On Tue, 18 Jan 2005 10:13:20 -0700 (GMT-07:00), James Mckenzie <jjmckenzie51@xxxxxxxxxxxxx> wrote: > Gordon and the rest of the list: > > Sorry about the top post, but I am replying through my web mail host. > > I have one question: Can we change the name of root, or even get rid of it? The elimination of the Administrator account and replacing it with a user with admin priveleges is a well known security 'enhancement' to Windows and I would like to apply the same to my FC system. It is my guess that most UNIX/Linux worms is that they look for a user with '0' as the user id. Maybe what I am asking is an exercise best left to the student. However, I do not want to revisit mistakes made by others. > I think that was good for about 2-4 weeks and then they used the same mechanism to query the... SID I think, of the accounts and find the renamed administrator account. Lock it down. Only allow secure logins (ssh, scp, sftp with v1 disabled and keys rather than passwords) don't allow root to login use (su or sudo). Keep security patches up to date... -- Leonard Isham, CISSP Ostendo non ostento.
