Limit users with UID 0 accounts to root only
The ONLY superuser account on a machine should be root. Checking for the UID option in the /etc/passwd file. Somtimes when a hacker will attack a system they will try to leave a way for them to get back in at a later time. The easiest way is to leave a root account open for them to use from their system. The command: $grep :0: /etc/passwd will list everyone who has root access. The only user that should show up here is the root user.
Also, for mission critical systems, do not allow direct root logons except at the console. Only terminals marked as secure in the file /etc/ttytab file will allow any user with UID = 0 to logon directly. If you want you can also mark a terminal as being unsecure, this will force users to log on as their normal user and then su to root.
Also, for mission critical systems, do not allow direct root logons except at the console. Only terminals marked as secure in the file /etc/ttytab file will allow any user with UID = 0 to logon directly. If you want you can also mark a terminal as being unsecure, this will force users to log on as their normal user and then su to root.
<< Home