Ok, I clearly understood all of your points.
First of all, honestly, I only mentioned changing the SSH port helps
, but in my experience only against bots who look for port 22 only, while in fact that's so easy to check that some, let
's say 3434/tcp port is open,
ssh -v and be happy.
The point of
ls(1) [*] changing is much deeper; let
's say you try to [cmd=]mv myMaliciousMySQL.cnf my.cnf
[*][/cmd], get a system error because it's
sappend and
schg'ed
[*] while the security level is 1-2, what are you
gonna going to
[*] do?
[*] Wouldn't you first check the
ls(1)?
And
[*] only then change securelevel and reboot?
Recompile the "xxx" key for the previous "o", recompile the new "o" key to have no effect on the system but send you an e-mail, SMS or something like that, so that you will get warned even before he tries to reboot? Maybe there's something still I got to learn (defin
itely
[*] is, but from what you said for now I don't see) and why this ain't a good idea, please tell me if so.
And I am 100% on the same page with Morte, of course what I do want is to prevent someone getting the root, but if this fails, I might consider some additional "traps".