alter the root name

Hi,

Very simple question here : Is it possible to change the logon name for root from root to anything else ? [ not passwd ]

Thanks ahead :

A name is a name (ie apps don't check against "name" but ask for a function to return effective uid etc), but what did you have in mind with it if I may ask? Renaming is in the category of "security through obscurity", in some circumstances counted as a deterrant, this easily turns into a false sense of security.

You have a good point there. A false sense of security, hummm : do ya' mean that someone that really knows how to detect root priviledges' would not really attempt to logon as root and 'chip' away at the password, but would rather attempt more obvious routes of control?

Wouldn't any additional security measures, such as changing the named "root" confuse the first attempt probing of a system since most would expect root to exist?

What do you think is the best way to 'cloak' root. or is it necessary.

Yes, it think it's very well possible to change root's name.
I guess it is even very well possible to have 10 root-equivalent users.

Just don't.

OK, how shall we do it, any other thoughts on root security?

I guess the important point is to not look at the root account as the userid that has the name root (a static attribute w/o impact), but to see it as the userid that has ownage over privileges like POSIX capabilities (CAP_SYS_MOD or the ability to handle module loading, CAP_OVERRIDE or the ability to override file access restrictions, to name just two of the 27). So, you can change the name but the other attributes stay. (I finally get to say "ergo") Ergo, "security through obscurity", cuz nothing important changes.

Take away the capabilities and, in some cases, even root can't regain these capabilities w/o reboot (quite nasty with some caps). Changing capability usage you can do with different approaches like Grsecurity or LIDS kernel patches, or a binary like lcap with which you can take away, say CAP_SYS_MOD, after bootup.

*If you're gonna play with caps, be sure to read for instance lcap's README or another doc on caps.

Quote:

Take away the capabilities and, in some cases, even root can't regain these capabilities w/o reboot (quite nasty with some caps). Changing capability usage you can do with different approaches like Grsecurity or LIDS kernel patches, or a binary like lcap with which you can take away, say CAP_SYS_MOD, after bootup. *If you're gonna play with caps, be sure to read for instance lcap's README or another doc on caps.

lcap is a really nice proggy to deal with when securing a server. I'll add it to my security tools section for now It's nice that it checks the capabilities currently avaible and lists them, etc - quite helpful - especially the kernel module capabilitiy checking

anyhow, its really easy to change root's name

vipw and change the word root to something.


keep in mind, stuff like "su" will break in the traditional sense, you'll have to do a
su -u <whatever you wanted root to be called>

as stated above, this really doesn't provide much in the way of sekurity. Logging in as your re-named root is still very very bad, any exploits aren't going to be looking up the UID of root, and if you are so worreid about people trying to brute force your root password...well you might just want to set a good password and look at your logs...

Ah yes, I understand now.

I'll checkout Grsecurity, LIDS and lcap.

I think that Rijilv [and as everybody else also suggested] got straight to the point in saying that altering the root name is a waste of effort.

Good passwd selection first line defense against brute force crack attack.

Thank you all !

And the reason su fails must be because it uses the getpwnam(3) library routine to look up root by the name 'root'. So that's an added caveat to consider when contemplating a change to the UID 0 user's username. There will be problems, perhaps obscure and hard to track down, if a random piece of software tries to getpwnam('root').

One approach to take is to set root's password to some ugly random string. Save it in a locked file cabinet somewhere and use sudo to do all your root work. It makes it tough for password guessing attacks if the password is random garbage. As others have noted, it won't protect you from all, or even most attacks that try to break root, but it's one step that can be taken along with others to improve security.

Not all programs are smart enough to follow uid=0, some foolishly refer to the "sooperuser" as "root".

Standard Modu Operandi on a winbloze box is to rename the account called "Administrator" to someting else and create a a user called "Administrator" with no privs.

For the same reason it is reasonable to do this in a unix machine, however:

1. some programs that you want to work might not be built smart and may follow the user "called" "root" rather than uid=0.

2. unix hackers are smarted and more often than not follow uid=0 so it's not as effective to rename root.