Thursday, April 26, 2012

When You Should Disable Root Login…Or Not

http://tuts.pinehead.tv/2012/04/20/when-you-should-and-should-not-disable-root-login


When should you disable root login? Disabling root login is a super easy trick to increase security on your machine. Let’s take a look at why and when you should disable the root login and also when it’s OK to keep root login enabled. Root or administrator users are the default users on almost all systems. By their name, we know that they have all privileges on the machine and control everything. In previous articles I’ve suggested several times that disabling root login and created root privilege users is a good security practice but in realty you don’t always have to do this. Let’s first look at when it is best practice to disable root login.

Can your server be accessed by anyone on the internet?
What does this mean? Well, for example, if you can be on any computer at any location on the internet and SSH to your machine, then your server can be accessed by anyone on the internet. Since the root user has all the powers AND we know that almost every Linux machine comes with the root user enabled, then guessing or trying to crack the root users password is the basic place to start if you’re trying to penetrate a system.
Bots can automatically scan for the open SSH port and start trying to access your system using the root user and random passwords trying to break in. By creating a user with root privileges and disabling the root login, you remove this from the equation. Bots (or people) generally aren’t out there trying to guess usernames AND passwords, so this increases the security of your system.
When is it OK to leave root login enabled?
As several Pinehead members in the Pinehead community have pointed out, it is OK at times to leave the root user enabled. Again, I will say it is BEST practice to change the root username and/or disable the root password. However, if your server is offline and is only located on a local network you don’t have to worry about hackers or bots trying to penetrate your system. By the very nature of a local network they don’t even have access to the system to even try accessing it as root.
If you can only access your servers from a VPN
Again, this is the same as your servers being only accessible on the local network. VPNs create another layer of protection. In order to access the VPN you’ll need permissions, from there you can login to your server.
All login is disabled except from console
Let’s say your server is behind a firewall that only allows access to port 80. Then port 22 (SSH) isn’t even available to the whole internet for someone or something trying to penetrate your system. You could also just remove the services that allow remote login. If you only allow access to the server via console login (being physically in front of the server) then there is no reason to disable root login.
Last but not least…
You don’t mind taking the chances of a break-in
If you just don’t care that someone or something “could” ever break in or you think the odds are against it, then leave it open. The odds are rather low that this will happen to you, but that doesn’t mean it won’t or that you shouldn’t take some steps to protect your system. This includes disabling root login, only allowing login at the console, putting your server behind a VPN, or making your server available only on the local network.
At the end of the day it’s easier to just disable root login via ssh as suggested in a previous tut: Disable Root Login via SSH or to allow access via ssh keys.
Have a suggestion to this? Or other suggestions on protecting your system? Post them in the comments.

No comments:

Post a Comment