デプロイ後の最低限の設定まずはデプロイ時に設定したrootのパスワードでsshログインして、 rootのブルーフォースアタックの脅威から守るために他のユーザを通してrootの作業をするように設定をする。 作業用ユーザの作成作業用ユーザを作成し、wheelグループに登録する $ adduser ******* $ passwd ******* $ usermod -G wheel ********* 作業用ユーザでsuの許可設定wheelグループのユーザのみにsuの許可をする $ vi /etc/pam.d/su # auth required pam_wheel.so use_uid の#を削除して下記のようにする #%PAM-1.0 auth sufficient pam_rootok.so # Uncomment the following line to implicitly trust users in the "wheel" group. #auth sufficient pam_wheel.so trust use_uid # Uncomment the following line to require a user to be in the "wheel" group. auth required pam_wheel.so use_uid auth include system-auth account sufficient pam_succeed_if.so uid = 0 use_uid quiet account include system-auth password include system-auth session include system-auth session optional pam_xauth.so sshでrootログインできないようにする$ vi /etc/ssh/sshd_config /PermitRootLogin と入力し、該当行が # PermitRootLogin yes となっているのでコメントアウトを外し、noに設定する PermitRootLogin no デフォルトではmanもlvもwhichも入っていないので入れる# yum install man lv which # yum install man-* Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * addons: mirrors.easynews.com * base: mirror.stanford.edu * extras: mirror.5ninesolutions.com * updates: ftp.osuosl.org Setting up Install Process Package man-1.6d-1.1.x86_64 already installed and latest version Resolving Dependencies --> Running transaction check ---> Package man-pages.noarch 0:2.39-12.el5 set to be updated ---> Package man-pages-cs.noarch 0:0.16-6 set to be updated ---> Package man-pages-da.noarch 0:0.1.1-12.1.1 set to be updated ---> Package man-pages-de.noarch 0:0.4-11 set to be updated ---> Package man-pages-es.noarch 0:1.28-10.1.1 set to be updated ---> Package man-pages-fr.noarch 0:2.39-4.fc6 set to be updated ---> Package man-pages-it.noarch 0:0.3.0-17.1 set to be updated ---> Package man-pages-ja.noarch 0:20060815-11.el5 set to be updated ---> Package man-pages-ko.noarch 1:1.48-15.1.1 set to be updated ---> Package man-pages-pl.noarch 0:0.24-2.1 set to be updated ---> Package man-pages-ru.noarch 0:0.97-1.1.1 set to be updated --> Finished Dependency Resolution Dependencies Resolved ========================================================================================== Package Arch Version Repository Size ========================================================================================== Installing: man-pages noarch 2.39-12.el5 base 4.1 M man-pages-cs noarch 0.16-6 base 344 k man-pages-da noarch 0.1.1-12.1.1 base 15 k man-pages-de noarch 0.4-11 base 880 k man-pages-es noarch 1.28-10.1.1 base 1.2 M man-pages-fr noarch 2.39-4.fc6 base 4.5 M man-pages-it noarch 0.3.0-17.1 base 571 k man-pages-ja noarch 20060815-11.el5 base 4.9 M man-pages-ko noarch 1:1.48-15.1.1 base 1.1 M man-pages-pl noarch 0.24-2.1 base 2.6 M man-pages-ru noarch 0.97-1.1.1 base 643 k Transaction Summary ========================================================================================== Install 11 Package(s) Update 0 Package(s) Remove 0 Package(s) Total download size: 21 M Is this ok [y/N]: y Downloading Packages: (1/11): man-pages-da-0.1.1-12.1.1.noarch.rpm | 15 kB 00:00 (2/11): man-pages-cs-0.16-6.noarch.rpm | 344 kB 00:00 (3/11): man-pages-it-0.3.0-17.1.noarch.rpm | 571 kB 00:00 (4/11): man-pages-ru-0.97-1.1.1.noarch.rpm | 643 kB 00:00 (5/11): man-pages-de-0.4-11.noarch.rpm | 880 kB 00:00 (6/11): man-pages-ko-1.48-15.1.1.noarch.rpm | 1.1 MB 00:00 (7/11): man-pages-es-1.28-10.1.1.noarch.rpm | 1.2 MB 00:00 (8/11): man-pages-pl-0.24-2.1.noarch.rpm | 2.6 MB 00:00 (9/11): man-pages-2.39-12.el5.noarch.rpm | 4.1 MB 00:00 (10/11): man-pages-fr-2.39-4.fc6.noarch.rpm | 4.5 MB 00:00 (11/11): man-pages-ja-20060815-11.el5.noarch.rpm | 4.9 MB 00:00 ------------------------------------------------------------------------------------------ Total 8.8 MB/s | 21 MB 00:02 Running rpm_check_debug Running Transaction Test Finished Transaction Test Transaction Test Succeeded Running Transaction Installing : man-pages-es 1/11 Installing : man-pages 2/11 Installing : man-pages-cs 3/11 Installing : man-pages-ko 4/11 Installing : man-pages-it 5/11 Installing : man-pages-de 6/11 Installing : man-pages-ja 7/11 Installing : man-pages-da 8/11 Installing : man-pages-ru 9/11 Installing : man-pages-fr 10/11 Installing : man-pages-pl 11/11 Installed: man-pages.noarch 0:2.39-12.el5 man-pages-cs.noarch 0:0.16-6 man-pages-da.noarch 0:0.1.1-12.1.1 man-pages-de.noarch 0:0.4-11 man-pages-es.noarch 0:1.28-10.1.1 man-pages-fr.noarch 0:2.39-4.fc6 man-pages-it.noarch 0:0.3.0-17.1 man-pages-ja.noarch 0:20060815-11.el5 man-pages-ko.noarch 1:1.48-15.1.1 man-pages-pl.noarch 0:0.24-2.1 man-pages-ru.noarch 0:0.97-1.1.1 Complete! |