This steps is important for the IT Administrator in dealing with any ISO / Auditors
-----
An additional security measure where we prevent direct root logins and instead create a user to login and then use a command ‘su –‘ to gain root privileges.
The only risk in this procedure is that you may prevent root login but forget to add the user to the root group - effectively locking yourself out of the system.
Follow the steps below and you will not face a problem.
STEP 1: Let us create a user and add it to the sysadmin group.
For e.g. we want to create a user 'Ahmad' and give him root privileges.
SSH into your server as root and follow the below commands to create a user.
#groupadd sysadmin
#useradd ahmad –gsysadmin
#passwd ahmad
enteryouruserpasswordhere
verifyyouruserpasswordhere
STEP 2: Add 'sysadmin' group to 'root' group.
#vi /etc/group
scroll until you find 'sysadmin' group
sysadmin:x:20:
add root at the end as below
sysadmin:x:20:root
and save the file
You have successfully added a 'sysadmin' group to the 'root' group who will be able to 'su -' to root.
TESTING
Before we disable root login, let us check if the user can login and su – to gain root privileges.
Logout from ssh
SSH into your server as 'ahmad'
Login as: ahmad
Password : enteryouruserpasswordhere
su –
password: enter root password here
You have successfully logged in and have root privileges. Now let us disable root login.
STEP 3: Disable Direct Root Login
1. Edit the file for SSH logins
#vi /etc/ssh/sshd_config
2. Find the line
#PermitRootLogin yes
Uncomment it (Remove #) and change to
PermitRootLogin no
3. Save the file enter
4. Now you can restart SSH
#/etc/rc.d/init.d/sshd restart
Now, no one will be able to login to root with out first logging in as 'ahmad' and 'su -' to root, and you will be forcing the use of a more secure protocol.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment