It is recommended in hardening process that remove unnecessary accounts. What security problem exist with unnecessary user account? Are there recommended user accounts that should be removed?
Asked
Active
Viewed 907 times
1
-
What is a hardening process? – jobin Mar 30 '14 at 10:31
-
Actually, it is not a process! hardening is usually the process of securing a system by reducing its surface of vulnerability. – Gohar Mar 30 '14 at 10:45
-
if they are unnecessary why you created them? how to know what's unnecessary? if they are not root then you could keep them – Lynob Mar 30 '14 at 10:48
2 Answers
1
What it means is that if there are more accounts than are needed (or old accounts) anyone with access to those old accounts can get in and potentially cause harm to the system. Removing user accounts limits points of access to the system, making it more secure. Any user account that hasn't been used in 30 days should be removed from the system. The exception being root, obviously.
ChrisR.
- 527
- 4
- 7
1
As with any system, an extraneous account is only a problem if the following conditions are met:
- Can access be gained to that user?
- Even if you could become that user, could you do anything else?
There are plenty of user accounts around the system (less /etc/passwd) but plenty of them can't be accessed without sudo access at the least. Look at /etc/shadow for the accounts that can directly be logged into. The second vector into these accounts is exploit. What are these accounts running? Assume exploits exist. This is just part of the standard service analysis you'll be doing as part of your hardening.
So assume any account with services or a login can be broken into... What can that account access? I've been working on this in a separate question/answer. Are there services this user can talk to that other can't? Is that a problem?
It's at that point you realise the enormity of the task. You might think having too many users is a problem, but having single user accounts with too much individual access is just as much of an issue, if not more.
Unless you're willing to chase down every permission on every user, I would settle for trusting most of the Ubuntu/Debian defaults and just follow decent security procedures where they count... Like SSH where the defaults aren't great.
