Dismiss Notice
Welcome to Our Community
Wanting to join the rest of our members? Feel free to sign up today.

Restrict root user login

Discussion in 'General Marketing' started by stealthhosts, Aug 6, 2005.

  1. stealthhosts

    stealthhosts New Member Webmaster

    This article is provided free by
    Stealth IT Solutions Limited
    It is free for non-distribution only.
    Due to the nature of this data it may
    not be edited, no data may be removed
    including this text.
    With thanks to admin0
    No responsibility is accepted or implied
    Proceed at your own risk

    secure install-defaults

    By default, many applications are installed with lose security. We can tweak some settings to make it much better in terms of security.


    redhat, fedora, debian, bsd

    Disable Direct ROOT login

    In SSH
    cp /etc/ssh/sshd_config /etc/ssh/sshd_config.original
    now, edit /etc/ssh/sshd_config such that the following are:

    Change that line that says:
    Protocol 2,1
    To read as follows:
    Protocol 2 
    Change the line that says:
    # PermitRootLogin yes
    To read as follows:
    PermitRootLogin no
    Restrict the use of SU command

    Once after you have disabled root SSH login, you should SSH using a regular account, and then give the su command to get root access. This is true for any user that enters the su command and enters the root password. Root access means absolute access, thus, it is recommended that you limit the usernames that can use the su command and get root access.

    We have a group called wheel in the linux system, so what we will do is make the username that you added above a member of the wheel group, and restrict su such that only the members of the wheel group can use su

    To do this, type the following command as root:

    usermod -G wheel username
    Next open the PAM configuration file for su,

    /etc/pam.d/su, in an editor and remove the comment [#] from the following line:

    auth required /lib/security/pam_wheel.so use_uid
    Doing this will permit only members of the administrative group wheel to use have access to su.

Featured Resources (View All)

Share This Page