Confessions of a Real-World Linux Admin: "I Always Login As Root."

This is not funny but it is a hard reality. Many new sys admin prefer to login as root.

FTA, “There are over ten million businesses in America that support fewer than 20 employees, each. Many are start-ups or otherwise minimally capitalized, and Linux fills a networking need without straining the budget… especially when they don’t bother hiring professional help.

Kurt manages the office for one of them (via).

As an experienced admin, I do not recommend running anything as root:

  • Take advantage of this – most services are able to drop root access/rights as soon as they go into background
  • Do not grant root access to anyone use sudo
  • Do not grant shell access to everyone (e.g. FTP and email users). Also consider securing and auditing the shell access with Enterprise Audit Shell
  • Default firewall policy – close all doors open required windows i.e. only open or filter required ports
  • Run critical services in chrooted jail
  • Run only required network servers or services
  • Take advantage of LDAP and/or PAM to implement more advanced authentication security schema
  • If possible bound service to only loopback device (for example MySQL should always bound to
  • Monitor logs using logwatch or other automated softwares
  • Subscribe to your distribution security alert mailing list
  • Restrict access using iptables/PF, acl, user rights etc
  • And most important backup regularly

Always remember that no computer system can ever be completely secure, you can make crackers job hard only 🙂

Other www tutorials

Recommended books

  • Secure Architectures with OpenBSD
  • Building Firewalls with OpenBSD and PF
  • Real World Linux Security
  • SELinux: NSA’s Open Source Security Enhanced Linux
  • Linux Security Cookbook

Hope this small list helps someone to secure Linux/UNIX box.

🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

🐧 0 comments... add one

CategoryList of Unix and Linux commands
Disk space analyzersdf ncdu pydf
File Managementcat cp mkdir tree
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network UtilitiesNetHogs dig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
0 comments… add one

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre> for code samples. Still have questions? Post it on our forum