Re: [gentoo-dev] A policy to support random superuser account names

[Stefan Behte <craig@gentoo.org>]

02.05.2010 17:23, Krzysztof Pawlik wrote:
> Interesting... to me that's not only stupid but also kinda useless - there's no
> difference between brute-forcing a password for user named 'foo' or 'root' -
> user name doesn't matter much.
> It's better to disable password-based remote login altogether in
sshd_config.
> Security by obscurity is a nice way to make pseudo-sys-admins feel
warm and fuzzy :]

The username is 50% of what you need to know to be able to log in, and
security by obscurity can support environments where the attacker cannot
gain insight easily, in contrast to e.g. security by obscurity in
hardware like telephones that are shipped to you and can be examined
closely.

However, it cannot be seen as effective countermeasure against attacks
and AFAIR the BSI also says, that you shouldn't allow root logins and
need a second user for logging in. All of it is a bit ridiculous,
because when you're in a position to try gaining uid 0, you probably can
read /etc/passwd already.

So, of course, it's really dumb and only creates problems. One can try
to explain that to an auditor - but it will cause not only a few
problems and definitively delay and/or endanger your certification, if
this was a "MUST" and not a "SHOULD". If it is a "SHOULD", you need to
explain (in convincing written form, of course) why you do not want to
implement it.


Back to topic: I think it would be nice be able to rename root, but I'm
not sure how much work this is, and doubt many people would actually
benefit from it.

In scripts I use to deploy things to both BSI and non-BSI systems, I'm
simply using "chown 0:0 foo". I think we could do that in our eclasses
without breaking things, but helping poor souls that renamed root. ;)
A quick look revealed that the tetex.eclass already does this and that
there are several other eclasses that use "chown -R root:0".

Best regards,

Craig