Linux Security Hardening: Disable Root Login, Enforce Password Policies, and More

1. Disable root password login

Modify /etc/ssh/sshd_config and set PermitRootLogin to false.

2. Linux user password complexity and expiration

a. Passwords must contain three character types and be longer than 15 characters.

b. Set expiration for manually added user passwords using chage.

View a user's password expiration:

chage -l test

Set password expiration: chage -M number-of-days username This uses the -M option to define the maximum number of days before a password expires.

3. Check sudo privileges

The sudo command elevates privileges. Its configuration file is /etc/sudoers. By default only the root user has sudo rights; adding other users is discouraged for security.

4. Disable FTP

Check FTP processes: ps -ef | grep ftp Terminate FTP processes:

kill -9 pid

5. Set file ownership and permissions

Change file owner and group: chown -R test:test /opt/test/ Set read/write/execute permissions:

chmod 400 /opt/test/

6. Manage command history

Linux command history can be viewed with history, which by default records up to 1000 lines. The limit is configured in /etc/profile and can be set to 20.

After securing the system, clear the history:

echo > $HOME/.bash_history