Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
05-17-2006, 04:42 PM
|
#1
|
|
LQ Newbie
Registered: Jan 2005
Location: Michigan
Distribution: Fedora core 4
Posts: 13
Rep: 
|
Identifying non-administrators w/ root privilege/ Multiple root account in use
Hey guys,
I need your help with following questions below:
Question 1: Is there a menthod (command) that could be use to displays a list of all users logged in (and/or out) since a file and/or directories was created. My purpose is to identify non-admnistrators who were able to view root own files.
Question 2: What are the security risks associated with using multiple accounts w/ UID of zero?
For example, root (default), rootk and rootc have UID of 0s. However, the shells are different? Is that a security risk. If so, why?
Thanks,
W
|
|
|
|
|
05-18-2006, 01:52 AM
|
#2
|
|
LQ Guru
Registered: Aug 2004
Location: Sydney
Distribution: Rocky 9.x
Posts: 18,434
|
2. it means that afterwards you will not be able to tell who did what, because ownerships will be indistinguishable....
There should only ever be 1 root.
If some users need occasional access to root owned cmds, look into the sudo facility.
|
|
|
|
|
05-18-2006, 08:26 AM
|
#3
|
|
LQ Newbie
Registered: Jan 2005
Location: Michigan
Distribution: Fedora core 4
Posts: 13
Original Poster
Rep:
|
Question #2
Quote:
|
Originally Posted by chrism01
2. it means that afterwards you will not be able to tell who did what, because ownerships will be indistinguishable....
There should only ever be 1 root.
If some users need occasional access to root owned cmds, look into the sudo facility.
|
Question 2 follow up:
Hello Chris,
Thanks for your reply. Can you help me understand how you can hold anyone accountable if you have more than administrator using the the same root password. I am just trying to understand the best way to manage this issue.
Thanks for your assistance
W |
|
|
|
|
05-18-2006, 10:52 AM
|
#4
|
|
Moderator
Registered: May 2001
Posts: 29,417
|
Is there a menthod (command) that could be use to displays a list of all users logged in (and/or out) since a file and/or directories was created. My purpose is to identify non-admnistrators who were able to view root own files.
If you take the MAC time of the created file/dir as starting point, then for users with local system login enabled you could use the "last" command. It also depends on what ways (services) the file was accessable (before) (as in service configuration and/or file/dir permissons). I think this is a good argument for running a GRSecurity RBAC or SELinux enabled server: if set up in enforcing mode there would have to be explicit rules for file access inclusion. If you can be more verbose with respect to your situation, add an example if you can, maybe there's more to add.
hold anyone accountable if you have more than administrator using the the same root password.
(This may sound harsh but I'm just emphasising what chrism01 already said) what you need to understand is there are no compelling and valid reasons to have multiple root privilege accounts. The best way to manage this issue therefore would be to add auditing facilities and disable (and later on remove) those excess accounts. If you disagree please post reasons why you think you need multiple root privilege accounts.
|
|
|
|
|
05-19-2006, 08:55 PM
|
#5
|
|
Member
Registered: Nov 2005
Posts: 183
Rep: 
|
I smell somebodies homework.
SOule
|
|
|
|
All times are GMT -5. The time now is 11:34 AM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
