[Linux-cluster] Testing a fence program
Patton, Matthew F, CTR, OSD-PA&E
Matthew.Patton.ctr at osd.mil
Tue Aug 22 22:21:47 UTC 2006
Classification: UNCLASSIFIED
this should be off-list but I can't. you can find me at pattonme at yahoo
dot com
PermitRootLogin forced-commands-only
is precisely what you need. If the auditors really are too stupid to know
what that does, then I'd tell them to come back after they have somebody
'splain it to them and they rewrite their simpleton "policy". Like I said,
sounds like the auditors are just checking boxes without knowledge of what
they are actually checking. Typical, unfortunately.
You can of course leave
"PermitRootLogin no # for stupid auditors"
in sshd_config and change /etc/init.d/sshd to put the "-o PermitRootLogin"
on the command line. You could even bury it in an options file. *grin*
>From a system auditing standpoint where one tries to minimize the number of
places where security policies are stored, I'd use sudo and as a real
account, not "nobody".
Have fun with the daemon.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/linux-cluster/attachments/20060822/a5acea36/attachment.htm>
More information about the Linux-cluster
mailing list