Home > Security Tips > Tech Tips > Part 6: Disabling and removing unnecessary accounts
Security Tips:
EMAIL THIS
 TIPS & NEWSLETTERS TOPICS 

TECH TIPS

Part 6: Disabling and removing unnecessary accounts


Gary Smith
10.16.2002
Rating: --- (out of 5)


Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


Disable or Remove Unnecessary Accounts
For Solaris, the following userids are created during installation, and are required by the operating system. You should lock these accounts or assign an invalid shell such as /bin/false to prevent hackers from using them to log in to your system:

adm
bin
daemon
listen
lp
nobody
noaccess
nuucp
root
smtp
sys
uucp

Make Sure Disabled User Accounts Are Given an Invalid Shell
Solaris will not log in for an account that is assigned an invalid shell. This is a good "defense in depth" strategy to prevent hackers from using default accounts to gain access to your host.

Assign the shell /bin/true or /bin/false as the shell for accounts that should never be allowed to log in. A better solution is to use a locally compiled version of the noshell (http://www.fish.com/titan/src1/noshell.c) program.

Closeout FTP Access to Disable User Accounts
Create the file /etc/ftpusers and add the following default Solaris accounts to the file.

adm
bin
daemon
listen
lp
nobody
noaccess
nuucp
root
smtp
sys
uucp

Review User Accounts for Configuration Errors
- Verify that all who have accounts have a valid need to access the system.
- Verify that access to the root account is restricted.
- Make sure all accounts have an x in the password field in /etc/passwd to force the use of Solaris' shadow password file.
- Check /etc/shadow to make sure disabled accounts have either NP or *LK* in the password field.
- Make sure /etc/shadow is owned by root and the file permissions are rw-------.
- Check that no accounts other than root and smtp have UID of 0.
- Use the command logins -p to check for accounts that do not require a password to log in.
- Check /etc/group for the presence of a wheel group (group 0). If supported, the list of users for this group should not be null.
- Note that only those users shown in the user list for the wheel group will be allowed to su to root. All other users will be denied access, even if they enter the correct password.
- Run COPS or similar programs to verify that all default passwords have been changed.

Click here for the rest of this 12-part tip.

Rate this Tip
To rate tips, you must be a member of SearchSecurity.com.
Register now to start rating these tips. Log in if you are already a member.




BROWSE BY TAG
Tech Tips,   VIEW ALL TAGS

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   



RELATED CONTENT
Tech Tips
Video: The foundation of an email security strategy
The 5 A's of functional SAN security
Effective storage security policies
Smart options for safeguarding stored data
Outfox SOX: How to make regulations work for you
Roberta Bragg's 10 Windows hardening tips in 10 minutes
Using free network intrusion detection and prevention tools to stop hacks
Hacker techniques and exploits: Prevent system fingerprinting, probing
How to stop hacker theft: Employee awareness, risk assessment policies
Information Security Decisions Fall 2004: Speaker presentations

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary

DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.



Research Solutions for Network Security, Access Control and Security Threats
TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
SEARCH :     Site Index Powered by: Search Powered by Google

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts