FC3 Hardening - Remove users/groups

redesb

redesb

Verified User
Joined
May 10, 2004
Messages
207
Location
Spain
Some days ago I began search information about what users/groups I can remove for one new 'minimal install' of FC3 with security.

I encounter some info about in 'TrinityOS.pdf' and in the security book of openna but nothing up to date or FC oriented. :mad:

Please, if you do this security measure in your server, can you share your experience? :D

TIA
ramon
 
Nobody remove unused users/groups? :(

Well, I do and the server is running fine, but not sure at all if I delete the right ones:
Code: 
# SAVE FILES TO SAFE PLACE
cp /etc/passwd /home/backup/passwd
cp /etc/shadow /home/backup/shadow

# DELETE UNUSED USERS
for user in uucp lp adm halt news shutdown operator rpm \
games vcsa pcap nfsnobody nscd ftp gohper;
do /usr/sbin/userdel $user; done

#DELETE UNUSED GROUPS
for group in adm news uucp games gopher dip ftp locak rpm \
floppy vcsa nfsnobody pcap;
do /usr/sbin/groupdel $group; done

# CHECK FILE INTEGRITY
/usr/sbin/pwck
/usr/sbin/grpck

# CHECK FOR FILE WITHOUT USER OR GROUP AND ASSING TO 'root'
find / -nouser -exec /bin/chown root {} \;
find / -nogroup -exec /bin/chgrp root {} \;

# LOCK ALL ACCOUNT THAT ARE NOT OWNED BY ACTUAL USERS
for user in bin daemon sync mail operator nobody sshd rpc \
rpcuser mailnull smmsp amanda ntp;
do usermod -L $user ; done

# CHECK FOR BLANK PASSWORDS AND CORRECT IF NECESSARY
awk -F: '($2 == "") {print $1}' /etc/shadow
Nobody using this or similar security hack? :( :eek: :confused:
Comments and opinions very welcomed!!!
 
You can remove users that your install doesn't need.

However none of these users can login; they have neither passwords nor login shells.

Jeff
 
Hi Jeff,

Thanks for the answer, but you do this clean on new servers?
 
You must log in or register to reply here.
Back
Top