Analysis on user security of javastuserver

1. User overview by default, the root user of javastuserver is not enabled. Generally, You can temporarily obtain administrator permissions by prefix "sudo" before the command. Then, you will be prompted to enter the password, which is the same as the password of a common user. You can also use sudo-I to promote normal users to Super Users. To enable the root account, you only need to run sudopasswdroot and enter the password as prompted to activate the root account. If you want to disable the root account, only one user is described.
By default, the root user of Ubuntu server is not enabled. Generally, You can temporarily obtain administrator permissions by prefix "sudo" before the command. Then, you will be prompted to enter the password, which is the same as the password of a common user. You can also use sudo-I to promote normal users to Super Users.

To enable the root account, you only need to run sudo passwd root and enter the password as prompted to activate root. to disable the root user, you only need to run sudo passwd-l root.

The password of the root account is not in contact with the password of sudo. The difference between the root account and the sudo of a common account is that after logging in with the root account, the permission is always administrator, while the sudo of a Common Account is administrator only when executing a command, after the command is executed, it is automatically downgraded to normal user permissions.

Setting and recovery of user passwords
Run the sudo passwd user-name command and enter the sudo password as prompted. If the verification succeeds, a new password is prompted for user-name. This command can also set and restore the password for the root user.

Security of GRUB
GRUB is used to boot the system and recover the system. You can add an operation password to increase security. Modify "/boot/grub/menu. lst. Example:

Before modification:

Default 0
Timeout 10
Title Ubuntu, kernel 2.6.15-26-server-LAMP
Root (hd0, 2)
Kernel/boot/vmlinuz-2.6.15-server root =/dev/hda3 ro quiet splash
Initrd/boot/initrd. img-2.6.15-server
Savedefault
Boot

After modification:

Default 0
Timeout 10
Password = 12345
Title Ubuntu, kernel 2.6.15-26-server-LAMP
Lock
Root (hd0, 2)
Kernel/boot/vmlinuz-2.6.15-server root =/dev/hda3 ro quiet splash
Initrd/boot/initrd. img-2.6.15-server
Savedefault
Boot

Then, in the reboot system, when the GRUB screen appears, move the cursor to this option, press 'P', and enter the password 12345. This method can effectively prevent malicious damage through the recovery mode, such as modifying the root password.

Because the above passwords appear in menu. lst in plain text, they are also dangerous. Therefore, you can encrypt them. Follow these steps: sudo grub-md5-crytp, and then enter 12345 twice as prompted (change to any character), followed by 31 characters, record the string. Change password = 12345 to password -- md5 31-bit string and reboot the system.

4. Use Rescue CDs to restore the system
When you forget the GRUB Password or GRUB cannot be started for some reason, you can use the rescue CD. Place the CD in the CDROM and reboot systems. When a boot entry appears, move the cursor to the "Resuce broken system". Then, the system hardware, such as the language type, network interface, and hard disk, is automatically monitored. Finally, the command line option will appear:

Execute a Shell in/dev/discs/disc0/part1
Execute a Shell in the installer environment
Reinstall GRUB boot loader
Choose a different root file system
Reboot the system

Select the first item and enter bash shell. Note: In/dev/discs/disc0/part1, part1 indicates the partition of the system to be restored. Select the partition based on the actual situation.

5. Summary
Security considerations:

1. the root account should be disable;

2. Set the MD5 password for GRUB;

3 BIOS should be set so that boot from the CD-ROM is prohibited.