Worklet: Disabling Root Login on Linux Devices

Hey Y’all!

Disabling root login is a super easy trick to increase security on Linux devices. In a lot of cases, IT admins set the root password as something simple so they remember it easily as they use it often to access a device via SSH . Furthermore, attackers typically use the root credential when trying to gain access to your device.

For this reason and more disabling root login and create root privilege users is a good security practice. The Worklet below is designed to evaluate your device to ensure Root Login is disabled.

Note: you need to make sure the users you’ve created on this device have sudo privileges.

This Worklet currently only support devices running CentOS. Check later as this script will be modified to support other linux distros

Evaluation:

#!/bin/bash

# create alias to the desired root login value for evaluation.  this is the value you are looking for.
ssh_value="^PermitRootLogin yes"

# check the current conf file on the device to compare to desired value for appropriate exit value
grep -E "${ssh_value}" /etc/ssh/sshd_config

# return 0 if value exists; return non-zero if value does not exist
[[ $? -eq 0 ]] && exit 1

exit 0

Remediation:

#!/bin/bash

# set the value in the conf file to disable root login access on the device
sed -i 's/^PermitRootLogin yes/PermitRootLogin no/g' /etc/ssh/sshd_config

#restart the network services 
service sshd restart

You’re all set! Root login is now disabled on the device. If you have any questions please feel free to reach out!

3 Likes

You should add this to the remediation script to make sure that the changes take effect:

service sshd restart
3 Likes

Good suggestion. Added to remediation

3 Likes