-
-
Notifications
You must be signed in to change notification settings - Fork 621
Account and Access
You can file an issue about it and ask that it be added.
In traditional Unix security, if an attacker gains shell access to a certain login account, they can perform any action or access any file to which that account has access.
Therefore, making it more difficult for unauthorized people to gain shell access to accounts, particularly to privileged accounts, is a necessary part of securing a system.
There are some steps which, if taken, make it more difficult for an attacker to quickly or undetectably modify a system from its console.
This is the easiest way to gain unauthorised access to a Linux system is to boot the server into single user mode. Attacker can select a kernel to boot from the grub menu item by pressing specific key to edit the boot option.
Remember to protect GRUB with password because it's the only way to protect single user mode in RedHat/CentOS distributions.
# C2S/CIS: CCE-27287-2 (Medium)
# Edit /usr/lib/systemd/system/rescue.service:
ExecStart=-/bin/sh -c "/usr/sbin/sulogin; /usr/bin/systemctl --fail --no-block default"C2S/CIS: CCE-27287-2 (Medium)
I also recommend change or set the this params in /usr/lib/systemd/system/emergency.service. It is default target when an issue kicks in during the boot process.
- Console Access [Official]
The Practical Linux Hardening Guide provides a high-level overview of the hardening GNU/Linux systems. It is not an official standard or handbook but it touches and use industry standards.