The argument that limiting sudo to a subset of commands offers a false sense of

The argument that limiting sudo to a subset of

This preview shows page 33 - 35 out of 47 pages.

machines/networks.The argument that limiting sudo to a subset of commands offers a false sense of security is ridiculous –it’s exactly the point. if the number of commands that are available under sudo is low – yes, functionalitytakes a hit but the surface area for abuse is narrowed – and that’s a good thing. Yes, set sudoku up – takethe hit and then address functionality that is broken and engineer solutions to them from a better/securestarting point (you’ll ±nd that most of the things that were broken were badly written or don’t really needaddressing). Christopher Quinn March 5, 2011 at 4:47 am perfect. I was searching how to disable the root access. I love this site. I can’t believe I didn’t ±nd it sooner. I switched from shared web hosting to vps web hosting and I love it. Thanks! DSpider March 24, 2011 at 12:53 am Well, Christopher… I think if, God forbid, the user account is compromised then you can simply login as root and delete it, along with it’s ~/ directory. But if you disable root access… I guess you’d have to reinstall the OS. Also, setting the “noexec” ²ag in fstab is a very smart move. Especially for data partitions (why would you wanna run binaries from a data partition anyway ? Programs should have no business there). I thought this ²ag also applied for scripts. Hmmm…. Ramakrishna- krrish April 29, 2011 at 12:39 pm Hi Sir, Am fan to your article.. Really these are very excellent sessions.. we never get this from any other books.. Really Am so happy and we are improving our con±dential levels by following your articles.. One small request, Why dont you keep an article on Solaris server issues.. Because now a days, both unix and linux are growing popular across the world.. And so many administrators are working in dual modes (LINUX and UNIX) . So, if the send an article based on linux and unix(solaris) then, so many administrators feel much better..
Image of page 33
Thanks Ramakrishna - Krrish April 30, 2011 at 5:03 am Hi Sir, I have been trying to implement OpenLDAP server in CentOS5.4 for the past 10 months. But, till i haven’t implemented. I studied and gathered so many books and articles.. even though am not succeeded. So, could you send openldap server con±guration article in CentOS5. Then i can follow your help to complete the task..And i need exactly what is ldap ? why for Ldap? where to Implement ldap ? I have so many doubts are there on ldap scenario. And how can join windows client to linux openldap server ? . If joins, how to do that ? .. So, could you explain detailedly… with best regards.. thanks, Ramakrishna – krrish d0rk-E May 28, 2011 at 8:56 pm I have heard the arguments for and against #7, disable root login, and am for it… But you never tell me HOW to. 😀 ckdie92hc8899s9 July 20, 2011 at 7:31 pm WARNING to fellow DEBIAN users: debian apt-get may break system if cannot use /tmp. Tmp may be set noexec, nosuid, etc.
Image of page 34
Image of page 35

You've reached the end of your free preview.

Want to read all 47 pages?

  • Spring '14
  • ValarieMcLain
  • Debian, Linux distribution

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture