server user setup - ssh, sudo & su

[murraybiscuit]

*noob alert*
i've got a server, with root and another user.
the root user doesn't have ssh login.
the regular user has ssh and sudo all privileges.
but, if a hacker got a hold of the regular user pass, they could su - and kill the system.
would it be better to give login to an unprivileged account and then su from there to a more priveged account?
how do you guys set up users with sudo & ssh?

 

[stevovo]

I'm not an expert with security, so there's a lot of stuff that I don't know, but one thing that you should definitely do is only give sudo rights to the normal user to run only neccessary programs and not just everything.

 

[murraybiscuit]

good point. tx.

 

[Other Pineapple Smurf]

Actually you need remove all sudo rights.

On our servers only normal users can log in and then if you need to do actions requiring privileges then you must become root. We have very secure passwords on both user and root.

Also root cannot login.

Use "pwgen" to generate your passwords.

 

[stricken]

with root privilege escalation zero day your pretty much pooped anyway. so inevitably all you can do is beef up that password.

 

[koffiejunkie]

I'll agree with cbrunsdonza. Don't give blanket sudo access. If you really need to have regular usders execute commands as root, then you can set up per-command access:

username ALL=PASSWD: /usr/bin/traceroute

or for a group:

%group ALL=PASSWD: /usr/bin/traceroute

This would allow the user to run:

$ sudo tracroute blah blah

And the user would be prompted for his/her password, which. You can use NOPASSWD too, but I prefer to give people the hassle to help remind them they're doing stuff as root.