How to improve Linux security and change the sudo command timeout

In Linux systems, the sudo command is a very important tool that allows ordinary users to execute commands as superusers. However, by default, the timeout of the sudo command is relatively long. This means that if your computer is used by someone else, or you leave it for a while, someone else can use the sudo command to perform some malicious actions. In order to improve the security of the Linux system, we can change the timeout of the sudo command. Next, this article will introduce in detail how to modify the timeout of the sudo command.

The sudo command is a permission delegation command and is very commonly used in production environments. By default, the sudo command session time is 15 minutes. In this article, we will cover making sudo password sessions (timeouts) longer or shorter in Ubuntu Linux.
To set the sudo password timeout value, use the passwd_timeout parameter.

Edit /etc/sudoers

First use the sudo and visudo commands to open the /etc/sudoers file with superuser privileges, as shown below:

$ sudo visudo

Set timeout time

Then add the following default value, which means that the sudo password prompt will expire 20 minutes after the user uses sudo.

Defaults        env_reset,timestamp_timeout=20

Note: You can set it to any time you need in minutes and it will wait before timing out. If you want a password prompt to pop up for every sudo command executed, you can also set the time to 0, or permanently disable the password prompt by setting the value -1.

The screenshot below shows the default parameters I set in the /etc/sudoers file.

Test timeout

Press Ctrl O to save the file, then use Ctrl X to exit. Then, test that the setup is OK by running the command using sudo and waiting 2 minutes to check if the password prompt times out.

Through the introduction of this article, I believe everyone has learned how to modify the timeout of the sudo command, which is very helpful for improving the security of the Linux system. We can set an appropriate timeout based on our actual situation to prevent others from using the sudo command to perform malicious operations. Of course, this is only one aspect of improving the security of Linux systems. We still need to continue to learn

The above is the detailed content of How to improve Linux security and change the sudo command timeout. For more information, please follow other related articles on the PHP Chinese website!