Disable Root Login - Computer Security - Linux
Allowing root login to a web server is a big security threat
By disabling root access , you can help fight against brute force attacks.
Your server should not allow root logins. Here is how you can accomplish this.
- Create a different super user with the same uid as root (0). See adding Linux users article for information on how to add new users.
- Change the shell in /etc/passwd file to /sbin/nologin or a custom program
This will disable access to root from login, gdm, kdm, xdm, su, ssh, scp and sftp. Here you can see root user with nologin shell
root:x:0:0:root:/root:/sbin/nologin
Here is what a root user's account with a custom shell looks like
root:x:0:0:root:/root:/sbin/hack_your_mama
Disable root SSH logins to protect against root exploits
Modify the /etc/ssh/sshd_config file and set the PermitRootLogin parameter to no to help protect your Linux computer against root exploits created through ssh brute force attacks.
You can also prevent root login on any devices attached to your computer using an empty /etc/securetty file . A full /etc/securetty file looks something like
console
vc/1
vc/2
vc/3
vc/4
vc/5
vc/6
vc/7
vc/8
vc/9
vc/10
vc/11
tty1
tty2
tty3
tty4
tty5
tty6
tty7
tty8
tty9
tty10
tty11
ttyS0
For more information see Server Security Guide or see Computers and Internet and Computer Security blogs
2 Comments:
very useful, thanks
very useulf, thanks
Post a Comment
<< Home