[ale] Auditing root shells
Christopher Fowler
cfowler at outpostsentinel.com
Mon Sep 19 09:46:51 EDT 2005
On Mon, 2005-09-19 at 09:48 -0400, John Wells wrote:
> > RedHat recommends to make root shell /bin/nologin and use sudo.
> Runlevel
> > 1 becomes impossible with out a boot disk, though.
>
> Yeah...that's my rule currently, but getting a lot of complaints from
> admins complaining that "it's too hard/cumbersome" to do. Doesn't
> carry a
> lot of weight here, but if there's a more implicit solution out there
> I'm
> open to options.
>
Replace root's shell with a program that is smart enough that it is
A. Running in RL 1
B. Init is its parent
C. Its controlling tty is /dev/console
If A,B,C is true then exec() /bin/sh.
More information about the Ale
mailing list