This is not funny but it is a hard reality. Many new sys admin prefer to login as root.
ADVERTISEMENTS
FTA, “There are over ten million businesses in America that support fewer than 20 employees, each. Many are start-ups or otherwise minimally capitalized, and Linux fills a networking need without straining the budget… especially when they don’t bother hiring professional help.”
Kurt manages the office for one of them (via).
As an experienced admin, I do not recommend running anything as root:
- Take advantage of this – most services are able to drop root access/rights as soon as they go into background
- Do not grant root access to anyone use sudo
- Do not grant shell access to everyone (e.g. FTP and email users). Also consider securing and auditing the shell access with Enterprise Audit Shell
- Default firewall policy – close all doors open required windows i.e. only open or filter required ports
- Run critical services in chrooted jail
- Run only required network servers or services
- Take advantage of LDAP and/or PAM to implement more advanced authentication security schema
- If possible bound service to only loopback device 127.0.0.1 (for example MySQL should always bound to 127.0.0.1)
- Monitor logs using logwatch or other automated softwares
- Subscribe to your distribution security alert mailing list
- Restrict access using iptables/PF, acl, user rights etc
- And most important backup regularly
Always remember that no computer system can ever be completely secure, you can make crackers job hard only 🙂
Other www tutorials
- Tons of HOWTO and FAQ documents for Linux and other aspects of Security
- Linux Security HOWTO
- Securing Linux Production Systems – This article is a practical step-by-step guide for securing Linux production systems.
Recommended books
- Secure Architectures with OpenBSD
- Building Firewalls with OpenBSD and PF
- Real World Linux Security
- SELinux: NSA’s Open Source Security Enhanced Linux
- Linux Security Cookbook
Hope this small list helps someone to secure Linux/UNIX box.
🐧 Get the latest tutorials on SysAdmin, Linux/Unix, Open Source & DevOps topics via:
- RSS feed or Weekly email newsletter
- Share to Twitter • Facebook • 0 comments... add one ↓
READ NEXT
40 Linux Server Hardening Security Tips [2019 edition]
Linux: 25 Iptables Netfilter Firewall Examples For New SysAdmins
Linux Building Rules For The Cluster With Firewall Builder
Introduction to Firewall Builder 4.0
Top 25 Nginx Web Server Best Security Practices
Linux 25 PHP Security Best Practices For Sys Admins
30 Best Sources For Linux / *BSD / Unix Documentation On the Web
| Category | List of Unix and Linux commands |
|---|---|
| File Management | cat |
| Firewall | CentOS 8 • OpenSUSE • RHEL 8 • Ubuntu 16.04 • Ubuntu 18.04 • Ubuntu 20.04 |
| Network Utilities | dig • host • ip • nmap |
| OpenVPN | CentOS 7 • CentOS 8 • Debian 10 • Debian 8/9 • Ubuntu 18.04 • Ubuntu 20.04 |
| Package Manager | apk • apt |
| Processes Management | bg • chroot • cron • disown • fg • jobs • killall • kill • pidof • pstree • pwdx • time |
| Searching | grep • whereis • which |
| User Information | groups • id • lastcomm • last • lid/libuser-lid • logname • members • users • whoami • who • w |
| WireGuard VPN | CentOS 8 • Debian 10 • Firewall • Ubuntu 20.04 |