From owner-freebsd-questions Sun Dec 30 13:31:29 2001 Delivered-To: freebsd-questions@freebsd.org Received: from post.mail.nl.demon.net (post-10.mail.nl.demon.net [194.159.73.20]) by hub.freebsd.org (Postfix) with ESMTP id 6970337B41A for ; Sun, 30 Dec 2001 13:31:25 -0800 (PST) Received: from [212.238.194.207] (helo=tanya.raggedclown.net) by post.mail.nl.demon.net with esmtp (Exim 3.33 #1) id 16KnYB-0000Dm-00 for FreeBSD-questions@freebsd.org; Sun, 30 Dec 2001 21:31:23 +0000 Received: by tanya.raggedclown.net (Postfix on SuSE Linux 7.3 (i386), from userid 500) id 075AE1171; Sun, 30 Dec 2001 22:31:22 +0100 (CET) Date: Sun, 30 Dec 2001 22:31:22 +0100 From: Cliff Sarginson To: FreeBSD-questions@FreeBSD.ORG Subject: Re: Can I rename root? Message-ID: <20011230213122.GB1245@raggedclown.net> References: <20011229154552.B855@localhost> <20011230103317.A474@localhost> <200112302041.NAA21129@cepheus.azstarnet.com> <200112302056.fBUKujU15646@berbee.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200112302056.fBUKujU15646@berbee.com> User-Agent: Mutt/1.3.24i Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On Sun, Dec 30, 2001 at 02:56:31PM -0600, Rob Zietlow wrote: > On Sunday 30 December 2001 02:41 pm, Jeffrey wrote: > > On Sunday 30 December 2001 02:33 am, Rogier Steehouder wrote: To repeat, it is pointless. Security through obscurity is an illusion. Besides which, few crackers try to crack passwords, if chosen well it can take years. They go for holes in programs. Imagine I am a cracker, I surf this list because I know I can hear tips, pick up on security issues. I now know: - You have renamed root (that will really have the crackers shitting their pants) - You use Postfix - You told me all this in your mail... > /etc/aliases I had already redirected root to my regular user: > no problem > /etc/crontab Replaced 'root' with 'admin' > /etc/ftpusers Not critical, but added 'admin' > /etc/gettytab User for autologin > /etc/inetd Don't use it > /etc/login.access Small change > /etc/login.conf Has a special entry for root > /etc/rc Changed 'chown root:wheel' in 'chown > 0:0' > /etc/security Don't use it > /etc/syslog Small change > /usr/local/etc/postfix/postfix-script > Some minor changes > /usr/local/etc/webmin/... > Starts some daemons as root I know your email address. If you have a domain I can find it and your IP. I know who your ISP is and what O/S they use. I can find out what DNS you use, and your Mail Exchanger. I could make some guesses at your login name. actually, and probably guess you are in group "wheel". I know what MUA you use. I know your run FreeBSD, and could probably find the version in a few seconds. I could go on...changing root's name will achieve *nothing* of any value. Sooner or later it will confuse you. Just reduce root access to the minimum, and disallow external access to it. And learn something about security. -- Regards Cliff To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message