root mode: heresia? ... and more largely security

Non release banter
aus9

Re: root mode everywhere: heresia?

Post#31 by aus9 » 28 Jan 2016, 06:41

I think some of us and I include myself here, are drifting off topic from logging in or not as root user?

A huge punishment to me is to stand in the naughty corner but everyone else should abstain from their fav beverage for a week.

yes believe it not I do have a sense of humour but also feel some obligation to be a moderator :D :angel:

User avatar
francois
Contributor
Contributor
Posts: 4937
Joined: 28 Dec 2010, 14:25
Distribution: kde xfce porteus manjaro kubun
Location: Enfin l'été, le changement climatique attendu: le soleil.

Re: root mode everywhere: heresia?

Post#32 by francois » 28 Jan 2016, 11:50

You are just fine.

So still stands:
To root out not to root, that is the question.

The answer seems to be, it depends on your installation and the users which are on your lan.
Voltaire: Le mieux est l'ennemi du bien.

donald
Full of knowledge
Full of knowledge
Posts: 1158
Joined: 17 Jun 2013, 13:17
Distribution: Porteus 3.2.2 XFCE 32bit
Location: Germany

Re: root mode everywhere: heresia?

Post#33 by donald » 28 Jan 2016, 17:40

Simply put, a login as user protects the system
if you stick an experienced idiot in front of the keyboard.

Bogomips
Full of knowledge
Full of knowledge
Posts: 2537
Joined: 25 Jun 2014, 15:21
Distribution: 3.2.2 Cinnamon & KDE5
Location: London

Re: root mode everywhere: heresia?

Post#34 by Bogomips » 28 Jan 2016, 18:59

donald wrote:if you stick an experienced idiot in front of the keyboard.
Don't have to be an idiot. Just a moments lapse of concentration at a critical juncture in the proceedings. :cry:
Linux porteus 4.4.0-porteus #3 SMP PREEMPT Sat Jan 23 07:01:55 UTC 2016 i686 AMD Sempron(tm) 140 Processor AuthenticAMD GNU/Linux
NVIDIA Corporation C61 [GeForce 6150SE nForce 430] (rev a2) MemTotal: 901760 kB MemFree: 66752 kB

donald
Full of knowledge
Full of knowledge
Posts: 1158
Joined: 17 Jun 2013, 13:17
Distribution: Porteus 3.2.2 XFCE 32bit
Location: Germany

Re: root mode everywhere: heresia?

Post#35 by donald » 28 Jan 2016, 19:36

^
You're not the only one..
It happened to me in a countless number of occasions.
It's my way of learning,..just do it and see what gives..
but I'm clever enough to have a (clonezilla) Backup...(always) 8)

User avatar
brokenman
Site Admin
Site Admin
Posts: 5456
Joined: 27 Dec 2010, 03:50
Distribution: Porteus v3.2rcX all desktops
Location: Brazil
Contact:

Re: root mode everywhere: heresia?

Post#36 by brokenman » 29 Jan 2016, 01:36

In my humble opinion, security is a very vague term. It is what it is for you. If you know the risks, then I say hell, feel free to work as root, naked on your front porch. There are risks and pitfalls. People ARE watching. Know the risks, choose what you want them to see, choose your boot mode and go forth without fear of ridicule or belittlement. I choose not to work as root, nor naked.
How do i become super user?
Wear your underpants on the outside and put on a cape.

User avatar
phhpro
Full of knowledge
Full of knowledge
Posts: 545
Joined: 10 Nov 2013, 20:35
Distribution: .

Re: root mode everywhere: heresia?

Post#37 by phhpro » 29 Jan 2016, 01:51

...
Last edited by phhpro on 04 Feb 2016, 03:34, edited 1 time in total.

fullmoonremix

Re: root mode everywhere: heresia?

Post#38 by fullmoonremix » 29 Jan 2016, 10:44

Salutations... :good:

IMHO... :oops:
For what it's worth.. .a creditable argument for (or against) contingency (or lack thereof)... comes from the ability to offer alternative (instead of critique).
Contingency is a tactic that "manges" security... which Moore's law (eg. "planned obsolescence) makes impossible to guarantee.

Best Regards... :beer:
Last edited by fullmoonremix on 29 Jan 2016, 15:35, edited 4 times in total.

User avatar
francois
Contributor
Contributor
Posts: 4937
Joined: 28 Dec 2010, 14:25
Distribution: kde xfce porteus manjaro kubun
Location: Enfin l'été, le changement climatique attendu: le soleil.

Re: root mode everywhere: heresia?

Post#39 by francois » 29 Jan 2016, 14:22

@aus9:
drifting off topic from logging in or not as root user

Moderation is not an easy task. The atmosphere on porteus is often relax, convivial, slightly irreverent, sometime philosophic, you have to feel the atmosphere. Let it be. We are on the tangent of security.
Voltaire: Le mieux est l'ennemi du bien.

markds
Legendary
Legendary
Posts: 43
Joined: 28 Dec 2012, 02:58
Distribution: Slackware
Location: Singapore

Re: root mode everywhere: heresia?

Post#40 by markds » 29 Jan 2016, 15:48

Wow, I'm surprised people actually bother to still quote my old posts even after I've disappeared into obscurity for so many years.

In any case, I was asked to look at this topic and contribute my (less than important and certainly not wise) 2 cents worth.

