Accounts, Security, etc
This may be more apropos to its own thread, but I figured I'd share what I consider "good practices" in this one.
Admin Account
One of the first steps you go through when setting up a new Mac with OS X is to create an account. I'm not really happy with Apple's choice to automatically make that account an admin one. I understand why they did it: to make it easier for folks to set their systems up. But I disagree with the execution of it.
What I do is this: after logging in as my 'jvp' account, the first thing I do is call up the "Users and Groups" in Sys Prefs, and create a new 'admin' user. I give it administration rights, and then remove mine. Doing this requires logging out and back in, so I do so. Now my 'jvp' account is a stupid-user capable of doing, well basically: nothing.
Any time I have to install something, OS X pops up an authentication dialog box, where I put in the admin's name and password. It's a nice way to force the system to ask me: "Hey, are you
sure you want to install this stuff? Are you
sure you want to make these system changes? Are you
sure you really want to do that?" It may seem annoying to some, but it's a small extra layer of security.
Root Access and Sudo
That said, I may actually want to sudo to root for some reason, from time to time. Since my 'jvp' account is no longer an admin account, it won't be in the sudoers file. So I fix that first by becoming the admin user:
And then sudoing to edit the sudoers file:
Both steps require the admin user's password, obviously. Once in the sudoers file, I look for the
User privilege specifications section.
Code:
# User privilege specification
root ALL=(ALL) ALL
%admin ALL=(ALL) ALL
I add my 'jvp' account and save it. It looks like so:
Code:
# User privilege specification
root ALL=(ALL) ALL
%admin ALL=(ALL) ALL
jvp ALL=(ALL) ALL
Now when I and if I need to do something as root (which is exceedingly rare), I just open an iTerm or Terminal.app window and do this:
which requires my password.
Making SSH a Little More Secure
All of my machines allow incoming ssh connections, but like most UNIXen boxes, ssh is set up a bit loosely for my tastes. None of these steps are required, mind you. But they tighten up the ssh daemon a bit more than it is by default.
When dealing with ssh, the first thing I do is add my ssh keys to ~/.ssh/authorized_keys. I'm not going to go into the details of what that is, how you do it, etc. It's easy to reference, look up on the web, read man pages, etc. That and I'm lazy and don't feel like writing an ssh tome.
Anyway, I add the keys that I know I'll use to the authorized_keys file first, because the next change I make is going to suddenly elevate that key file's importance.
As root (remember the sudo stuff from above?) I edit the /etc/sshd_config file. Care must be taken here, so I'd recommend if you feel uneasy doing this, save a copy elsewhere. Anyway, I look for 2 important lines to change. The first is
It's commented out in the file, but the default is 'yes'. And that's just silly. So we'll set that to no by uncommenting it and editing its value.
Check and verify that PasswordAuthentication is set to no. It should be by default. If you want to make certain, just uncomment it.
Code:
#PasswordAuthentication no
And finally, the variable UsePAM is set to yes by default. This will ultimately allow someone to use password authentication via ssh, even though PasswordAuthentication is set to no. So set UsePAM to no.
Save the file. What you've just done is make it impossible for root to login via ssh. And you've made it impossible for any users to log in via ssh with a password. They
have to have a local authorized_keys file in their ~/.ssh directory.
I'm sure there are other "best practices", but these are the steps I take to try and secure OS X within reason.
jas
