From owner-freebsd-questions@FreeBSD.ORG Sun Feb 1 03:55:18 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E1BB716A4CF for ; Sun, 1 Feb 2004 03:55:18 -0800 (PST) Received: from mgw-x1.nokia.com (mgw-x1.nokia.com [131.228.20.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id F3AA043D3F for ; Sun, 1 Feb 2004 03:55:15 -0800 (PST) (envelope-from mjj@isorauta.ntc.nokia.com) Received: from esvir05nok.ntc.nokia.com (esvir05nokt.ntc.nokia.com [172.21.143.37])i11BtEM01711 for ; Sun, 1 Feb 2004 13:55:14 +0200 (EET) Received: from esebh003.NOE.Nokia.com (unverified) by esvir05nok.ntc.nokia.com for ; Sun, 1 Feb 2004 13:55:14 +0200 Received: from isorauta.ntc.nokia.com ([172.22.105.162]) by esebh003.NOE.Nokia.com with Microsoft SMTPSVC(5.0.2195.6747); Sun, 1 Feb 2004 13:55:13 +0200 Received: (qmail 15223 invoked by uid 500); 1 Feb 2004 11:55:13 -0000 Date: Sun, 1 Feb 2004 13:55:13 +0200 From: Mike Jackson To: freebsd-questions@freebsd.org Message-ID: <20040201115513.GD14872@isorauta.ntc.nokia.com> Mail-Followup-To: freebsd-questions@freebsd.org References: <20040201121928.3686fb5b.nypix33@virgilio.it> <200402011144.i11BivY14719@nalle.netsonic.fi> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Disposition: inline In-Reply-To: <200402011144.i11BivY14719@nalle.netsonic.fi> User-Agent: Mutt/1.5.4i X-OriginalArrivalTime: 01 Feb 2004 11:55:13.0951 (UTC) FILETIME=[407582F0:01C3E8BA] Subject: Re: toor & root X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 01 Feb 2004 11:55:19 -0000 ext Markus Kovero (markus.kovero@grafikansi.fi) wrote: > Toor is for security paranoid people? Dunno, its way to get more secure from > most "script kiddie"-r00t-kit things. Does it btw have superuser id? The "toor" user is nothing more than a backup root account, in case your "root" account happens to get locked out for some odd reason. The "toor" user does not have a password by default, and is thus a disabled account. I normally add my own "root user" account, which serves the same purpose but helps auditing because that username appears in logfiles instead of "root" or "toor". The best way to protect against somebody trying to remotely hack root, other than the obvious of turning off unneeded services, is to disable remote root logins. Then to get root, you have to first login as a normal user and then su to root. Disable remote root logins in /etc/ttys by setting terminals to insecure. -- mike