This is not funny but it is a hard reality. Many new sys admin prefer to login as root.
FTA, “There are over ten million businesses in America that support fewer than 20 employees, each. Many are start-ups or otherwise minimally capitalized, and Linux fills a networking need without straining the budget… especially when they don’t bother hiring professional help.”
Kurt manages the office for one of them (via).
As an experienced admin, I do not recommend running anything as root:
- Take advantage of this – most services are able to drop root access/rights as soon as they go into background
- Do not grant root access to anyone use sudo
- Do not grant shell access to everyone (e.g. FTP and email users). Also consider securing and auditing the shell access with Enterprise Audit Shell
- Default firewall policy – close all doors open required windows i.e. only open or filter required ports
- Run critical services in chrooted jail
- Run only required network servers or services
- Take advantage of LDAP and/or PAM to implement more advanced authentication security schema
- If possible bound service to only loopback device 127.0.0.1 (for example MySQL should always bound to 127.0.0.1)
- Monitor logs using logwatch or other automated softwares
- Subscribe to your distribution security alert mailing list
- Restrict access using iptables/PF, acl, user rights etc
- And most important backup regularly
Always remember that no computer system can ever be completely secure, you can make crackers job hard only 🙂
Other www tutorials
- Tons of HOWTO and FAQ documents for Linux and other aspects of Security
- Linux Security HOWTO
- Securing Linux Production Systems – This article is a practical step-by-step guide for securing Linux production systems.
Recommended books
- Secure Architectures with OpenBSD
- Building Firewalls with OpenBSD and PF
- Real World Linux Security
- SELinux: NSA’s Open Source Security Enhanced Linux
- Linux Security Cookbook
Hope this small list helps someone to secure Linux/UNIX box.
🐧 If you liked this page, please support my work on Patreon or with a donation.
🐧 Get the latest tutorials on SysAdmin, Linux/Unix, Open Source & DevOps topics via:
🐧 Get the latest tutorials on SysAdmin, Linux/Unix, Open Source & DevOps topics via:
- RSS feed or Weekly email newsletter
- Share on Twitter • Facebook • 0 comments... add one ↓
READ NEXT
| Category | List of Unix and Linux commands |
|---|---|
| File Management | cat |
| Firewall | Alpine Awall • CentOS 8 • OpenSUSE • RHEL 8 • Ubuntu 16.04 • Ubuntu 18.04 • Ubuntu 20.04 |
| Network Utilities | dig • host • ip • nmap |
| OpenVPN | CentOS 7 • CentOS 8 • Debian 10 • Debian 8/9 • Ubuntu 18.04 • Ubuntu 20.04 |
| Package Manager | apk • apt |
| Processes Management | bg • chroot • cron • disown • fg • jobs • killall • kill • pidof • pstree • pwdx • time |
| Searching | grep • whereis • which |
| User Information | groups • id • lastcomm • last • lid/libuser-lid • logname • members • users • whoami • who • w |
| WireGuard VPN | Alpine • CentOS 8 • Debian 10 • Firewall • Ubuntu 20.04 |