Background: 15 years of experience in software and apparently spoiled because it was already set up correctly.
Been practicing doing my own servers, published a test site and 24 hours later, root was compromised.
Rolled back to the backup before I made it public and now I have a security checklist.
wow crazy that this was the default setup. It should really force you to either disable root or set a proper password (or warn you)
Id consectetur dolore eiusmod culpa.
Which ones? I’m asking because that isn’t true for cent, rocky, arch.
Id consectetur dolore eiusmod culpa.
Yeah I was confused about the comment chain. I was thinking terminal login vs ssh. You’re right in my experience…root ssh requires user intervention for RHEL and friends and arch and debian.
Side note: did you mean to say “shot themselves in the root”? I love it either way.
Id consectetur dolore eiusmod culpa.