Hardening my VPS, how can I qualify it's done correctly?

P

PhoenixUK

Member
Sep 15, 2013
21
1
3
cPanel Access Level
Root Administrator
Hi There,

I'm going through the process of hardening my CentOS 6.7 VPS and I've created a new user via SSH, added the new password and I've also added this new user in the sudoers file, giving [ALL] root permissions.

However, I'd like to see if there's a specific command I can use to actually check everything is as should be expected, before I go ahead and 'disable root login' for obvious reasons.

It it also now lets me login to the server via ssh as the new user and it did let me run 'yum update' as this new user - of which it found an update and that was successful, but I'm just wondering if there's some other way that I can truly tell all is ok, before disabling root login.

I look forward to hearing from you.

Regards,
 
Q

quizknows

Well-Known Member
Oct 20, 2009
1,008
87
78
cPanel Access Level
DataCenter Provider
Make sure you can 'su -' to root from the additional user. If you can, then you should be fine disabling direct root login in the ssh server configuration. Generally I don't use sudoers, I just add the additional user to the wheel group so that it can 'su -' to get root privileges in a way that requires a password. This way if the password for the additional user is compromised, they won't have root privileges without the root password as well.
 
P

PhoenixUK

Member
Sep 15, 2013
21
1
3
cPanel Access Level
Root Administrator
quizknows said:
Make sure you can 'su -' to root from the additional user. If you can, then you should be fine disabling direct root login in the ssh server configuration. Generally I don't use sudoers, I just add the additional user to the wheel group so that it can 'su -' to get root privileges in a way that requires a password. This way if the password for the additional user is compromised, they won't have root privileges without the root password as well.
Click to expand...
Hi There,

Thanks for the prompt reply and I have to admit having heard what you've put above, I maybe better carrying it out the way you mention via wheel group. Would I still leave my new user with root privileges in the sudoers, or need to remove this now and do it the wheel group way instead?

Hmmm if I enter;

su -

to root from the newuser, I get the following;

-bash: /bin/su: Permission denied

So it would seem something isn't 100%, gutted I thought I was going well grrrr.

I will await your feedback on the above before I do anything else.

Thank you.
 
Q

quizknows

Well-Known Member
Oct 20, 2009
1,008
87
78
cPanel Access Level
DataCenter Provider
It seems you have it straightened out, but if you add a user to the wheel group it allows them to run the 'su -' command. You would not need to leave the user in sudoers, and it is more secure this way given the password auth to run commands as root. Cheers.
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
J Hardening rules from imunify360.com some confusion Security 6
cPanelResources Tutorial Interested in increasing the security of your server? Read this. (sshd hardening) Security 0
D ConfigServer lfd Hardening Security 1
R Looking for Security Hardening Service Security 3
JeffP. [Tutorial] Interested in increasing the security of your server? Read this. (sshd hardening) Security 3
Similar threads
Hardening rules from imunify360.com some confusion
Tutorial Interested in increasing the security of your server? Read this. (sshd hardening)
ConfigServer lfd Hardening
Looking for Security Hardening Service
[Tutorial] Interested in increasing the security of your server? Read this. (sshd hardening)
Top Bottom