|Securing and Optimizing Linux: RedHat Edition -A Hands on Guide|
|Prev||Chapter 5. General System Security||Next|
The root account is the most privileged account on a Unix system. The root account has no security restrictions imposed upon it. This means the system assumes you know what you are doing, and will do exactly what you request -- no questions asked. Therefore it is easy, with a mistyped command, to wipe out crucial system files. When using this account it is important to be as careful as possible. For security reasons, never log in on your server as root unless it is absolutely an instance that necessitates root access. Also, if you are not on your server, never sign in and leave yourself on as root --this is Very, Very, Very BAD practice.
Set login time out for the root account. Despite the notice to never, if they are not on the server sign in as root and leave it unattended, administrators still stay on as root or forget to logout after finishing their work and leave their terminals unattended. The answer to solve this problem is to make the bash shell automatically logout after not being used for a period of time. To do that, you must set the special variable of Linux named TMOUT to the time in seconds of no input before logout. Edit your profile file /etc/profile and add the following line somewhere after the line that read HISTFILESIZE= on this file: