I'm new to the linux nomenclature so pardon a dumb question.... but wouldn't just locking the logfile to root only access prevent the security problems?
if the default lockout of root could prevent the installer from accessing it there is it possible to tie it to the first user only(the only PW that gets logged is first user so ok for him to see)
I would think there should be some way to limit access to the logfile since it is only there IF something (else) goes wrong
As to the severity, I am not opposed to a low severity since EVERYONE should immediatly change EVERY first pasword on EVERY app, account and anything else you can think of. and this precaution seems to fix the problem. (my prefered first password list includes "changemenow")
I'm new to the linux nomenclature so pardon a dumb question.... but wouldn't just locking the logfile to root only access prevent the security problems?
if the default lockout of root could prevent the installer from accessing it there is it possible to tie it to the first user only(the only PW that gets logged is first user so ok for him to see)
I would think there should be some way to limit access to the logfile since it is only there IF something (else) goes wrong
As to the severity, I am not opposed to a low severity since EVERYONE should immediatly change EVERY first pasword on EVERY app, account and anything else you can think of. and this precaution seems to fix the problem. (my prefered first password list includes "changemenow")