[plug] Linux security idea - maybe
Denis Brown
dsbrown at cyllene.uwa.edu.au
Thu Jun 12 21:12:14 WST 2003
Dear PLUG list members,
It seems to me that the Holy Grail of breaking into a computer system is
to achieve administrative access. Windows (NT and above) has the
Administrator account, Unix / Linux has root. One of the things we are
encouraged to do with Windows is to create another administrative account,
assign the original Administrator account a super-obtuse password and then
disable it. The reasoning being (MCSE's correct me here) that even if
someone actually broke the admin password, they could not do anything with
the account anyway.
Well, can we do something like that for Unix / Linux? Would it be
equally useful?
For example create a superuser account with an innocuous name, such as
pjsmythe. Buried in amongst all the other user accounts, that name is
unlikely to stand out - apologies to any P.J.Smythe's who may be listening
:-) So far so good - superuser account creation is a snap; creating
bizarre passwords is probably a hobby with most sysadmins anyway.
Now, can we disable the "root" account? If we could, a priori there would
be a need to reassign ownership permissions from root to our indomitable
pjsmythe so that the root account was left with precious little to do.
The "root" directory could, I guess, remain. Hmmm... maybe I have seen a
problem already. Doing an ls -al from any breached user account would
show a lot of ownership by our friend smythe, so that would be a dead
giveaway as to who was running the ship.
Even having rained on my own parade, I'll post the message anyway. It may
spark some discussion that list members may find of use. I dare say the
above is not a unique idea, in fact I may get the prize for its 1000th
re-invention :-) What I was hoping to achieve is a situation which puts
extra difficulties in the way of a remote breaker-in. Someone with
physical access to the box only needs Tom's RTBoot disk as has been stated
several times before, unless the box is wearing an overcoat of concrete.
Cheers,
Denis
More information about the plug
mailing list