What is (theoretically, or practically) being achieved by running sudo instead of just logging in as root? Can you give an example that justifies typing your password up to hundreds of times per day coupled with deliberate hashing delays?
If a network intrusion detector warns about something being changed, you can review the logins to see that it happened right as an authorized person accessed the box. A common practice is to not allow root direct ssh access.
throw0101d|1 year ago
Auditing.
> Can you give an example that justifies typing your password up to hundreds of times per day coupled with deliberate hashing delays?
1. I don't do that hundreds of times per day because the stuff I run generally runs pretty well.
2. sudo has password caching, so only the first execution needs a password.
3. If I'm doing a lot, I may sudo-to-root: auditing can still see me going in and becoming root, so it can be determined that I did stuff.
gosub100|1 year ago