Welcome to Friendica.Eskimo.Com

Home of Censorship Free Hosting

 Eskimo North Linux Shells, E-mail, Virtual Machines, Web Hosting.

E-mail, Web Hosting, Linux Shell Accounts terminal or full remote desktops.

Sign Up For A Free Trial Here

Please tell your friends about federated social media site that speaks several fediverse protocols thus serving as a hub uniting them, hubzilla.eskimo.com, also check out friendica.eskimo.com, federated macroblogging social media site, mastodon.eskimo.com a federated microblogging site, and yacy.eskimo.com an uncensored federated search engine. All Free!
in reply to Sandal6823

lemmy - Link to source

rtxn

It's another slice of Swiss cheese. If the user has a strong enough password or other authentication method through PAM, it might stop or hinder an attacker who might only have a compromised private key, for example. If multiple users have access to the same server and one of them is compromised, the account can be disabled without completely crippling the system.

model used in risk analysis and risk management illustrates that, with layered security, each layer provides protection from certain types of attacks but has weaknesses

Contributors to Wikimedia projects (Wikimedia Foundation, Inc.)
This entry was edited (1 month ago)
in reply to Lemmchen

lemmy - Link to source

ShortN0te

The scenario OC stated is that if the attacker has access to the user on the server then the attacker would still need the sudo password in order to get root privileges, contrary to direct root login where the attack has direct access to root privileges.

So, now i am looking into this scenario where the attack is on the server with the user privileges: the attacker now modifies for example the bashrc to alias sudo to extract the password once the user runs sudo.

So the sudo password does not have any meaningful protection, other then maybe adding a time variable which is when the user accesses the server and runs sudo

in reply to grrgyle

lemmy - Link to source

sludgewife

which sudo will check $PATH directories and return the first match, true. however when you type sudo and hit enter your shell will look for aliases and shell functions before searching $PATH.

to see how your shell will execute 'sudo', say type sudo (zsh/bash). to skip aliases/functions/builtins say command sudo

meh nvm none of these work if your shell is compromised. you're sending bytes to the attacker at that point. they can make you believe anything

This entry was edited (1 month ago)
in reply to ShortN0te

lemmy - Link to source

4am

That is absolutely not the reason ANYONE recommends it, unless you are a complete noob and entirely unfamiliar with computer security at all, and are just pulling assumptions out of your ass. Don’t fucking do that, don’t post with confidence when you’re just making shit up because you think you know better. Because you don’t.

If there is a vulnerability in SSH (and it’s happened before), attackers could use that to get into root directly, quickly, and easily. It’s an instant own.

If root login is disabled, it’s way less likely that whatever bug it is ALSO allows them to bypass root login being disabled. Now they have to yeah, find a user account, compromise that, try to key log or session hijack or whatever they set up, be successful, and elevate to root. That’s WAY more work, way more time to detect, to install patches.

If the effort is higher, then this kind of attack isn’t going to be used to own small fry servers; it’s only be worth it for bigger targets, even if they’re more well protected.

If you leave root enabled, you’re already burnt. You’re already a bot in the DDoS network.

And why? You couldn’t be bothered to type one extra command in your terminal? One extra word at the start of each command?

Sorry bitch, eat your fucking vegetables

This entry was edited (1 month ago)