Restricting administrative privileges
Restricting administrative privileges in Linux environments can be achieved by controlling the number of users with administrative privileges, as well as controlling the access of those accounts.
The number of users with administrative privileges on Linux machines can be determined by auditing the number of users with privileged accounts or the ability to elevate permissions. This can be achieved by listing groups and group memberships of users on each Linux machine to check which users belong to each group. The ‘sudoers’ group, and any other specific admin groups for a given distribution, must be considered when conducting this audit. Additionally, organisations should ensure users do not have a user ID (UID) or group ID (GID) of 0 which would grant root access.
In addition to minimising the number of users with administrative privileges, organisations should ensure they enforce a policy of using the sudo command when administering Linux servers as opposed to logging in locally or remotely with an administrative account. This will not only prevent the use of shared accounts, but also enhance the ability of an organisation to audit administrative access and encourage system administrator accountability.