Locking down sudo
We've been using the sudo command throughout the book so far. In fact, we took a deeper look at it during Chapter 2, Managing Users. Therefore, I won't go into too much detail regarding sudo here, but some things bear repeating as sudo has a direct impact on security.
First and foremost, access to sudo should be locked down as much as possible. A user with full sudo access is a threat, plain and simple. All it would take is for someone with full sudo access to make a single mistake with the rm command to cause you to lose data or render your entire server useless. After all, a user with full sudo access can do anything root can do (which is everything).
By default, the user you've created during installation will be made a member of the sudo group. Members of this group have full access to the sudo command. Therefore, you shouldn't make any users a member of this group unless you absolutely have to. In Chapter 2, Managing Users, I talked about how to...
