How do I install packages in RHEL 9?

In RHEL 9, you can install packages using DNF: sudo dnf install package-name. This automatically resolves dependencies and installs required libraries.

How do I search for available packages in RHEL 9?

To search for packages, use sudo dnf search keyword. It lists all packages matching your query along with repository information.

How do I update all packages in RHEL 9?

Run sudo dnf update to update all installed packages. Use sudo dnf upgrade for major system upgrades. You can also use --security for only security updates.

What is the difference between DNF and RPM?

DNF is the default high-level package manager in RHEL 9, which automatically handles dependencies. RPM is a low-level tool used for manual installation, queries, or verification of packages.

How do I remove a package in RHEL 9?

To remove a package, use sudo dnf remove package-name. This removes the package and any unused dependencies. Alternatively, rpm -e package-name can be used but does not handle dependencies.

8 Safe ways to disable the root account in Linux

8 Safe Ways to Disable the Root Account in Linux

The root user is the user who has full privileges in any Linux system. It has unlimited powers but is an ultimate security risk if not managed properly. Disabling root access is one of the best practices for Linux hardening because using sudo is more effective than direct root access.

Since the root user is granted absolute powers in such a way that any activity carried out by the root user can be critical to the system. Any errors made by the root user can disrupt the system's normal operations. Moreover, this account can be misused by being used accidentally or inappropriately.

Precaution: Before disabling root account access, ensure that you have an administrative account with sudo privileges to regain root access. If you don’t already have an admin user account, create a new one and add it to the sudo group, or add it directly to the sudoers file in /etc/sudoers.

Add an admin user with the useradd command

#useradd -m -c “Admin User” admin

#passwd admin

Now add this user to the sudo group to take privileges as the root.

#usermod -a -G sudo admin

As you have a user with administrative privileges, now switch to that user and block the root access.

#su admin

Why Disable the Root Account

Disabling root access helps:

· Prevent brute-force attacks

· Minimize accidental system destruction

· Improve auditing (sudo logs every command)

· Enforce least-privilege access

· Block remote or local unauthorized root sessions

1. Lock the Root Account (Recommended Method)

Lock the root account so that it cannot authenticate.

#sudo passwd -l root

It adds! in the password hash, blocking login but keeps root available for internal processes.

2. Expire the Root Password

Force the root password to expire immediately.

#sudo passwd -e root

Root cannot log in until the password is reset.

3. Disable Root using usermod

Another way to lock the root account is by using usermod.

#sudo usermod -L root

Equivalent to passwd -l, prevents password authentication.

4. Disable Root Shell Access

Replace the root’s shell with /usr/sbin/nologin or /bin/false.

#sudo usermod –s /usr/sbin/nologin root

#sudo usermod -s /bin/false root

Root cannot spawn a shell locally or via shell.

5. Remove Root Password

Delete the root password completely.

#sudo passwd -d root

Root cannot log in using a password, useful for systems that rely on sudo.

6. Disable Root Login Over SSH

The most common and important security practice to disable root over SSH. Edit the SSH configuration file.

#sudo nano /etc/ssh/sshd_config

Find the entry rootpermitlogin and set it to no if it is yes.

#PermitRootLogin no

After making the changes save the file, restart the sshd service with the command.

#sudo systemctl restart sshd

Prevents remote hacking attempts targeting root.

7. Disable Root TTY Console Login

Some distros (RHEL/CentOS) use /etc/securetty to manage root console access. This file allows you to specify the tty devices the root user is allowed to log in. Emptying this file will ensure that the root cannot log in to any devices connected to the computer.

Rename the original file and create an empty file to disable root access.

#sudo mv /etc/securetty /etc/securetty.bkp

#sudo touch /etc/securetty

#sudo chmod 600 /etc/securetty

Blocks the root login from physical terminals, but other programs like ssh, sudo, and su have access to the root account.

8. Remove Root Entry from /etc/passwd (Not Recommended)

Just comment out the root entry in /etc/passwd file but this is not recommended in production environments.

How to verify if Root is disabled

To verify the root account is disabled, check the status of the root account with this command.

#sudo passwd -s root

Comparison Table: Ways to Disable Root Account

Method	Safe	Best Use Case
Lock Root (passwd -l)	Yes	General security hardening
Expire password	Yes	Temporary disable
Usermod -L root	Yes	Same as a lock
No root shell	Yes	SSH/access restriction
Delete password	Yes	Systems using sudo only
Disable root login	Critical	Internet-facing servers
Edit /etc/securetty	Distro-dependent	Prevent console logins
Remove root password from passwd	No	Not recommended

That’s for all now. One of the best and safest methods of hardening your Linux system is to disable root access. The above methods allow you to have full control over root access while maintaining system stability and security.

Keep visiting seeklinux for more updates, give your comments below, and feel free to contact us.

8 Safe ways to disable the root account in Linux

Post a Comment

Post a Comment

Contact Form