禁止Linux非管理组普通用户登录超级用户root

一般人都知道,linux的最高权限是root账号,因此防范root登录是一个非常必要的事情。

1:禁止普通用户通过su -切换到超级用户root

[root@localhost ~]# su - test
[test@localhost ~]$ su - #正常情况下,可以切换到root环境
Password:
[root@localhost ~]#
[root@localhost ~]# grep "pam_wheel.so" /etc/pam.d/su
#auth sufficient pam_wheel.so trust use_uid
auth required pam_wheel.so use_uid #取消注释后,则无法su -登录root
[test@localhost ~]$ su -
Password:
su: incorrect password
[root@localhost ~]# usermod -G wheel test #将test加入wheel组即可
[root@localhost ~]# su - test
[test@localhost ~]$ su -
Password:
[root@localhost ~]#
[root@localhost ~]# grep wheel /etc/group
wheel:x:10:test

2:禁止ssh远程root登录

cat >> /etc/ssh/sshd_config <http://www.t4x.org/project/visudo-user-rights-management-scheme/
参考文档:http://www.t4x.org/basic/linux-sshd-config/
参考文档:https://code.csdn.net/snippets/478516

This entry was posted in Technology and tagged , , , . Bookmark the permalink. 869 views

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>