Doesn’t the title of this blog say it all, we have a new Security Policy to follow and the root password should be changed every 28 days. In practice it should be contolled by a password management tool, not left to chance that the systems admins will remember to change it every 28 days or so. The systems admins running the systems and there are 200+ systems involved – all with the same root password are a bit miffed about the change, as the one that they have is a nice easy one that takes no effort to remember. It’s not quite a Joey account but it might as well be, as the password hasn’t been changed for 10 years and a lot of people have left in that time.
The fact that these people have had things very easy for quite some time seems to carry no weight, they just seem to want everything to stay as it was ten years ago! Now we all know that in this modern age this isn’t really possible this doesn’t seem to be clear to these people, I mean we have a network where people can dial in and logon directly as root then hack around systems that are all available on the network with the same easily crackable root password.
Still as I’m a root user on these systems if I want to be and the existing sysadmins couldn’t catch a cold much less a hacker why should I be bothered, if they are happy to have every system that they have open in this manner it’s not realy my problem. I mean when you have systems on the network where people can login as the root user without being root then you do actually have a security hole!