Thursday, October 27, 2005

Disable Root Login - Computer Security - Linux

Allowing root login to a web server is a big security threat


By disabling root access , you can help fight against brute force attacks.

Your server should not allow root logins. Here is how you can accomplish this.

  • Create a different super user with the same uid as root (0). See adding Linux users article for information on how to add new users.
  • Change the shell in /etc/passwd file to /sbin/nologin or a custom program


This will disable access to root from login, gdm, kdm, xdm, su, ssh, scp and sftp. Here you can see root user with nologin shell




root:x:0:0:root:/root:/sbin/nologin



Here is what a root user's account with a custom shell looks like

root:x:0:0:root:/root:/sbin/hack_your_mama



Disable root SSH logins to protect against root exploits


Modify the /etc/ssh/sshd_config file and set the PermitRootLogin parameter to no to help protect your Linux computer against root exploits created through ssh brute force attacks.



You can also prevent root login on any devices attached to your computer using an empty /etc/securetty file . A full /etc/securetty file looks something like

console
vc/1
vc/2
vc/3
vc/4
vc/5
vc/6
vc/7
vc/8
vc/9
vc/10
vc/11
tty1
tty2
tty3
tty4
tty5
tty6
tty7
tty8
tty9
tty10
tty11
ttyS0





For more information see Server Security Guide or see Computers and Internet and Computer Security blogs

2 Comments:

At Wed Jul 25, 11:40:00 PM, Anonymous Anonymous said...

very useful, thanks

 
At Wed Jul 25, 11:41:00 PM, Anonymous Anonymous said...

very useulf, thanks

 

Post a Comment

Links to this post:

Create a Link

<< Home