The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Configuring sudo on cpanel box the correct way?

Discussion in 'Security' started by hbhb, May 9, 2010.

  1. hbhb

    hbhb Well-Known Member

    Joined:
    Dec 1, 2006
    Messages:
    67
    Likes Received:
    0
    Trophy Points:
    6
    Here is the instruction I found on the internet:

    Step 1
    #nano -w /etc/ssh/sshd_config
    PermitRootLogin no #change from PermitRootLogin yes
    UseDNS no #change from UseDNS yes

    Step 2
    #adduser {newuser}
    #passwd {newuser}
    #usermod -g wheel {newuser}

    Step 3
    #nano -w /etc/sudoers
    root ALL=(ALL) ALL
    {newuser} ALL=/bin/su

    Step 4
    #chmod 720 /bin/su
    (The original mode is 750)
    #chmod 4111 /usr/bin/sudo
    (the original mode is 111 [4111])

    Can someone verify this is the correct way, or am I missing something else?

    The objective:
    I do not want any user to be able to login as root
    For eg. I have 300 accounts on my server, 1 of this 300 could possibly hack in, and try to su - as root
    Therefore by having sudo enabled, only 1 specific username can sudo as root
     
  2. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    I hope you are not inferring that you actually gave everyone SSH access
    because if that is the case you got a lot more to worry about than you realize :rolleyes:

    If you really believe that, I got some used swamp land for you ;)
     
  3. Spiral

    Spiral BANNED

    Joined:
    Jun 24, 2005
    Messages:
    2,023
    Likes Received:
    7
    Trophy Points:
    0
    Incidentally and just as a side footnote and some food for thought ....

    In my line of work, I am very often asked by clients to hack into their
    own servers sometimes for security diagnostic purposes and then sometimes
    because they did locked themselves out or some other major 'oops' issue ...

    It should be noted then in this context, that I cannott remember the last time I ever last used sudo ----

    Sudo allows non-privileged users to run privileged commands and even more commonly used to invoke privileged level shells which allows you to get around needing to be in root all the time for everything you do.

    However, as a "security" mechanism in and of itself --- really not so much.

    In fact, it's actually easier to gain root on a server that has sudo setup than it is that doesn't in most cases and no it doesn't really matter the settings or configuration but rather simply it's being there alone.

    The point I am making is that while sudo can be a valuable tool, it can also introduce the very security problems you thought to alleviate.

    I am not saying don't use it but rather just simply saying where it comes to matters of security, you should always be fully aware of the implications and unintended consequences of what you are doing.
     
  4. hbhb

    hbhb Well-Known Member

    Joined:
    Dec 1, 2006
    Messages:
    67
    Likes Received:
    0
    Trophy Points:
    6
    mind if i ask u guys,

    what is the ideal way to harden/secure a cpanel box in terms of accessibility.

    a normal su - means anyone with root access can su - and try to guess the password...

    as i've read on the internet, the tips are:

    1. change ssh port number [done]
    2. disable direct root login [done]
    3. enable sudo (still not sure what is the correct way to do it)
     
Loading...
Similar Threads - Configuring sudo cpanel
  1. SGroupGeorge
    Replies:
    7
    Views:
    1,328

Share This Page