Configuring Firewalls
- After an OS is installed, if a common user is configured, you can add the ALWAYS_SET_PATH field to the /etc/login.defs file and set it to yes to prevent unauthorized operations.
- To prevent the common user from using su root to inherit environment variables to escalate the privileges, you can set ALWAYS_SET_PATH in the server configuration file /etc/pam.d/su to yes.
- For details about other operations, see the OS guide.
Parent topic: Security Hardening