Home | Content | Search | Navigation | Indexes
 

Mailinglist Archive: opensuse (3394 mails)

< Previous Next >
RE: [SLE] Making yourself have root permissions
  • From: RYagatich@xxxxxxxx (Ryan Yagatich)
  • Date: Tue, 7 Mar 2000 13:23:06 -0500
  • Message-id: <6F81C626C1AFD311A2420090279D366A01BAC3@xxxxxxxxxxxxxx>



FIRST AND FOREMOST: SORRY, i think my mind was wandering a little beyond the
original point of the thread to begin with.

your real question was: why shouldn't i be logged on as root to go on
internet.... (brief but to the point)

as a summary of what everybody else has said, and then some more input on my
own, you have to look at how important your system is to you, and how much
you are willing to risk getting hacked.

there are a lot of little script-kiddies out there who search around the
internet looking for guest accounts, test accounts etc. if they find ANY
account on a system, and are able to break into it they then attempt to get
root (obviously). some things can be done, including reading of im-properly
setting log file permissions. ex: say user test has permissions to read and
write to your log file, then they can see that the user root logs in a lot,
they delete the entry of them logging in. This of course can also be done
with finger as well (at least to see when login was last performed) They
then replace a common file masked by it's original contents so you run it
(like ls, more, less, adduser, YaST, startx)... the command allows them to
be added to the root group! they now have access to the machine and are
ready to cause total system failure, which as you probably know, or could've
guessed loss in business transactions, cost in repairs, you know the drill.
now of course there are countermeasures to take as well, like typing in
full path commands ( like /bin/ls -l -a ./) instead of just ls. that however
gets tedious.

The best thing to do with power is to leave it alone.

ryan

--since all my writing is just a jumble of words jotted down in a new
window, it's now your job to organize these thoughts and hope that you can
make some logical sense out of the matter. Why? Because I can't!--


--
To unsubscribe send e-mail to suse-linux-e-unsubscribe@xxxxxxxx
For additional commands send e-mail to suse-linux-e-help@xxxxxxxx
Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/


< Previous Next >