From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1RZpbk-000203-Ct for garchives@archives.gentoo.org; Sun, 11 Dec 2011 20:02:49 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 6081121C0BC; Sun, 11 Dec 2011 20:02:33 +0000 (UTC) Received: from mail-yx0-f181.google.com (mail-yx0-f181.google.com [209.85.213.181]) by pigeon.gentoo.org (Postfix) with ESMTP id 22CDF21C0A4 for ; Sun, 11 Dec 2011 20:01:41 +0000 (UTC) Received: by yenm3 with SMTP id m3so4261895yen.40 for ; Sun, 11 Dec 2011 12:01:41 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; bh=LaJWBN0vi/FOepYmEZ8QSi3vTGNX4ZzcqVNYFu6/fa8=; b=xbNdQG4ix1qsZFOjZ4AmugvBaBP9UYl2kuXUW6agx1ctmhlT2yndJdpRFd6WpIeGIH C+tUnIEKHsQBsmtZyloY6iK1LuVQV9Jy0zPQ9TW0EqHukaSE/CmIM5JeP+r0NvYVfFs8 bzDMxtbfX8daaxOrHFN2joAb/INiUR3f0QxuU= Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-hardened@lists.gentoo.org Reply-to: gentoo-hardened@lists.gentoo.org MIME-Version: 1.0 Received: by 10.236.165.98 with SMTP id d62mr1765731yhl.15.1323633701638; Sun, 11 Dec 2011 12:01:41 -0800 (PST) Received: by 10.236.27.200 with HTTP; Sun, 11 Dec 2011 12:01:41 -0800 (PST) In-Reply-To: <20111211145302.GE1990@home.power> References: <4EE3BE6B.6050507@libertytrek.org> <20111210145204.39ec9cba@khorne.mthode.org> <20111211101851.GA1810@gentoo.org> <20111211122043.GD1990@home.power> <20111211142519.GA12313@gentoo.org> <20111211145302.GE1990@home.power> Date: Sun, 11 Dec 2011 12:01:41 -0800 Message-ID: Subject: Re: [gentoo-hardened] New Server, considering hardened, need pointers to tfm... From: Hilco Wijbenga To: gentoo-hardened@lists.gentoo.org Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-Archives-Salt: 89e0bc76-bf54-41aa-9dd0-103fc27fa9be X-Archives-Hash: 0aec2f7c6fe06e3a2914bf45a79c1616 On 11 December 2011 06:53, Alex Efros wrote: > On Sun, Dec 11, 2011 at 02:25:19PM +0000, Sven Vermeulen wrote: >> > 1) =C2=A0How can >> > =C2=A0 =C2=A0 4.2.4.1. Root Logon Through SSH Is Not Allowed >> > =C2=A0 =C2=A0 increase security, if we're already using >> > =C2=A0 =C2=A0 4.2.4.2. Public Key Authentication Only >> > =C2=A0 =C2=A0 Disabling root may have sense with password auth, but wi= th keys it is >> > =C2=A0 =C2=A0 just useless inconvenience. >> >> I read somewhere that security is about making things more inconvenient = for >> malicious people than for authorized ones. >> >> For me, immediately logging in as root is not done. I want to limit root >> access through the regular accounts on the system (with su(do)). I never= had >> the need to log on as root immediately myself. > > Understood. But I still don't see how this can increase security. It is my understanding this is not so much about security per se as it is about auditing. Especially in an environment with more than one admin. Let's say there are two admins (A and B) who both log on (remotely) as root. Then there is no easy way to tell who did what. Leaving an audit trail is useful and in many environments simply required. Moreover, if admin A's account is compromised then a black hat can use admin A's access to root to remotely log on to any machine admin A has access to. This will be hard to detect and it will be hard(er) to determine how the black hat gained access. If admin A had logged on as admin A instead of root then it would be more obvious it was admin A's account that had been compromised.