- /etc/passwd
- chmod file for system access only.
- /etc/shadow
- Encrypted password (used by Solaris by default.
- /etc/default/login
- Change CONSOLE=/dev/console to restrict root access to the console (or su)
- /etc/hosts.equiv
- Hosts listed in this file, and users (provided they are listed in /etc/passwd) are automatically permitted to access the system without a password. Logins as root ignore this file. To increase security, delete this file.
- $HOME/.rhosts
- Permits a specific user to log in without a password from listed hosts. If copies of this file exist anywhere on the system, delete it.
- /etc/ftpusers
- Controls access to the system via FTP. If you must run FTP, be sure to include this file and populate it with system users whom you wish to block from connecting.
- /etc/shells
- Users who use the listed shells will be permitted to connect via FTP.
- Install SUDO
- Better control than SU and times out unlike su or root console session.
- Use RBAC
- Role based accounting reduces liability by restricting functions to specific users or groups, tracking changes to increase accountability.
- Change base file permissions
- File permissions should be set so that OTHER has no permission to most files (files such as ls, cd, rmdir etc. should still remain usable).
Bookmark this page and SHARE: