Eliminate Use of the 'Root' User Rule
This rule emphasizes avoiding the 'root' user for administrative and daily tasks.
| Rule | Eliminate use of the 'root' user for administrative and daily tasks |
| Framework | cis_v150 |
| Severity | ✔ Medium |
Rule Description
The rule "Eliminate use of the 'root' user for administrative and daily tasks" is designed to enhance the security of the system by minimizing the use of the 'root' user account. The 'root' user has unrestricted access to the entire system and its resources, making it a high-value target for attackers. Limiting the use of the 'root' user reduces the risk of unauthorized access and potential system compromises.
Troubleshooting Steps
If this rule is enforced and there are issues with user access or administrative tasks, follow these troubleshooting steps:
- 1.Identify the specific tasks or operations causing the problem.
- 2.Verify if the user attempting the task has the necessary permissions.
- 3.Check if the appropriate alternative user accounts with sufficient privileges are available.
- 4.Review the system logs for any error messages or warnings related to the task.
- 5.Consult relevant documentation or contact the system administrator for further assistance.
Necessary Codes
No specific code is provided for this rule.
Remediation Steps
To comply with this rule, follow these step-by-step guide for remediation:
- 1.
Create a new user account with administrative privileges:
- Open a terminal or shell session.
- Run the following command:
Replacesudo adduser <username>
with a desired username for the new administrative account.<username> - Set a strong password for the new user when prompted.
- 2.
Grant administrative privileges to the new user account:
- Run the following command:
This gives the new user account the ability to execute commands with elevated privileges.sudo usermod -aG sudo <username>
- 3.
Test the new administrative account:
- Log out of the current session.
- Log in using the newly created administrative account.
- Open a terminal or shell session.
- Execute administrative tasks to ensure the account has the necessary privileges.
- 4.
Remove 'root' access for daily tasks:
- Open the terminal or shell session.
- Edit the "/etc/ssh/sshd_config" file using a text editor:
sudo nano /etc/ssh/sshd_config - Find the line containing "PermitRootLogin" and change its value to "no":
PermitRootLogin no - Save the changes and exit the text editor.
- 5.
Restart the SSH service to apply the changes:
- Run the following command:
sudo service ssh restart
- 6.
Update any scripts or workflows to use the new administrative account instead of 'root':
- Review any existing automated scripts or workflows that rely on 'root' privileges.
- Modify these scripts to use the newly created administrative account instead.
- 7.
Provide necessary access to other users as required:
- Ensure that other users who need administrative access are added to the appropriate group(s) for elevated privileges.
- Grant permissions accordingly to maintain administrative operations within a controlled scope.
By following these steps, you can eliminate the use of the 'root' user for administrative and daily tasks, thereby enhancing the security of your system.