Re: toor & root
From: Mike Jackson (mjj_at_isorauta.ntc.nokia.com)
Date: 02/01/04
- Previous message: Sebastian Kutsch: "Re: boot.config problem, can't boot"
- In reply to: Markus Kovero: "RE: toor & root"
- Next in thread: Matthew Seaman: "Re: toor & root"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Sun, 1 Feb 2004 13:55:13 +0200 To: freebsd-questions@freebsd.org
ext Markus Kovero (markus.kovero@grafikansi.fi) wrote:
> Toor is for security paranoid people? Dunno, its way to get more secure from
> most "script kiddie"-r00t-kit things. Does it btw have superuser id?
The "toor" user is nothing more than a backup root account, in case your
"root" account happens to get locked out for some odd reason. The "toor"
user does not have a password by default, and is thus a disabled
account. I normally add my own "root user" account, which serves the
same purpose but helps auditing because that username appears in
logfiles instead of "root" or "toor".
The best way to protect against somebody trying to remotely hack root,
other than the obvious of turning off unneeded services, is to disable
remote root logins. Then to get root, you have to first login as a
normal user and then su to root. Disable remote root logins in
/etc/ttys by setting terminals to insecure.
-- mike _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"
- Previous message: Sebastian Kutsch: "Re: boot.config problem, can't boot"
- In reply to: Markus Kovero: "RE: toor & root"
- Next in thread: Matthew Seaman: "Re: toor & root"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
