SSH security settings
Add wheel group user
1 2 | [root@localhost ~]# useradd -G wheel user_name | cs |
Or you can edit /etc/group directly
wheel 그룹에 속한 사용자를 만들거나 그룹에 추가
Edit /etc/pam.d/su
1 2 3 4 5 6 7 8 9 10 11 12 13 | #%PAM-1.0 auth sufficient pam_rootok.so # Uncomment the following line to implicitly trust users in the "wheel" group. #auth sufficient pam_wheel.so trust use_uid # Uncomment the following line to require a user to be in the "wheel" group. auth required pam_wheel.so use_uid auth include system-auth account sufficient pam_succeed_if.so uid = 0 use_uid quiet account include system-auth password include system-auth session include system-auth session optional pam_xauth.so | cs |
pam_wheel.so use_uid 부분을 추가
Change group of su command and edit acl
1 2 3 4 5 | [root@localhost ~]# which su /bin/su [root@localhost ~]# ll /bin/su -rwsr-x---. 1 root wheel 34904 Nov 23 2013 /bin/su | cs |
wheel 그룹으로 제한할 명령어의 접근 권한을 변경
4750 - 750 means rwx r-x --- and 4 means set UID
setUID 설정으로 root 계정 외에는 해당 파일을 변경할 수 없게 설정
Set sshd to do not permit root access
Edit /etc/ssh/sshd_config
1 2 | 42 PermitRootLogin no | cs |
ssh로 root 접근이 불가하도록 ssh 데몬 설정 파일 수정
* You can do this sequence at sudo command
'System Engineering > Linux' 카테고리의 다른 글
| DNS on Linux: BIND (0) | 2018.07.27 |
|---|---|
| DNS Query Tools: nslookup and dig (0) | 2018.07.27 |
| HTTP Header Sample Analysis - www.daum.net (0) | 2018.07.24 |
| FTP server set up (0) | 2018.06.16 |
| Linux: swap (0) | 2018.06.11 |