Essential Linux Hardening: Disable Root Login, Secure SSH, and Manage Permissions

1. Disable root password login

Modify /etc/ssh/sshd_config and set PermitRootLogin to false.

2. Linux user key complexity and expiration

a. Password must contain three character types and be longer than 15 characters.

b. Set expiration for manually added user keys.

Use chage to view and set key expiration.

View expiration for user test: chage -l test Set expiration (days) for a user: chage -M number-of-days username The -M option defines the maximum number of days before the password expires.

3. Check sudo permissions

The sudo command elevates privileges. Its configuration file is /etc/sudoers. By default only root has sudo rights; to improve security, avoid adding other users to /etc/sudoers.

4. Disable FTP

Check FTP processes: ps -ef | grep ftp Terminate FTP process:

kill -9 pid

5. Set file ownership and permissions

Change file owner: chown -R test:test /opt/test/ Set read/write/execute permissions:

chmod 400 /opt/test/

6. Manage command history

Command history can be viewed with history. By default it records 1000 lines; the limit can be set in /etc/profile (e.g., to 20).

After securing settings, clear the history:

echo > $HOME/.bash_history