On the root/guest debate:

If you want a secure system, whether you are logged in as root or not, makes no difference. You factor in sudo, how many actually bother to do "sudo <command>" for every single command you need to run as root, rather than do "sudo bash" and then just do all the proceeding commands as root? Is that security or just a semblence of security? To me its the latter. Afraid that as root you'll do something wrong and screw up the system? Again thats not "security" you're talking about, thats just sheer carelessness or for our newer admins, just plain inexperience.

Personally, I have been administering countless systems for well over 25 years. I've _always_ used root, from all manner of Linux distros, Solaris, HP, DEC, etc, I always use root. Ubuntu installations these days, first thing I do is to tweak the system and make sure I can logon as root. 25 years and I've never had to reinstall a machine because I did something as root so drastic that the whole machine collapsed.

So in conclusion, there is no right or wrong whether you login as root or not. Its up to you, but understand that logging in as guest only protects you from one person - yourself. If you're worth your salt as a sysadmin, you'll *know* how to get yourself out of a mess that you created because if you can *realize* you did something wrong, chances are good you will know how to undo it. And in the most extreme of circumstances (as a good admin) you'll have the backups to fall back on when all else fails.

To address some other points now:

Yes times have changed. WPA2 is almost as ridiculously easy to crack today as WEP was to crack 10 years ago. Now almost nobody will use WEP because they all know WEP is bad, even if they don't even know what WEP stands for (and it DOES NOT stand for 'Wireless Encryption Protocal'). Yes branded routers are no longer safe, one may argue they never have been, but from experience, all this poor configurations, hardcoding etc is a recent thing. They made some pretty good hardware back in the day. These days I don't buy a router or AP I can't install my own custom firmware (open wrt, ddwrt, tomato, padawan, merlin, etc) into and take absolute control of the hardware and that includes being able to change the admin username and ensure ssh access to the router/ap.

What has not changed is the fact that your machines are just end points. Root or guest, it makes no difference if your network is compromised and I don't need to be on your box to compromise the network - I could very possibly be down the street (many times I have been but thats a story for another time). If I'm on your network, I'm analyzing your traffic, catching possible passwords, keyphrases, (sadly not *everything* is encrypted these days) reading/altering conversations on the fly, and would be able to scan your machines for vulnerabilities that would give me access (keyword: Metasploit) and I would never really need to know what your root or guest password is. Do you really think being root or guest makes any difference at all?

Security today:

Its a sad fact that needs to be realized and that "security" today is a farce. You are only as secure as your network is. If you want security, its simple, unplug your machine from the network. Thats the ONLY way you're really secure. Everything else is just dressing on a very marketable term such that corporate entities will pour money down the drain. Even professional pentesters I know are fed up with the way security is just so loosely used and tossed about these days. It makes their vocation seem trivial and makes them look like con men.

As a parting note, do your BEST to secure your network, use rootkit detectors and good passwords, anti virus/anti malware, etc. These are all deterrents. As I said about WPA in that old slax forum post, if you have these deterrents in place, people will likely not push to hard to break into your systems because if you are just some random target, they would rather spend the time looking for someone MORE vulnerable than you. If you are a dedicated target because someone has a vendetta against you or pays hackers lots of money to hack you, then batten down the hatches, cause you're screwed no matter what you do and thats the reality of today.

Theres my 2 cents worth as I disappear back into obscurity again. Peach brothers and sisters!

User avatar
brokenman
Site Admin
Site Admin
Posts: 5456
Joined: 27 Dec 2010, 03:50
Distribution: Porteus v3.2rcX all desktops
Location: Brazil
Contact:

Re: root mode everywhere: heresia?

Post#41 by brokenman » 29 Jan 2016, 17:10

Who was that masked man? I mean, markds man.
How do i become super user?
Wear your underpants on the outside and put on a cape.

User avatar
francois
Contributor
Contributor
Posts: 4937
Joined: 28 Dec 2010, 14:25
Distribution: kde xfce porteus manjaro kubun
Location: Enfin l'été, le changement climatique attendu: le soleil.

Re: root mode everywhere: heresia?

Post#42 by francois » 29 Jan 2016, 17:24

What masked man? Markds is markds. 8)
Voltaire: Le mieux est l'ennemi du bien.

User avatar
phhpro
Full of knowledge
Full of knowledge
Posts: 545
Joined: 10 Nov 2013, 20:35
Distribution: .

Re: root mode everywhere: heresia?

Post#43 by phhpro » 29 Jan 2016, 18:59

...
Last edited by phhpro on 04 Feb 2016, 03:34, edited 1 time in total.

User avatar
francois
Contributor
Contributor
Posts: 4937
Joined: 28 Dec 2010, 14:25
Distribution: kde xfce porteus manjaro kubun
Location: Enfin l'été, le changement climatique attendu: le soleil.

Re: root mode everywhere: heresia?

Post#44 by francois » 29 Jan 2016, 19:29

@phhpro:
please bring concrete arguments for this discussion to go further. :wink:
Markds makes a living from computers and is from what I recall a security specialist.
(edited now)

@markds:
These days I don't buy a router or AP I can't install my own custom firmware (open wrt, ddwrt, tomato, padawan, merlin, etc) into and take absolute control of the hardware and that includes being able to change the admin username and ensure ssh access to the router/ap.
Can you name a few in the cheap range routers that could be bought by the forum members?
Voltaire: Le mieux est l'ennemi du bien.

fullmoonremix

Re: root mode everywhere: heresia?

Post#45 by fullmoonremix » 29 Jan 2016, 20:02

Salutations... :good:

For use with DD-WRT on eBay @ modest prices...
Linksys WRT54G series: WRT54GS

Best Regards... :beer:

Post Reply