Quote:
Originally posted by fuzebox
Yep. Scary, isn't it? 80 production servers, no user accounts, PermitRootLogin = yes 
FWIW, only a certain IP block can ssh to those hosts, and the only time we do is to do superuser functions anyway. I see no need to go and create 80 accounts who's sole functions will be to run "su".
Having a non-privileged user account will provide no extra layer of security.
|
I could argue the last point some, but won't. I've seen this plenty of times before, usually after I get the 'hey man, we got hacked, can you help?' call.
Why won't I argue it? The $400 or so an hour I get for forensic work. (it goes to $800 an hour if I have to go to court)