Originally Posted by atayyab
Kindly advise the industry best practice to implement the user security or at initial level of security what are steps i have to follow
I'll echo what pan64 and chrism01 suggested. It will take a lot of adjustment (especially for users who were used to do everything as root without thinking) but not allowing users to switch to root and limit the commands they may execute by using Sudo is the best way. On top of that SELinux audit service can track both user sessions and commands, albeit the latter in a limited fashion, so if you need a more complete user session audit trail please see Rootsh
. *Note logging to a remote well-protected syslog server would be advisable.