In part one, we began by changing the root password and then creating an account that will be able to escalate to root privileges when needed. Now, you need to make sure that only that user can become root and not anyone else.
The easiest way to do this is to use the “wheel” group. You can configure CentOS only allow users in that group to run the “su” command to become root.
First, add your user to wheel:
usermod -G wheel <username>
Replace “<username>” with your actually username. Next, you need tell PAM (Linux’s password management system) to only allow wheel users to become root. Edit /etc/pam.d/su and uncomment the line:
auth required /lib/security/$ISA/pam_wheel.so use_uid
Now, you have setup your system to allow you to login as your unique user and then become root. The final step for best security practices is to disable root logins completely. You should test your new setup first to make sure you have access via your new user before you proceed.
To disable root logins via SSH, do the following:
1. edit /etc/ssh/sshd_config
2. Remove the “#” from this line and change “yes” to “no”
Save the file and restart SSH. You will now forbid even the attempt of root logins. This will protect your system from possible brute force attacks and other methods of Root password guessing.
In part three of the series, we will move further into CentOS server setup and learn about some of the software you will need.