Classical document: basic Linux network security configuration overview

◆ 13. special accounts banned all default start of the operating system itself and does not require account, when you first installed the system should do this check, Linux offers a variety of account, you may not need, if you do not need this account, you remove it, you have the account number, the more the more vulnerable to attack.

To delete a user on your system, use the following command: root @ deep] # userdelusername for deletion of groups on your system user account, use the following command: root @ deep] # groupdelusername in Terminal to enter the following command to delete the following users. Root @ deep] # userdeladmroot @ deep] # userdellproot @ deep] # userdelsyncroot @ deep] # userdelshutdownroot @ deep] # userdelaltroot @ deep] # userdelmail if you don't have sendmail server, procmail.mailx, delete the account. Root @ deep] # userdelnewsroot @ deep] # userdeluucproot @ deep] # userdeloperatorroot @ deep] # userdelgames if you don't use Xwindows server, delete the account. Root @ deep] # userdelgoperroot @ deep] # userdelftp if you do not allow anonymous FTP, delete the user account. = Enter the following command to delete a group account root @ deep] # groupdeladmroot @ deep] # groupdellproot @ deep] # groupdelmail if no Sendmail server, delete the group account root @ deep] # groupdelnewsroot @ deep] # groupdeluucproot @ deep] # groupdelgames if you don't use XWindows, delete this group account root @ deep] # groupdeldiproot @ deep] # groupdelpppusersroot @ deep] # groupdelpopusers if you don't have to POP server, delete the group account root @ deep] # groupdelslipusers with the following command with root user account @ deep] # useraddusername with the following command to change the user password root @ deep] # chattr command to passwdusername uses the following file plus the unchangeable properties. Root @ deep] # chattr + I/etc/passwdroot @ deep] # chattr + I/etc/sadowroot @ deep] # chattr + I/etc/grouproot @ deep] # chattr + I/etc/gshadow ◆ 14, prevent any person from su as root if you do not want anyone to su as root, you can edit, add the following line/etc/pam.d/su: authsufficient/lib/security/pam_rootok.sodebugauthrequired/lib/security/pam_wheel.sogroup = isd means only isd group users to su as root. and then, if you want the user admin to su as root., run the following command. root@deep]# usermod-G10admin