-
Ensure that no two regular users are assigned or share the same account. Never give any users the same UID.
-
Think about how you can assign group IDs to promote appropriate sharing and protection without sharing accounts.
-
Avoid use of the root account for routine activities that can be done under a plain user ID. Disable root logins.
-
Think of how to protect especially sensitive files in the event that the root account is compromised. This protection includes use of removable media and encryption.
-
Restrict access to the /bin/su command, or restrict the ability to su to user root . Consider using sudo instead.
-
/bin/su to the user's ID when investigating problem reports rather than exploring as user root . Always give the full pathname when using su .
-
Scan the files /var/log/messages , /var/adm/sulog , and other appropriate log files on a regular basis for bad su attempts.
-
If your system supports kernel security levels or capabilities, consider using them to restrict what root can do when the system is running.