146
edits
No edit summary |
(Removing a user from sudo group and removing an authorized key) |
||
(5 intermediate revisions by 2 users not shown) | |||
Line 20: | Line 20: | ||
usermod -aG sudo USERNAME | usermod -aG sudo USERNAME | ||
</syntaxhighlight> | </syntaxhighlight> | ||
* To remove a user from <code>sudo</code> group | |||
<syntaxhighlight lang="bash"> | |||
sudo gpasswd -d USERNAME sudo | |||
</syntaxhighlight> | |||
Also, to remove their ability to ssh as root, remove their public key from <code>.ssh/authorized_keys</code> | |||
== Security (only need to do this at setup) == | == Security (only need to do this at setup) == | ||
Line 77: | Line 85: | ||
apt install -y iptables-persistent | apt install -y iptables-persistent | ||
</pre> | </pre> | ||
Decline the dialog asking if you want to preserve existing iptables configs (if you say yes then the commands below will fail for some reason) | |||
==== Configuration ==== | ==== Configuration ==== | ||
* '''IPv4:''' Edit <code>/etc/iptables/rules.v4</code> | * '''IPv4:''' Edit <code>/etc/iptables/rules.v4</code> | ||
<pre> | |||
*filter | *filter | ||
Line 118: | Line 128: | ||
</pre> | </pre> | ||
* '''IPv6:''' Edit <code>/etc/iptables/rules.v6</code> | * '''IPv6:''' Edit <code>/etc/iptables/rules.v6</code> | ||
<pre> | |||
*filter | *filter | ||
Line 158: | Line 168: | ||
ip6tables-restore < /etc/iptables/rules.v6 | ip6tables-restore < /etc/iptables/rules.v6 | ||
</syntaxhighlight> | </syntaxhighlight> | ||