On Jan 23, 2008 5:07 PM, John Summerfield <debian@xxxxxxxxxxxxxxxxxxxxxx> wrote:
Aldo Foot wrote:
cron jobs are created either by your vendor (Fedora in this case), or by... snip...
> Perhaps a good practice is to configure accounts such as those for
> cron jobs to use only specific commands.
> Does anyone reading this thread uses such setup?
> I'll play with this a bit.
users with access to accounts on the system.
If you use decent passwords, exercise due care with invited content
(email, www etc & especially software[1] you install/allow to be
installed), secure your servers[2] I don't think you have a lot to do with.
If you're trying to protect high-value assets, best to hire an expert
with the skills needed, it's pretty clear you don't have them.
[1] I'm very picky. Most stuff from the FOSS world I trust, it will
quickly get a bad name if it contains malware. I mostly avoid Acrobat &
flash (the latter's main use seems to be adware, and there are serious
security concerns), and absolutely shun toys such google desktop etc.
[2] I run ssh, and I allow five connexions/hour globally (not per source
IP) from parts of the world I don't expect connexions from, it covers me
for the case I've been too strict. I don't think anyone's going to
succeed with even a weak password without a fair bit of lock. I don't
think my password's weak.
--
Cheers
John
I have a couple of questions:
1. If you use the connection/hour limit scheme does it mean you don't
use tcpwrappers and you only rely on user/password for authorization?
2. Is this what you use to configure five ssh connections per hour?
#tcplimit 22 5 hour on
~af
