yes i'm using slackware distro
but not 10.2 as the profile says
i have upgraded to slack 11 a few month ago and still haven't changed that in the profile
and the link in the sig is invalid because i haven't reinstalled php sysinfo and i don't think i will install it either
about the commercial and non-comercial, tripwire and aide
i would use the one that is better
no mather if i have to pay for somethig or not
as long as i'm happy and my clients on my server are happy
and if my ISP sends me a (huge) bill for abusing...i think its better to pay for better software
although i have installed aide allready but haven't configured it yet, didn't have the time for that yet
i have also looked into rkdet (i think it was this one)
anyway, this software detects when a user tries to install a rkit
logs is, mails it and halts the system
all good and everything but i don't want it to halt
i would like to reboot the machine and add the IP to hosts.deny
OR
disconnect the user and add it's IP to hosts.deny
because the machine is phisicaly inaccessible
not that rkit get's installed everyday on a system
but there are times when i can't access the server phisicaly for a few months
also i have a question about removing roots password
i have added my user account and my fellow admins account to sudoers
and deleted roots password like this:
opened up /etc/shadow
first it looked like this:
root:$23fhrh/435fdg56g4335:some_number:::
next user
...
then i changed this file to look liek this:
root:*:some_number:::
is this a smart move
or would it be smarter to replace that star(*) with a ! so it would be like this:
root:!:some_number:::
?
or would the smartest move be to add a roots password in random chars and numbers?
|