Skip to main content

Measures

Commands in the productive environment

We recommend that every user in the productive environment can only execute commands using the keyword "sudo".

For initializing commands from package managers, such as "yum", "apt-get", "zypper", we recommend that these are completely prohibited. Furthermore, it is recommended that commands such as "curl", "wget", etc., which can download data from the Internet. Furthermore, every non-admin user should have read-only access to cluster hosts. For this purpose, the command

chmod -R 744 <Directory>

is recommended.


Included in the following risks