Securing root

BrianBonnell · November 21, 2016, 7:20pm

We would like to lock down root. Preferably allow direct root login via CONSOLE only and have to sudo to root via a non-administrative account via SSH. We have implemented this on our CentOS and REDHAT systems. This is already default on our Ubuntu systems. We would like to know if this is also possible via UCS. Any recommendations or does UCS follow similar process as RH and CentOS. Any impacts we should expect, services that login as root that would have issues with this type of lock down?

Any input would be helpful.

thorp-hansen · November 22, 2016, 7:28am

You should first make sure, that your dedicated sudo user is able to sudo. Then use the following UCR Variable:

# ucr set auth/sshd/user/root='no'

that prohibits the root login via SSH

BrianBonnell · November 22, 2016, 6:08pm

Will this still allow root login via console?

thorp-hansen · November 23, 2016, 6:45am

it is a UCRV for the SSH Daemon, so: “yes”.

kind regards,
Jens Thorp-Hansen