LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 04-08-2013, 12:44 AM   #1
atayyab
LQ Newbie
 
Registered: Apr 2013
Posts: 1

Rep: Reputation: Disabled
Implement Linux User Accounts Security


Hello All,

We have almost 140 Linux Suse servers running in virtual environment, All the users are login to system as root account. There will be no check who is login and executing what.

My task to restrict the root account and promote the user named accounts and once the user login his account he can siwtch to root and perfrom the activities.

The above task i achieved by using sshd_conifig file changes of "Permirtrootlogin no" and "Allowusers" and its working fine.
but here is another problem came if tow users login their named account and switch to power users than again i can't track who is performed what

Kindly advise the industry best practice to implement the user security or at initial level of security what are steps i have to follow

Regards
Adnan
 
Old 04-08-2013, 12:47 AM   #2
pan64
Senior Member
 
Registered: Mar 2012
Location: Hungary
Distribution: debian i686 (solaris)
Posts: 4,527

Rep: Reputation: 1228Reputation: 1228Reputation: 1228Reputation: 1228Reputation: 1228Reputation: 1228Reputation: 1228Reputation: 1228Reputation: 1228
probably you can try sudo and sudoers, that can give you more restriction and more logging features. Also you can check the owner of the terminal, usually it will remain the original user (who opened that terminal - or logged in).
 
Old 04-08-2013, 01:18 AM   #3
chrism01
Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.5, Centos 5.10
Posts: 16,251

Rep: Reputation: 2025Reputation: 2025Reputation: 2025Reputation: 2025Reputation: 2025Reputation: 2025Reputation: 2025Reputation: 2025Reputation: 2025Reputation: 2025Reputation: 2025
Definitely use sudo and DON'T give them all privs, it negates the the the whole soln.
Find out what cmds each user NEEDS (not wants!) and give them only those.
 
Old 04-09-2013, 03:47 AM   #4
tailinlinux
Member
 
Registered: Oct 2010
Location: Paudpod, Botolan, Zambales, Philippines
Distribution: Mandriva, Ubuntu, Mint, Open Suse, Meego
Posts: 386
Blog Entries: 3

Rep: Reputation: 25
Why don't you switch on mandriva system, root account is separate on limited user account like on windows that you can use limit account for ordinary user.

Last edited by tailinlinux; 04-09-2013 at 03:49 AM.
 
Old 04-10-2013, 01:43 PM   #5
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,008
Blog Entries: 54

Rep: Reputation: 2763Reputation: 2763Reputation: 2763Reputation: 2763Reputation: 2763Reputation: 2763Reputation: 2763Reputation: 2763Reputation: 2763Reputation: 2763Reputation: 2763
Quote:
Originally Posted by atayyab View Post
Kindly advise the industry best practice to implement the user security or at initial level of security what are steps i have to follow
I'll echo what pan64 and chrism01 suggested. It will take a lot of adjustment (especially for users who were used to do everything as root without thinking) but not allowing users to switch to root and limit the commands they may execute by using Sudo is the best way. On top of that SELinux audit service can track both user sessions and commands, albeit the latter in a limited fashion, so if you need a more complete user session audit trail please see Rootsh. *Note logging to a remote well-protected syslog server would be advisable.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] postix abuse and security email accounts and nobody user brgsousa Linux - Software 3 06-07-2010 03:53 PM
Difference betwwen : Locked User Account & Disabled User Accounts in Linux ? avklinux Linux - Security 1 02-04-2009 02:30 PM
How to implement Port security using Linux and Cisco Switch...? iridium79 Linux - Networking 1 06-20-2008 03:51 PM
How best to implement user-level security within LINUX/SAMBA/WINDOWS salmageo Linux - Server 2 05-24-2008 07:28 PM
LXer: Linux 101: Manage user accounts in a multi-user Linux environment ... LXer Syndicated Linux News 0 06-27-2006 07:03 AM


All times are GMT -5. The time now is 02:45 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration