step 1
Create and Configure User Account
*suggest users to make complicated password at least 8 characters
*enable shadow to avoid storing password in text mod
*do not use chsh command to modify /bin/false (it will prevent hacker to control system by default account for login)
*make
sure that there is no account using ID nol and prevent login access
remotely without password (configure file .rhost or /etc/host.equiv)
step 2
Secure Root Access
*login without root
*use root access for administration only
*edit /etc/security and add # in the beginning of rows
*disable telnet
*edit /etc/ssh/sshd_config to prevent SSH login
*set umask root to 077 (read, write, execute just for root) or 022 (for user)