ANS Documentation

Improve This Doc
  • Cloud
  • Domains and DNS management
  • Backup and High Availability
  • eCommerce Stacks
  • Security
    • DDoSX®
    • Web Application Firewall
    • Threat Monitoring and Threat Response
      • General Information and FAQs
      • How does it work?
      • System Requirements
      • Getting Started
      • Installing on a UKFast hosted server
      • Installing on a non-UKFast hosted server
      • PCI DSS Compliance
      • Alerts and rulesets
      • Attack Ruleset
      • High Level Alerts Explained
      • Alert Remediation Tips
      • Common Attacks
      • Databases
      • Exploits
      • File Monitoring (FIM)
      • Malware
      • Service Specific Alerts
      • System
      • Windows
      • Scans and Reconnaissance
    • McAfee Antivirus
    • Vulnerability Scans
    • ANS MDR
    • Keeping Magento secure
    • Keeping WordPress secure
    • Brute Force Attacks
    • CryptoLocker
    • Dirty COW
    • The Logjam attack
    • Meltdown and Spectre
    • Memcached security concerns and reflection/amplification DDoS attacks
    • Wana Decryptor / Wana Decrypt0r 2.0 / WannaCry
    • Log4J Vulnerability
    • Polkit Security Vulnerability CVE-2021-4034
    • CVE-2022-0847 - Dirty Pipe Vulnerability
  • Email
  • Monitoring and usage management
  • Networking
  • Operating systems
  • Webcelerator
  • MyUKFast
  • Home >
  • Security >
  • Threat Monitoring and Threat Response >
  • Alert Remediation Tips >
  • Disable remote login for accounts

Disable remote login for accounts¶

Many services on your server will create their user on the system, this is normal behaviour. These services should also disable remote login for these accounts, only allow the server itself to access the accounts and removing the possibility for remote users to log in as these services. We can also utilise this functionality to secure our user accounts from external access. We can do this by editing the /etc/passwd file in a Linux system.

Feel free to follow the below steps to disable remote login for a user account.

Edit the file /etc/passwd with your preferred text editor.

In this file was can see all the user accounts on the server managed by PAM (Pluggable authentication module) Please note user accounts for services that have their user database will not show in here.

In this example, we can see that the root user is allowed to log in to a bash terminal.

root:x:0:0:root:/root:/bin/bash

We can also see that the nails user, used for McAfee AV, cannot log into a bash terminal.

nails:x:1003:1004:McAfeeVSEForLinux Administrator:/home/nails:/sbin/nologin

Let’s use the above examples to edit the user brad shown below, preventing them from logging into a bash terminal.

Orginal line:

brad:x:1001:1001::/home/brad:/bin/bash

Modified line:

brad:x:1001:1001::/home/brad:/sbin/nologin

The user brad can no longer log in to the server remotely.

Next Article > Setting Secure Ciphers

  • Useful Links
  • SMB
  • Enterprise
  • Channel
  • Public Sector
  • ANS Data Centres
  • About ANS
  • Careers
  • Blog
  • Get in touch
  •  
  • Sales 0800 458 4545
  • Support 0800 230 0032
  • Get in touch

© ANS Group Limited | Terms and Conditions | Corporate Guidance | Sitemap
ANS Group Limited, registered in England and Wales, company registration number 03176761, registered office 1 Archway, Birley Fields, Manchester M15 5QJ