Yea, I wouldn't want to get rooted either, but then I'd learn how to fix
a rooted machine ;o)
I'm using a Linksys router to protect my home systems (6 - 7 machines).
I thought about using a PC and software to protect my network, but this
solution doesn't let anything in unless it's a port I've opened up. The
only thing I have running to harden my Linux box is the Secure SHell
daemon. I open port 22 to my Linux box.from my Linksys router. If I
take a CD with Putty and other tools with me I can get to my linux box
at home over the internet using a ssh tunnel.
I also document everything I do on my Linux box because that helps me
learn. If something clobbers my system in the future I can put it back
together with the documents I have :o)
When I document I write down everything I do to install the software.
Where I got the information from
Where I got the software from
Why I need to do the install
Each step in the process of installing the software
Did I need to restart the system
etc...
I then put it in to an HTML formated document. I have posted 1 of these
on my website and I'm going to post more in the future. I need to clean
up about 25 documents before I can post them and time isn't on my side :-/
I did put the SSH document on my website www.screechowl.org click on
Linux under the 3rd owl.
I'm using Redhat 6.2 on my machines, if your using a different distro or
different version you'll want to ignore my documents because they wont
apply.
BTW when you post make sure you put the distro and version of Linux you
are using and the version of the software your trying to install,
configure, or fix. This will help people on the list to help you.
Sam.
PHPTOm wrote:
>It is a box at home that I am using. And I am still learning. I didn't
>take anything you said wrong. I think that is all informative and I am
>grateful for all feedback. I ran Bastille because I don't have a friggin'
>clue about so much of the security stuff and I'd rather have Bastille have
>it's way with my system than those dang romanians.
>
>
>
>
>-----Original Message-----
>From: tclug-list-admin at mn-linux.org
>[mailto:tclug-list-admin at mn-linux.org]On Behalf Of Sam MacDonald
>Sent: Friday, September 05, 2003 10:44 PM
>To: tclug-list at mn-linux.org
>Subject: Re: [TCLUG] Bastille - Root can't login to KDE
>
>
>The reason "root" is not used is because 1 mistake can cause disaster,
>however, I would venture a guess this is a machine at home. A machine
>to learn Linux on and a machine that it's OK to rebuild at any time.
>
>Don't take this part wrong.
>However you ran a system hardening tool without having a complete
>understanding of the tool. With Linux it's best to read about the tool
>you want to use, ask questions of the group for advice, then install the
>tool.
>
>Don't get me wrong about this, I haven't used Bastille so I can't make
>more then a guess. By definition a hardened system would not allow root
>to use X, because root is not just an account to administer the system
>with. "root" is the system account (someone correct me if I'm wrong or
>off base) the account that runs the whole show.
>
>I have an account I created for administration of the Linux box. I also
>have an account that I have my 9 year old son use (get'em early). The
>only reason I would use "root" is to give the account I use for
>administration more rights/permissions. As an administrator, using good
>practices, I wouldn't use root for anything. I would keep the root
>password in a safe place and change it often. After saying that I can
>also say I'm guilty of using "root" for other purposes.
>
>On an isolated home systems lots of people use root because it "has the
>power", "root" has way to much power to be used at all. In some cases
>things can't be fixed when "root" is used. That's why having another
>administrator account is important.
>
>This same thing is true for many windows systems at home, the
>"administrator" account has the power, and makes it easy to add software
>and hardware. The difference is that "root" has much more power then
>"administrator". I would venture that "root" has an equivalent of
>"system" and "administrator" in windows rolled in to 1 account.
>
>I've only had 1 corrupt "system" account in over 9 years of windows
>administration. I still wonder how it happened because "system" can't be
>used to login. It was NT 3.50 so I'm not loosing sleep over it now.
>
>Sam.
>
>Dan Rue wrote:
>
>
>
>>Tom Wurdock wrote:
>>
>>
>>
>>>Hey all,
>>>
>>>I ran Bastille Linux to try and harden up my system. Now I can't
>>>login to KDE as root, not can I run/view certain programs.
>>>
>>>
>>Why would you want to log into KDE as root in the first place? If you
>>want to do rootly things, you should go to a command line and use "su"
>>or "sudo". "man su" or "man sudo" at the command line for more
>>information.
>>
>>That said, i'm sure there are ways in kde to do root things in the
>>control panel or whatever without actually logging in as root.
>>doesn't it prompt you for a password? I don't run KDE so I don't
>>know, but you shouldn't ever need to log in as root.
>>
>>dan
>>
>>
>>
>>>It is not clear to me what part of the Bastille process did this.
>>>Any help appreciated.
>>>
>>>TOm
>>>
>>>
>>
>>_______________________________________________
>>TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
>>http://www.mn-linux.org tclug-list at mn-linux.org
>>https://mailman.real-time.com/mailman/listinfo/tclug-list
>>
>>
>>
>
>
>_______________________________________________
>TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
>http://www.mn-linux.org tclug-list at mn-linux.org
>https://mailman.real-time.com/mailman/listinfo/tclug-list
>
>
>
>
>_______________________________________________
>TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
>http://www.mn-linux.org tclug-list at mn-linux.org
>https://mailman.real-time.com/mailman/listinfo/tclug-list
>
>
>
_______________________________________________
TCLUG Mailing List - Minneapolis/St. Paul, Minnesota
http://www.mn-linux.org tclug-list at mn-linux.org
https://mailman.real-time.com/mailman/listinfo/tclug-list