Difference between revisions of "Vuln ssh rootlogin"
(Created page with "= SSH setting: The system allows remote root logins = This means that SSH is configured to allow direct remote root logins. This can make it easier for an attacker to take f...") |
m (→Next Steps) |
||
| Line 9: | Line 9: | ||
Step 1: Log into the ASL GUI, click on Configuration and select the ASL configuration menu option. This will open the ASL configuration screen. | Step 1: Log into the ASL GUI, click on Configuration and select the ASL configuration menu option. This will open the ASL configuration screen. | ||
| − | Step 2: | + | Step 2: Ensure that you have defined admin users, you can not disable root logins if you have not defined admin users. See this article for instructions to setup admin users: |
| + | |||
| + | [[Vuln ssh noadmin]] | ||
Step 3: Scroll down to SSH_ROOTLOGINS and set this to "no". | Step 3: Scroll down to SSH_ROOTLOGINS and set this to "no". | ||
| + | |||
| + | https://www.atomicorp.com/wiki/index.php?title=ASL_Configuration#SSH_ROOTLOGINS | ||
| + | |||
| + | Note: You can not set this to "no" if you do not have valid admin users configured in step 2, and they have valid SSH keys. If you continue to get alerts that root logins are allowed this is because you either have not defined admin users, or you have disabled password logins and ASL has checked to ensure these admin accounts have valid SSH keys installed, and has detected they are either missing are not setup correctly and therefore these users will not be able to log in. | ||
Step 4: Click the "update" button. | Step 4: Click the "update" button. | ||
This will resolve this vulnerability. | This will resolve this vulnerability. | ||
Revision as of 12:10, 31 May 2015
SSH setting: The system allows remote root logins
This means that SSH is configured to allow direct remote root logins. This can make it easier for an attacker to take full control of the system. Remote root logins should be disabled, and users should log in as a non-priviliged user, and use sudo to run root commands. If a full root shell is necessary, then the "su" command should be used. This create defense in depth, making it more difficult for an attacker to gain total control of the system by simply compromising the root password. For an attack to gain root via SSH, they would need to both compromise the users account, as well as the root password. Further, if the user is only allowed to run commands as root via "sudo", then the attackers access to the system through the users account would be severely limited.
Next Steps
If this risk is unacceptable for your system, then you will want to disable this capability in PHP.
Step 1: Log into the ASL GUI, click on Configuration and select the ASL configuration menu option. This will open the ASL configuration screen.
Step 2: Ensure that you have defined admin users, you can not disable root logins if you have not defined admin users. See this article for instructions to setup admin users:
Step 3: Scroll down to SSH_ROOTLOGINS and set this to "no".
https://www.atomicorp.com/wiki/index.php?title=ASL_Configuration#SSH_ROOTLOGINS
Note: You can not set this to "no" if you do not have valid admin users configured in step 2, and they have valid SSH keys. If you continue to get alerts that root logins are allowed this is because you either have not defined admin users, or you have disabled password logins and ASL has checked to ensure these admin accounts have valid SSH keys installed, and has detected they are either missing are not setup correctly and therefore these users will not be able to log in.
Step 4: Click the "update" button.
This will resolve this vulnerability.
