> The idea of direct root login is dangerous due to the ever-simple
> brute force attack on the password file.  But if you can't log in
> directly as root, then you now have to crack at least two passwords on
> the machine; a su-able user, and the root password.  This is an
> 'older' method of gaining root access on a system, but its still
> around.  Mainly because its easy to do.
> 
> Another reason for su-ing is the audit trail it leaves.  However,
> anyone who has root can edit your log file... firewall systems often
> have a printer dedicated to printing anything going to the syslog.

I'm not sure if we use it by default, but I was reading in the Red Book
(BSD 4.4) about new file attributes, like immutable and append-only. They
can be set so that EVEN ROOT can't change them if the system's in
security level >=1. So you can make the syslog be append-only, and a
hacker can't erase the logs. Also, by making things like login and ps
immutable, they can't be changed by a cracker.

Cool features. :-)

Take care,

Bill