Analysis of user security issues of Ubuntu Linux Server

I. User Overview
By default, the root user of ubuntu server is not enabled. Generally, You can temporarily obtain administrator permissions by prefix "sudo" before the command. Then, you will be prompted to enter the password, which is the same as the password of a common user. You can also use sudo-I to promote normal users to Super Users.
To enable the root account, you only need to run sudo passwd root and enter the password as prompted to activate root. to disable the root user, you only need to run sudo passwd-l root.
The password of the Root account is not in contact with the password of sudo. The difference between the root account and the sudo of a common account is that after logging in with the root account, the permission is always administrator, while the sudo of a Common Account is administrator only when executing a command, after the command is executed, it is automatically downgraded to normal user permissions.
Ii. User password settings and recovery
Run the sudo passwd user-name command and enter the sudo password as prompted. If the verification succeeds, a new password is prompted for user-name. This command can also set and restore the password for the root user.
Iii. GRUB Security
GRUB is used to boot the system and recover the system. You can add an operation password to increase security. Modify "/boot/grub/menu. lst. Example:
Before modification:

default 0timeout 10title Ubuntu,kernel 2.6.15-26-server-LAMProot (hd0,2)kernel /boot/vmlinuz-2.6.15-server root=/dev/hda3 ro quiet splashinitrd /boot/initrd.img-2.6.15-serversavedefaultboot

After modification:

default 0timeout 10password=12345title Ubuntu,kernel 2.6.15-26-server-LAMPlockroot (hd0,2)kernel /boot/vmlinuz-2.6.15-server root=/dev/hda3 ro quiet splashinitrd /boot/initrd.img-2.6.15-serversavedefaultboot

Then, in the reboot system, when the GRUB screen appears, move the cursor to this option, press 'P', and enter the password 12345. This method can effectively prevent malicious damage through the recovery mode, such as modifying the root password.
Because the above passwords appear in menu. lst in plain text, they are also dangerous. Therefore, you can encrypt them. The details are as follows:
Sudo grub-md5-crytp, then enter 12345 twice as prompted (change to any character), followed by 31 characters, record the string. Change password = 12345 to password -- md5 31-bit string and reboot the system.
Iv. Use Rescue CDs to restore the system
When you forget the GRUB Password or GRUB cannot be started for some reason, you can use the rescue CD. Place the CD in the CDROM and reboot systems. When a boot entry appears, move the cursor to the "Resuce broken system". Then, the system hardware, such as the language type, network interface, and hard disk, is automatically monitored. Finally, the command line option will appear:

Execute a Shell in /dev/discs/disc0/part1Execute a Shell in the installer environmentReinstall GRUB boot loaderChoose a different root file systemReboot the system

Select the first item and enter bash shell.
Note: In/dev/discs/disc0/part1, part1 indicates the partition of the system to be restored. Select the partition based on the actual situation.
V. Summary
Security considerations:
1. the root account should be disable;
2. Set the MD5 password for GRUB;
3 BIOS should be set so that boot from the CD-ROM is prohibited.

Related Articles]

• How to Ensure Linux user security

• Practical Linux security

• How to configure Linux Security Service Management