to try gaining uid 0, you probably can read /etc/passwd already. So, of course, it's really dumb and only creates problems. One can try to explain that to an auditor - but it will cause not only a few problems and definitively delay and/or endanger your certification, if this was a "MUST" and not a "SHOULD". If it is a "SHOULD", you need to explain (in convincing written form, of course) why you do not want to implement it. Back to topic: I think it would be nice be able to rename root, but I'm not sure how much work this is, and doubt many people would actually benefit from it. In scripts I use to deploy things to both BSI and non-BSI systems, I'm simply using "chown 0:0 foo". I think we could do that in our eclasses without breaking things, but helping poor souls that renamed root. ;) A quick look revealed that the tetex.eclass already does this and that there are several other eclasses that use "chown -R root:0". Best regards, Craig