Hungerford Web Design Blog

secure install-defaults

By default, many applications are installed with lose security. We can tweak some settings to make it much better in terms of security.

redhat, fedora, debian, bsd

Disable Direct ROOT login

In SSH

Code:

cp /etc/ssh/sshd_config /etc/ssh/sshd_config.original

now, edit /etc/ssh/sshd_config such that the following are:

Change that line that says:

Code:

Protocol 2,1

To read as follows:

Code:

Protocol 2

Change the line that says:

Code:

# PermitRootLogin yes

To read as follows:

Code:

PermitRootLogin no

Restrict the use of SU command

Once after you have disabled root SSH login, you should SSH using a regular account, and then give the su command to get root access. This is true for any user that enters the su command and enters the root password. Root access means absolute access, thus, it is recommended that you limit the usernames that can use the su command and get root access.

We have a group called wheel in the linux system, so what we will do is make the username that you added above a member of the wheel group, and restrict su such that only the members of the wheel group can use su

To do this, type the following command as root:

Code:

usermod -G wheel username

Next open the PAM configuration file for su,

/etc/pam.d/su, in an editor and remove the comment [#] from the following line:

Code:

auth required /lib/security/pam_wheel.so use_uid

Doing this will permit only members of the administrative group wheel to use have access to su.

This entry was posted on Saturday, June 30th, 2007 at 4:27 pm and is filed under Web Standards, XSS and Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.