toor & root

[Mike Jackson]

ext Markus Kovero (markus.kovero at grafikansi.fi) wrote:
> Toor is for security paranoid people? Dunno, its way to get more secure from
> most "script kiddie"-r00t-kit things. Does it btw have superuser id?

The "toor" user is nothing more than a backup root account, in case your
"root" account happens to get locked out for some odd reason. The "toor"
user does not have a password by default, and is thus a disabled
account. I normally add my own "root user" account, which serves the
same purpose but helps auditing because that username appears in
logfiles instead of "root" or "toor".

The best way to protect against somebody trying to remotely hack root,
other than the obvious of turning off unneeded services, is to disable
remote root logins. Then to get root, you have to first login as a
normal user and then su to root. Disable remote root logins in
/etc/ttys by setting terminals to insecure.

--
mike