Re: shared root account
On Tue, Jul 10, 2001 at 09:05:18AM -0400, Jason Healy wrote:
>
> At 994738826s since epoch (07/10/01 02:20:26 -0400 UTC), Micah Anderson wrote:
> > These both seem like excellent practices, for the clueless in all of us -
> > can someone describe how this is done for sudo? How do you configure PAM to
> > require alternative passwords, which expire and age, and are decent
> > passwords? And how does one reliably log sudo logs offsite?
>
> Please take a large grain of salt before reading, I haven't done this
> stuff in a while so I'm rusty on it. I've included references to
> where I've gotten the info so you can read more about it yourself.
>
> One can log to a different host by putting @hostname in your
> syslog.conf file. I believe it looks like this:
>
> (`man syslog.conf`)
>
> auth,authpriv.* @log.myotherhost.com
>
> (assuming you have sudo logging at level auth)
>
> I know this may seem obvious, but make sure that this machine does not
> share admin accounts with the machine you're logging from, or the
> hacker will just break in and change the logs!
>
Don't forget, on the logging machine, syslog actually needs to be
told to allow messages from the network (and listening, obviously).
-r.
[...]
--
"... being a Linux user is sort of like living in a house inhabited
by a large family of carpenters and architects. Every morning when
you wake up, the house is a little different. Maybe there is a new
turret, or some walls have moved. Or perhaps someone has temporarily
removed the floor under your bed." - Unix for Dummies, 2nd Edition
-- found in the .sig of Rob Riggs, rriggs@tesser.com
Reply to: