<html dir="ltr"><head></head><body style="text-align:left; direction:ltr;"><div>+1. Off machine logging is essential for systems that are internet facing or have other security requirements. </div><div><br></div><div>On Tue, 2019-11-05 at 13:55 +0000, Lightner, Jeffrey via Ale wrote:</div><blockquote type="cite" style="margin:0 0 0 .8ex; border-left:2px #729fcf solid;padding-left:1ex"><pre>If your logging isn't going somewhere else (e.g. a centralized log server) and you're not sending email for every login you might not know who did a sudo as the hacker might know to clear the logs on the server they hacked. </pre><pre><br></pre><pre><br></pre><pre>-----Original Message-----</pre><pre>From: Ale <</pre><a href="mailto:ale-bounces@ale.org"><pre>ale-bounces@ale.org</pre></a><pre>> On Behalf Of Neal Rhodes via Ale</pre><pre>Sent: Monday, November 04, 2019 8:38 PM</pre><pre>To: Byron Jeff <</pre><a href="mailto:byronjeff@clayton.edu"><pre>byronjeff@clayton.edu</pre></a><pre>>; Atlanta Linux Enthusiasts <</pre><a href="mailto:ale@ale.org"><pre>ale@ale.org</pre></a><pre>></pre><pre>Subject: Re: [ale] I was hacked!</pre><pre><br></pre><pre>Well, not allowing anyone to login as root anywhere except the physical console tty does mean that at least you have some clue as to "Who the heck is logged in"?</pre><pre><br></pre><pre>and if someone has done a sudo, you can track it back to an original login.</pre><pre><br></pre><pre>Yer still hacked, but you may have someone to shoot.</pre><pre><br></pre><pre><br></pre><pre>On 2019-11-04 15:57, Byron Jeff via Ale wrote:</pre><blockquote type="cite" style="margin:0 0 0 .8ex; border-left:2px #729fcf solid;padding-left:1ex"><pre>I thought the same in the first minute, but realized that it doesn't </pre><pre>add any operational security. If machine A, user B is compromised </pre><pre>(B@A) and B's key's are used to login to B@C using keys, and B has </pre><pre>sudo access, then it's trivial for the hacker to login to B@C, change </pre><pre>B's password on C, then use it to gain root access on C.</pre><pre><br></pre><pre>I almost start to wonder if passwordless keys really improve security.</pre><pre><br></pre><pre>BAJ</pre><pre><br></pre><pre>On Mon, Nov 04, 2019 at 04:10:41PM -0500, dj-pfulio via Ale wrote:</pre><blockquote type="cite" style="margin:0 0 0 .8ex; border-left:2px #729fcf solid;padding-left:1ex"><pre> >> directly. Perhaps 2006? First thing I do on any new machine is </pre><pre>add an</pre><blockquote type="cite" style="margin:0 0 0 .8ex; border-left:2px #729fcf solid;padding-left:1ex"><blockquote type="cite" style="margin:0 0 0 .8ex; border-left:2px #729fcf solid;padding-left:1ex"><pre>account with sudo rights.</pre></blockquote><pre><br></pre><pre>I don't see the operational difference between ssh'ing into root </pre><pre>(using a</pre><pre>key) and ssh'ing into another account using a key and then sudo'ing </pre><pre>to root. You're still getting into the machine via a key?</pre><pre><br></pre></blockquote><pre><br></pre><pre>2 authentication levels seems to be better than 1, but everyone has </pre><pre>different requirements.</pre><pre>_______________________________________________</pre><pre>Ale mailing list</pre><a href="mailto:Ale@ale.org"><pre>Ale@ale.org</pre></a><pre><br></pre><a href="https://mail.ale.org/mailman/listinfo/ale"><pre>https://mail.ale.org/mailman/listinfo/ale</pre></a><pre><br></pre><pre>See JOBS, ANNOUNCE and SCHOOLS lists at </pre><a href="http://mail.ale.org/mailman/listinfo"><pre>http://mail.ale.org/mailman/listinfo</pre></a><pre><br></pre></blockquote></blockquote><pre>_______________________________________________</pre><pre>Ale mailing list</pre><a href="mailto:Ale@ale.org"><pre>Ale@ale.org</pre></a><pre><br></pre><a href="https://mail.ale.org/mailman/listinfo/ale"><pre>https://mail.ale.org/mailman/listinfo/ale</pre></a><pre><br></pre><pre>See JOBS, ANNOUNCE and SCHOOLS lists at</pre><a href="http://mail.ale.org/mailman/listinfo"><pre>http://mail.ale.org/mailman/listinfo</pre></a><pre><br></pre><pre>_______________________________________________</pre><pre>Ale mailing list</pre><a href="mailto:Ale@ale.org"><pre>Ale@ale.org</pre></a><pre><br></pre><a href="https://mail.ale.org/mailman/listinfo/ale"><pre>https://mail.ale.org/mailman/listinfo/ale</pre></a><pre><br></pre><pre>See JOBS, ANNOUNCE and SCHOOLS lists at</pre><a href="http://mail.ale.org/mailman/listinfo"><pre>http://mail.ale.org/mailman/listinfo</pre></a><pre><br></pre></blockquote><div><span><pre><pre>-- <br></pre>James P. Kinney III
Every time you stop a school, you will have to build a jail. What you
gain at one end you lose at the other. It's like feeding a dog on his
own tail. It won't fatten the dog.
- Speech 11/23/1900 Mark Twain
http://heretothereideas.blogspot.com/
</pre></span></div></body></html>