T

he following Automox Worklet™ illustrates how you can disable root login on Linux devices. Disabling root login is a super easy trick to increase the security of these devices.

In many cases, IT admins set the root password on a Linux device to be something simple so that they remember it easily since they use it often to access a device via SSH. Furthermore, attackers typically use the root credential when trying to gain access to your device. For these reasons (and more), disabling root login and creating root privilege users is a good security practice.

Note: You need to make sure the users you’ve created on this device have sudo privileges.

Automox Worklet: Disabling Root Login on Linux Devices

This worklet is designed to evaluate your device to ensure root login is disabled.  It currently only supports devices running CentOS.

To deploy this endpoint hardening worklet, do the following:

  1. Log in to your Automox Console.
  2. Navigate to the System Management page, and click Create Policy in the upper right-hand section of the screen.
  3. Choose Linux under Worklet.
Create policy within the Automox console


4. Copy and paste the Evaluation and Remediation code scripts from below.

The evaluation code keeps you apprised of each device’s ongoing compliance, as well as flags the device for remediation. The remediation code enforces this setting on the schedule you define.IMPORTANT NOTE: Change the values as described in the code so that they match your needs.

Evaluation:

#!/bin/bash# create an alias to the desired root login value for evaluation.  this is the value you are looking for.ssh_value="^PermitRootLogin yes"# check the current conf file on the device to compare to desired value for appropriate exit valuegrep -E "${ssh_value}" /etc/ssh/sshd_config# return 0 if value exists; return non-zero if value does not exist[[ $? -eq 0 ]] && exit 1exit 0

Remediation:

#!/bin/bash# set the value in the conf file to disable root login access on the devicesed -i 's/^PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config#restart the network services service sshd restart

5. After you paste and update the evaluation and remediation codes for your needs, click Create Worklet.
6. Assign the worklet to a group or multiple groups, and click Save Changes.
7. Execute the worklet by clicking the Execute Policy Now button.

You’re all set! Root login is now disabled on the device.

If you need technical assistance, contact our support team at support@automox.com.

About Automox

Facing growing threats and a rapidly expanding attack surface, understaffed and alert-fatigued organizations need more efficient ways to eliminate their exposure to vulnerabilities. Automox is a modern cyber hygiene platform that closes the aperture of attack by more than 80% with just half the effort of traditional solutions.

Cloud-native and globally available, Automox enforces OS & third-party patch management, security configurations, and custom scripting across Windows, Mac, and Linux from a single intuitive console. IT and SecOps can quickly gain control and share visibility of on-prem, remote and virtual endpoints without the need to deploy costly infrastructure.

Experience modern, cloud-native patch management today with a 15-day free trial of Automox and start recapturing more than half the time you're currently spending on managing your attack surface. Automox dramatically reduces corporate risk while raising operational efficiency to deliver best-in-class security outcomes, faster and with fewer resources.

# of endpoints

15-day free trial. No credit card required.

By submitting this form you agree to our terms of service.

Already have an account?