aaPanel_Kern Hi, thanks for considering to answer. opc and root user has been in my known list as it is generic for the cloud platform. After that, I only used the aapanel installation bash. after that, Some of the related aaPanel plugins from the Aapanel dashboard. So, I guess, If someone working with Aapanel can Identify well what they've scripted taking the permission of root user from us to create additional user for running the Aapanel and related plugins with Aapanel.
As you know, This is really necessary from the perspective of Security. As I don't know to which users I didn't give permission to.
the other viewpoint is: Just to be sure, Malicious insiders aren't on my server. Kind 1st phase of pen-testing.
It'd be better if anyone created any best practices that should be taken care of securing the server with Aapanel.
I have not updated the server from the version 6.18.17. As it is running well on my arm machine, Just fail2ban is not working well in the machine. I don't know if the problem is solved in the upgraded version. So, I'm not taking the risk to Upgrade it to latest version. Might need to take some actions to backup the server before upgrading.
I'm still would like to get a proper answer regarding the users specifically created by Aapanel Installation Package.
Thanks in advance.