Yea, I wouldn't want to get rooted either, but then I'd learn how to fix a rooted machine ;o) I'm using a Linksys router to protect my home systems (6 - 7 machines). I thought about using a PC and software to protect my network, but this solution doesn't let anything in unless it's a port I've opened up. The only thing I have running to harden my Linux box is the Secure SHell daemon. I open port 22 to my Linux box.from my Linksys router. If I take a CD with Putty and other tools with me I can get to my linux box at home over the internet using a ssh tunnel. I also document everything I do on my Linux box because that helps me learn. If something clobbers my system in the future I can put it back together with the documents I have :o) When I document I write down everything I do to install the software. Where I got the information from Where I got the software from Why I need to do the install Each step in the process of installing the software Did I need to restart the system etc... I then put it in to an HTML formated document. I have posted 1 of these on my website and I'm going to post more in the future. I need to clean up about 25 documents before I can post them and time isn't on my side :-/ I did put the SSH document on my website www.screechowl.org click on Linux under the 3rd owl. I'm using Redhat 6.2 on my machines, if your using a different distro or different version you'll want to ignore my documents because they wont apply. BTW when you post make sure you put the distro and version of Linux you are using and the version of the software your trying to install, configure, or fix. This will help people on the list to help you. Sam. PHPTOm wrote: >It is a box at home that I am using. And I am still learning. I didn't >take anything you said wrong. I think that is all informative and I am >grateful for all feedback. I ran Bastille because I don't have a friggin' >clue about so much of the security stuff and I'd rather have Bastille have >it's way with my system than those dang romanians. > > > > >-----Original Message----- >From: tclug-list-admin at mn-linux.org >[mailto:tclug-list-admin at mn-linux.org]On Behalf Of Sam MacDonald >Sent: Friday, September 05, 2003 10:44 PM >To: tclug-list at mn-linux.org >Subject: Re: [TCLUG] Bastille - Root can't login to KDE > > >The reason "root" is not used is because 1 mistake can cause disaster, >however, I would venture a guess this is a machine at home. A machine >to learn Linux on and a machine that it's OK to rebuild at any time. > >Don't take this part wrong. >However you ran a system hardening tool without having a complete >understanding of the tool. With Linux it's best to read about the tool >you want to use, ask questions of the group for advice, then install the >tool. > >Don't get me wrong about this, I haven't used Bastille so I can't make >more then a guess. By definition a hardened system would not allow root >to use X, because root is not just an account to administer the system >with. "root" is the system account (someone correct me if I'm wrong or >off base) the account that runs the whole show. > >I have an account I created for administration of the Linux box. I also >have an account that I have my 9 year old son use (get'em early). The >only reason I would use "root" is to give the account I use for >administration more rights/permissions. As an administrator, using good >practices, I wouldn't use root for anything. I would keep the root >password in a safe place and change it often. After saying that I can >also say I'm guilty of using "root" for other purposes. > >On an isolated home systems lots of people use root because it "has the >power", "root" has way to much power to be used at all. In some cases >things can't be fixed when "root" is used. That's why having another >administrator account is important. > >This same thing is true for many windows systems at home, the >"administrator" account has the power, and makes it easy to add software >and hardware. The difference is that "root" has much more power then >"administrator". I would venture that "root" has an equivalent of >"system" and "administrator" in windows rolled in to 1 account. > >I've only had 1 corrupt "system" account in over 9 years of windows >administration. I still wonder how it happened because "system" can't be >used to login. It was NT 3.50 so I'm not loosing sleep over it now. > >Sam. > >Dan Rue wrote: > > > >>Tom Wurdock wrote: >> >> >> >>>Hey all, >>> >>>I ran Bastille Linux to try and harden up my system. Now I can't >>>login to KDE as root, not can I run/view certain programs. >>> >>> >>Why would you want to log into KDE as root in the first place? If you >>want to do rootly things, you should go to a command line and use "su" >>or "sudo". "man su" or "man sudo" at the command line for more >>information. >> >>That said, i'm sure there are ways in kde to do root things in the >>control panel or whatever without actually logging in as root. >>doesn't it prompt you for a password? I don't run KDE so I don't >>know, but you shouldn't ever need to log in as root. >> >>dan >> >> >> >>>It is not clear to me what part of the Bastille process did this. >>>Any help appreciated. >>> >>>TOm >>> >>> >> >>_______________________________________________ >>TCLUG Mailing List - Minneapolis/St. Paul, Minnesota >>http://www.mn-linux.org tclug-list at mn-linux.org >>https://mailman.real-time.com/mailman/listinfo/tclug-list >> >> >> > > >_______________________________________________ >TCLUG Mailing List - Minneapolis/St. Paul, Minnesota >http://www.mn-linux.org tclug-list at mn-linux.org >https://mailman.real-time.com/mailman/listinfo/tclug-list > > > > >_______________________________________________ >TCLUG Mailing List - Minneapolis/St. Paul, Minnesota >http://www.mn-linux.org tclug-list at mn-linux.org >https://mailman.real-time.com/mailman/listinfo/tclug-list > > > _______________________________________________ TCLUG Mailing List - Minneapolis/St. Paul, Minnesota http://www.mn-linux.org tclug-list at mn-linux.org https://mailman.real-time.com/mailman/listinfo/tclug-list