Ninjaboard
Please login
Forgot Your Login?
Welcome, Guest
Board Index > Plesk Issues and Questions > Restrict root login on linux webservers
Post ReplyPlesk Issues and Questions
Brook Hurd
Ninjaboard - Newie
Posts: 14
Registered
Joined Board
07/20/2009 22:30
User is Offline
View all users posts
secure install-defaults
By default, many applications are installed with lose security. We can tweak some settings to make it much better in terms of security.
redhat, fedora, debian, bsd
Disable Direct ROOT login
In SSH
Code:
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.original
now, edit /etc/ssh/sshd_config such that the following are:
Change that line that says:
Code:
Protocol 2,1
To read as follows:
Code:
Protocol 2
Change the line that says:
Code:
# PermitRootLogin yes
To read as follows:
Code:
PermitRootLogin no
Restrict the use of SU command
Once after you have disabled root SSH login, you should SSH using a regular account, and then give the su command to get root access. This is true for any user that enters the su command and enters the root password. Root access means absolute access, thus, it is recommended that you limit the usernames that can use the su command and get root access.
We have a group called wheel in the linux system, so what we will do is make the username that you added above a member of the wheel group, and restrict su such that only the members of the wheel group can use su
To do this, type the following command as root:
Code:
usermod -G wheel username
Next open the PAM configuration file for su,
/etc/pam.d/su, in an editor and remove the comment [#] from the following line:
Code:
auth required /lib/security/pam_wheel.so use_uid
Doing this will permit only members of the administrative group wheel to use have access to su.
Obtained from:
www.hungerfordwebdesign.com/blog/xss-and...on-linux-webservers/
By default, many applications are installed with lose security. We can tweak some settings to make it much better in terms of security.
redhat, fedora, debian, bsd
Disable Direct ROOT login
In SSH
Code:
cp /etc/ssh/sshd_config /etc/ssh/sshd_config.original
now, edit /etc/ssh/sshd_config such that the following are:
Change that line that says:
Code:
Protocol 2,1
To read as follows:
Code:
Protocol 2
Change the line that says:
Code:
# PermitRootLogin yes
To read as follows:
Code:
PermitRootLogin no
Restrict the use of SU command
Once after you have disabled root SSH login, you should SSH using a regular account, and then give the su command to get root access. This is true for any user that enters the su command and enters the root password. Root access means absolute access, thus, it is recommended that you limit the usernames that can use the su command and get root access.
We have a group called wheel in the linux system, so what we will do is make the username that you added above a member of the wheel group, and restrict su such that only the members of the wheel group can use su
To do this, type the following command as root:
Code:
usermod -G wheel username
Next open the PAM configuration file for su,
/etc/pam.d/su, in an editor and remove the comment [#] from the following line:
Code:
auth required /lib/security/pam_wheel.so use_uid
Doing this will permit only members of the administrative group wheel to use have access to su.
Obtained from:
www.hungerfordwebdesign.com/blog/xss-and...on-linux-webservers/