Confessions of a Real-World Linux Admin: "I Always Login As Root."

This is not funny but it is a hard reality. Many new sys admin prefer to login as root.

ADVERTISEMENTS

FTA, “There are over ten million businesses in America that support fewer than 20 employees, each. Many are start-ups or otherwise minimally capitalized, and Linux fills a networking need without straining the budget… especially when they don’t bother hiring professional help.

Kurt manages the office for one of them (via).

As an experienced admin, I do not recommend running anything as root:

  • Take advantage of this – most services are able to drop root access/rights as soon as they go into background
  • Do not grant root access to anyone use sudo
  • Do not grant shell access to everyone (e.g. FTP and email users). Also consider securing and auditing the shell access with Enterprise Audit Shell
  • Default firewall policy – close all doors open required windows i.e. only open or filter required ports
  • Run critical services in chrooted jail
  • Run only required network servers or services
  • Take advantage of LDAP and/or PAM to implement more advanced authentication security schema
  • If possible bound service to only loopback device 127.0.0.1 (for example MySQL should always bound to 127.0.0.1)
  • Monitor logs using logwatch or other automated softwares
  • Subscribe to your distribution security alert mailing list
  • Restrict access using iptables/PF, acl, user rights etc
  • And most important backup regularly

Always remember that no computer system can ever be completely secure, you can make crackers job hard only 🙂

Other www tutorials

Recommended books

  • Secure Architectures with OpenBSD
  • Building Firewalls with OpenBSD and PF
  • Real World Linux Security
  • SELinux: NSA’s Open Source Security Enhanced Linux
  • Linux Security Cookbook

Hope this small list helps someone to secure Linux/UNIX box.

🐧 Get the latest tutorials on SysAdmin, Linux/Unix, Open Source & DevOps topics via:
CategoryList of Unix and Linux commands
File Managementcat
FirewallCentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network Utilitiesdig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNCentOS 8 Debian 10 Firewall Ubuntu 20.04

ADVERTISEMENTS
0 comments… add one

Leave a Reply

Your email address will not be published. Required fields are marked *

Use HTML <pre>...</pre>, <code>...</code> and <kbd>...</kbd> for code samples.