How to block Root access and use sudo permissions

In my servers Policy I usually block the Root user access via ssh,
and I create an admin user how I give a sudo permissions to manage the server.
for disable Root login edit sshd_config file:
# vi /etc/ssh/sshd_config

search the line #PermitRootLogin yes , remove the # from it and change it to 'no'.
do the same to this line: #StrictModes yes
the section in the sshd_config file should look like this:
#LoginGraceTime 2m
PermitRootLogin no
StrictModes no
#MaxAuthTries 6

now restart the ssh service:
# /etc/init.d/sshd restart

OK, now you block the root access, the next step is to create admin user and give him sudo permissions to the commends you like.
How it work?
#useradd admin
#passwd admin
(Enter any password you want to admin user)

now you need to edit this file to your needs
first create User alias specification
User_Alias ADMIN = admin
then create Command alias specification
Cmnd_Alias CADMIN = /bin/rm, /sbin/service, /bin/chown, /bin/tar, /bin/cp
you can add here any command you want the user admin will have.
and at last you need to create User privilege specification
in the end the file should look something like this:

# sudoers file.
# This file MUST be edited with the 'visudo' command as root.
# See the sudoers man page for the details on how to write a sudoers file.

# User alias specification
User_Alias ADMIN = admin

# Cmnd alias specification
Cmnd_Alias CADMIN = /bin/rm, /sbin/service, /bin/chown, /bin/tar, /bin/cp

# User privilege specification
root    ALL=(ALL) ALL

That's it.

No comments:

Post a Comment