>Not fully understanding the ramifications of chroot (as a Linux newbie)
>I don't really know whether limiting someone's access by chrooting is
>any more effective than limiting his access based on privileges provided
>to his account.
Re: rsync, ssh, security and keeping hackers out. (just my 2 cents worth)
While chroot'ing may be considered flawed: given 99% of present
hacking seems to be by the unskilled running auto-scripts -
(looking for suckers who have unpatched systems or setup flaws):
anything that frustrates these scripts, minimizes un-needed services
and/or provides "non-standard" (rsync?) chrooted environments which
requiring custom/non-automated skills to overcome are going to be
effective to a large degree.
(also using a deception toolkit on all exposed and unexposed
servers and UNIX clients (minimicking services) can also make
things more interesting: e.g., http://www.all.net/dtk )
E.g., For running a remotely mirrored UNIX webserver - nothing more is
needed than webserver(apache) and rsync. And, if given remote admin
rights, a very tight custom OpenSSH install(?)
Passwordless secureshell accounts for tunnelling rsync through
is potentially one degree of freedom too many(!?)
As the above confirms my irrational bigotry against passwordless
ssh (and the various extra complications of getting it right) -
I will now take my tablets and try and calm down.
Lachlan.
-----------------------
Lachlan M. D. Cranswick
Geochemistry - Lamont-Doherty Earth Observatory, Columbia University
PO Box 1000, 61 Route 9W Palisades, New York 10964-1000 USA
Tel: (845) 365-8662 Fax: (845) 365-8155
E-mail: [EMAIL PROTECTED] WWW: http://www.ldeo.columbia.edu
CCP14 Xtal Software Website: http://www.ccp14.ac.uk
