Securing root


#1

We would like to lock down root. Preferably allow direct root login via CONSOLE only and have to sudo to root via a non-administrative account via SSH. We have implemented this on our CentOS and REDHAT systems. This is already default on our Ubuntu systems. We would like to know if this is also possible via UCS. Any recommendations or does UCS follow similar process as RH and CentOS. Any impacts we should expect, services that login as root that would have issues with this type of lock down?

Any input would be helpful.


#2

You should first make sure, that your dedicated sudo user is able to sudo. Then use the following UCR Variable:

# ucr set auth/sshd/user/root='no'

that prohibits the root login via SSH


#3

Will this still allow root login via console?


#4

it is a UCRV for the SSH Daemon, so: “yes”.

kind regards,
Jens Thorp-Hansen