On Thu, May 01, 2008 at 04:34:27PM +0100, Paul Tansom wrote:
> ** Simon Huggins <huggie@???> [2008-05-01 16:13]:
> > Are there specific things you think are less secure?
> > I think you'd be better off doing an audit for running services you
> > don't want, things you can see as a normal user (i.e. not in any admin
> > type groups) that you don't want to etc.
> The thing that started me thinking was when I started looking at the log
> files from the CLI on my Ubuntu install and suddenly realised that I was
> viewing files that were restricted on my Debian box. That seemed a
> security issue that I may consider addressing and started me wondering
> what else had been tweaked in terms of file and directory permissions in
> order to allow things to work with sudo without the need to use a su(do)
> shell - so what else had been opened up to the standard user accounts
> view that you may prefer not to be.
Viewing files with or without sudo? It's not quite clear from the
above. Without then they've tweaked groups and so on. But you don't
need to tweak any filesystem permissions to "allow things to work with
sudo" as you say. sudo will give you a full root equivalent if it's
configured that way so sudo less /var/log/auth.log will work but that's
not a security risk unless you give everyone on your box root access via
sudo.
--
----------( "A computer's got to do what a computer's got )----------
Simon ----( to do." -Holly. )---- Nomis
Htag.pl 0.0.22
