Re: [Hampshire] Result of the Ubuntu Challenge

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
M\Stephen Davies at <-
MMSimon Huggins at ->

Reply to this message
Author: Sean Gibbins
Date:  
To: stephen.davies
CC: Hampshire LUG Discussion List
Subject: Re: [Hampshire] Result of the Ubuntu Challenge
Stephen Davies wrote:
> Sean,
> The difference is that to get to root (unless you have physical access
> to the machine) required cracking two passwords. Direct root logins
> even via ssh over a network connection should be disabled thus you
> have to be able to logon to one account first and then try to su to
> root. every su is logged and as you know (from often bitter
> experience... :-X ) using things like Keon & Seos can make auditable
> access control more easy to manage.

Sorry Steve, but I thought you said earlier that you permit root logins
via the console, hence that comment.

Sudo logs in the same way that su does and I am sure that there are
additional layers of security that can be applied if necessary to manage
and audit access.

I will accept that RHEL or Fedora might put you nearer where /you/ want
to end up OOTB, and that your familiarity with those distributions makes
you more comfortable performing the remaining configuration required to
complete the task. I don't however believe that Ubuntu is inherently
insecure or incapable of being secured as you describe above.

Horses for courses and all that, eh?

Sean


This message was posted to the following mailing lists:
Hampshire LUG
Mailing List Info | Nearby Messages		<-Re: [Hampshire] Ruby on Rails communities in the UKRe: [Hampshire] Result of the Ubuntu Challenge->
Hampshire LUG Mailing List Archive administrated by WebmasterLurker (version 2.3)