This is an expert from
www.enteract.com/~lspitz/linux.html.
I got to the link via, linuxguruz.org (Armoring Linux)
Here's what yer looking for:
For the Truly Paranoid
I consider the measures discussed above absolutely
essential. By following these steps, you have greatly
improved your system's security, congratulations!
Unfortunately, your system is not 100% secure, nor
will it ever be. So, for the truly paranoid, I have
added some additional steps you can take.
First we will create the wheel group. The wheel group
is a group of select individuals that can execute
powerful commands, such as /bin/su. By limiting the
people that can access these commands, you enhance the
system security. To create the group, vi the file
/etc/group, create the group wheel, and add the system
admins to the group. Then identify critical system
binaries, such as /bin/su. Change the group ownership
to wheel, and the permissions to owner and group
executable only (be sure to maintain the suid or guid
bit for specific binaries). For /bin/su, the commands
would be:
/bin/chgrp wheel /bin/su
/bin/chmod 4750 /bin/su
Second, we will lock down the files .rhosts, .netrc,
and /etc/hosts.equiv. The r commands use these files
to access systems. To lock them down, touch the
files, then change the permissions to zero, locking
them down. This way no one can create or alter the
files. For example,
/bin/touch /root/.rhosts /root/.netrc /etc/hosts.equiv
/bin/chmod 0 /root/.rhosts /root/.netrc
/etc/hosts.equiv
Third, we configure /etc/shadow to use MD5 hashes
instead of the crypt(3) function. This makes the
encrypted password file far more difficult to crack.
This is done by modifying the PAM modules. PAM
(Pluggable Authentication Modules) is a suite of
shared libraries that enable you to choose how
applications authenticate users. To learn more about
PAM, check out
ftp://ftp.us.kernel.org/pub/linux/libs/pam/Linux-PAM-html/pam.html.
--- "Julia A . Case" <[EMAIL PROTECTED]> wrote:
> Is it possible to set up the machine so that only
> people in the wheel group can use
> the su command?
>
> Julia
>
> --
> [ Julia Anne Case ] [ Ships are safe inside
> the harbor, ]
> [Programmer at large] [ but is that what ships
> are really for. ]
> [ Admining Linux ] [ To thine own self
> be true. ]
> [ Windows/WindowsNT ] [ Fair is where you take your
> cows to be judged. ]
>
>
__________________________________________________
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail.
http://personal.mail.yahoo.com/
