Hi,
I'm not familiar with BSD - so far I only used Linux for server use. My first impression of "the Beastie" is: I am a little tired - but I like it anyway. There are many similarities with Linux, but you have to first remember all the amendments.
My current problem is that I have unintentionally lost root access to my system. . It probably was my hedging approach. These are my basic protection steps:
- Amendment of the standard ports,
- Prohibit access by root,
- Create another normal user for the login,
- permit only one allowed User for the Login,
- Add the Public-Key authentication method and only,
-Add further security tools ( like fail2ban, modsecurity or Two Factor Authentification on root, (...) ),
- Rbash already installed and configured to the Login-User.
At first, when ordering on BSD, there are no visible defects proved.
Only in retrospect, after I had tried me log on with the user to then me to get through su back to root. In this System namely it does not seem to be possible without sudo to gain access to Admin rights or to switch to a super user.
But well, I hope I get here some advice for security settings and/or answer for the following Questions:
- How can I easily fix that Problem ?
- Or is there actually a another way to beware the safeness ?
The establishment of a chroot reminds me extremely difficult to envisage what it even is possible (sudo) to use -su. I also recently found a document which is explained in great detail, how to escape from a chroot easily.
Thanks for the answers anyway!
PS: It is not necessary to give me advice for locked-access situations. I only ask for advice for alternative ways to preserve security and / or to solve the problem with sudo/su under rbash or sh shells.
I'm not familiar with BSD - so far I only used Linux for server use. My first impression of "the Beastie" is: I am a little tired - but I like it anyway. There are many similarities with Linux, but you have to first remember all the amendments.
My current problem is that I have unintentionally lost root access to my system. . It probably was my hedging approach. These are my basic protection steps:
- Amendment of the standard ports,
- Prohibit access by root,
- Create another normal user for the login,
- permit only one allowed User for the Login,
- Add the Public-Key authentication method and only,
-Add further security tools ( like fail2ban, modsecurity or Two Factor Authentification on root, (...) ),
- Rbash already installed and configured to the Login-User.
At first, when ordering on BSD, there are no visible defects proved.
Only in retrospect, after I had tried me log on with the user to then me to get through su back to root. In this System namely it does not seem to be possible without sudo to gain access to Admin rights or to switch to a super user.
But well, I hope I get here some advice for security settings and/or answer for the following Questions:
- How can I easily fix that Problem ?
- Or is there actually a another way to beware the safeness ?
The establishment of a chroot reminds me extremely difficult to envisage what it even is possible (sudo) to use -su. I also recently found a document which is explained in great detail, how to escape from a chroot easily.
Thanks for the answers anyway!
PS: It is not necessary to give me advice for locked-access situations. I only ask for advice for alternative ways to preserve security and / or to solve the problem with sudo/su under rbash or sh shells.