Re: [gentoo-hardened] New Server, considering hardened, need pointers to tfm...

[Hilco Wijbenga <hilco.wijbenga@gmail.com>]

On 11 December 2011 06:53, Alex Efros <powerman@powerman.name> wrote:
> On Sun, Dec 11, 2011 at 02:25:19PM +0000, Sven Vermeulen wrote:
>> > 1)  How can
>> >     4.2.4.1. Root Logon Through SSH Is Not Allowed
>> >     increase security, if we're already using
>> >     4.2.4.2. Public Key Authentication Only
>> >     Disabling root may have sense with password auth, but with keys it is
>> >     just useless inconvenience.
>>
>> I read somewhere that security is about making things more inconvenient for
>> malicious people than for authorized ones.
>>
>> For me, immediately logging in as root is not done. I want to limit root
>> access through the regular accounts on the system (with su(do)). I never had
>> the need to log on as root immediately myself.
>
> Understood. But I still don't see how this can increase security.

It is my understanding this is not so much about security per se as it
is about auditing. Especially in an environment with more than one
admin.

Let's say there are two admins (A and B) who both log on (remotely) as
root. Then there is no easy way to tell who did what. Leaving an audit
trail is useful and in many environments simply required.

Moreover, if admin A's account is compromised then a black hat can use
admin A's access to root to remotely log on to any machine admin A has
access to. This will be hard to detect and it will be hard(er) to
determine how the black hat gained access. If admin A had logged on as
admin A instead of root then it would be more obvious it was admin A's
account that had been compromised.