Locking the root account?

Ben9250 · 2010-11-09 05:30:23

Hi, I'm beginning to get interesting in hardening my Arch install and following advice here: http://www.cromwell-intl.com/security/l … ening.html

I'm up to the bit where one checks passwd for possible accounts and makes the shell /bin/false and lock the account. Every account but myself and root has /bin/false, but I was wondering, if I lock all of these (bin, daemon, mail, ftp, http, nobody, dbus, hal, avahi, and gdm) will my system still run smoothely? Is it even possible to lock root in this way and then only get elevated permissions if I absolutely have to via "su"?

I also had a go with the lsof -i command to see open ports, and I got two that belonged to firefox, with same PID, USER TYPE(IPv4) SIZE/OFF NODE, and slightly different names, that consisted of some numbers and then www.google.com:http or groups.google.co.uk:http. The DEVICE for both is also slightly different, but mostly the same, only two digits differ. The FD is also the same. I'm guessing that since I'm on firefox, and there are only 2 ports that this is prefectly fine and quite safe, although I am yet to see some documentation that makes sense to me. Could anybody explain this to me? I know most of my system is secure as I deny all hosts in my initial setup, and dont have an ssh daemon installed and such.

Thanks,
Ben.

Last edited by Ben9250 (2010-11-09 06:01:10)

Stebalien · 2010-11-09 13:15:39

Use

sudo netstat --ip -lp

to see open LISTENING ports (it is a lot more readable/reliable).
You saw firefox making outbound connections.

Arch Linux

#1 2010-11-09 05:30:23

Locking the root account?

#2 2010-11-09 13:15:39

Re: Locking the root account?

Board footer