Tuesday, September 16, 2014

Linux - User Accounts Security


"root" Account
The "root" account is the most privileged account on a Unix system. The "root" account has no security restrictions imposed upon it. This means the system assumes you know what you are doing, and will do exactly what you request -- no questions asked. Therefore it is easy, with a mistyped command, to wipe out crucial system files. When using this account it is important to be as careful as possible. For security reasons, never log in on your server as "root" unless it is absolutely an instance that necessitates root access.

You should also set up a login time out for the root account. To do that, you must set the special variable of Linux named "TMOUT" to the time in seconds of no input before logout.

Edit /etc/profile and add:
TMOUT=7200

Also update the definition of export to
export PATH USER LOGNAME MAIL HOSTNAME HISTSIZE TMOUT INPUTRC

Note: 7200 is in seconds, so the timeout is set to 2 hours.

Normal users account:
To make it easy for you to repeat long commands, the bash shell stores up to 500 old commands in the ~/.bash_history. Reducing the number
of old commands the .bash_history files can hold may protect users on the server who enter by mistake their password on the screen in plain text and have their password stored for a long time in the .bash_history file.

The HISTSIZE line in the /etc/profile file determine the size of old commands the .bash_history file for all users on your system can hold. It is highly recommended to set HISTSIZE to 10.
Edit /etc/profile and update:
HISTSIZE=1000
to
HISTSIZE=10

As a administrator, you should also set "HISTFILESIZE" to 0, so each time a user logs out, its .bash_history file will be deleted so crackers will not be able to use .bash_history file.
Edit /etc/profile and add:
HISTFILESIZE=0
Also update the definition of export to
export PATH USER LOGNAME MAIL HOSTNAME HISTSIZE TMOUT INPUTRC HISTFILESIZE

No comments: