In my servers Policy I usually block the Root user access via ssh,
and I create an admin user how I give a sudo permissions to manage the server.
for disable Root login edit sshd_config file:
# vi /etc/ssh/sshd_config
search the line #PermitRootLogin yes , remove the # from it and change it to 'no'.
do the same to this line: #StrictModes yes
the section in the sshd_config file should look like this:
now restart the ssh service:
# /etc/init.d/sshd restart
OK, now you block the root access, the next step is to create admin user and give him sudo permissions to the commends you like.
How it work?
#useradd admin
#passwd admin
(Enter any password you want to admin user)
#/usr/sbin/visudo
now you need to edit this file to your needs
first create User alias specification
User_Alias ADMIN = admin
then create Command alias specification
Cmnd_Alias CADMIN = /bin/rm, /sbin/service, /bin/chown, /bin/tar, /bin/cp
you can add here any command you want the user admin will have.
and at last you need to create User privilege specification
ADMIN ALL=NOPASSWD: CADMIN
in the end the file should look something like this:
That's it.
 
Read more >>
and I create an admin user how I give a sudo permissions to manage the server.
for disable Root login edit sshd_config file:
# vi /etc/ssh/sshd_config
search the line #PermitRootLogin yes , remove the # from it and change it to 'no'.
do the same to this line: #StrictModes yes
the section in the sshd_config file should look like this:
#LoginGraceTime 2m
PermitRootLogin no
StrictModes no
#MaxAuthTries 6now restart the ssh service:
# /etc/init.d/sshd restart
OK, now you block the root access, the next step is to create admin user and give him sudo permissions to the commends you like.
How it work?
#useradd admin
#passwd admin
(Enter any password you want to admin user)
#/usr/sbin/visudo
now you need to edit this file to your needs
first create User alias specification
User_Alias ADMIN = admin
then create Command alias specification
Cmnd_Alias CADMIN = /bin/rm, /sbin/service, /bin/chown, /bin/tar, /bin/cp
you can add here any command you want the user admin will have.
and at last you need to create User privilege specification
ADMIN ALL=NOPASSWD: CADMIN
in the end the file should look something like this:
# sudoers file. # This file MUST be edited with the 'visudo' command as root. # See the sudoers man page for the details on how to write a sudoers file. # User alias specification User_Alias ADMIN = admin # Cmnd alias specification Cmnd_Alias CADMIN = /bin/rm, /sbin/service, /bin/chown, /bin/tar, /bin/cp # User privilege specification root ALL=(ALL) ALL ADMIN ALL=NOPASSWD: CADMIN
That's it.
 

 
              