Originally Posted by PsyGhost
A couple of monthes ago I used redhat linux and my friend asked for an access via SSH. I created normal user for him, and denied a direct root login to ssh. He activated an exploit and changed my root password. My question is what do I need to do in order to protect myself from these local exploits? upgrade the kernel? the openssh package?
First, I would get myself a new friend after beating this one to a bloody pulp. Notice that there is no
smiley here. Your so-called friend is a ... well, I don't think I can post my exact thoughts here: it'd melt my keyboard and your monitor.
Secondly, I'd chroot the person until such time as they prove
themselves worthy of being able to play nice.
way to prevent local exploits is to not let anyone in.