Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
Next revisionBoth sides next revision
docs:guide-user:security:secure.access [2023/09/15 11:05] – [Protecting pppd credentials] vgaeteradocs:guide-user:security:secure.access [2023/09/15 16:33] – [Elevating privileges with sudo] split vgaetera
Line 63: Line 63:
 If you require remote SSH access, follow the hardening instructions on SSH mentioned above. If you require remote SSH access, follow the hardening instructions on SSH mentioned above.
  
-===== Creating an unprivileged user ===== +===== Protecting PPP credentials ===== 
-Create an unprivileged test user and set him a password. +When using PPP, protect its credentials from unprivileged users.
- +
-<code bash> +
-# Install packages +
-opkg update +
-opkg install shadow-useradd +
- +
-# Create a user +
-useradd -m -s /bin/ash test +
- +
-# Set user password +
-passwd test +
-</code> +
- +
-Or add the user by hand using a unique UID and GID. +
- +
-<code bash> +
-# Edit configs +
-vi /etc/passwd +
-vi /etc/group +
-vi /etc/shadow +
- +
-# Create home directory +
-mkdir -p /home/test +
- +
-# Set permissions +
-chown test:test /home/test +
- +
-# Set user password +
-passwd test +
-</code> +
- +
-Check the resulting configs. +
- +
-<code bash> +
-# Check configs +
-> grep -e test /etc/passwd /etc/group /etc/shadow +
-/etc/passwd:test:x:1000:1000::/home/test:/bin/ash +
-/etc/group:test:!:1000: +
-/etc/shadow:test:$1$uPzGJ3jI$n7ld4E73SPsIx0QTXPMfu1:19615:0:99999:7::: +
-</code> +
- +
-See also: +
-[[man>useradd]], +
-[[man>passwd]] +
- +
-===== Elevating privileges with sudo ===== +
-Create a privileged group and become its member. +
-Grant root privileges to the group with sudo. +
- +
-<code bash> +
-# Install packages +
-opkg update +
-opkg install shadow-groupadd shadow-usermod sudo +
- +
-# Create sudo group +
-groupadd -r sudo +
- +
-# Add user to group +
-usermod -a -G sudo test +
- +
-# Configure sudoers +
-cat << EOF > /etc/sudoers.d/00-custom +
-%sudo ALL=(ALL) ALL +
-EOF +
-</code> +
- +
-See also: +
-[[man>groupadd]], +
-[[man>usermod]], +
-[[man>sudo]], +
-[[man>visudo]] +
- +
-===== Protecting pppd credentials ===== +
-When using pppd, protect its credentials from unprivileged users.+
  
 <code bash> <code bash>
  • Last modified: 2023/09/15 17:59
  • by vgaetera