https://community.hpe.com/t5/operating-system-hp-ux/disable-root-rlogin/m-p/3329131#M188722 Hello All:<BR /><BR />Is there a way to disable rlogin for root, but allow all the r* services enable(ie. rcp, remsh...) for root. I have already set up an /etc/securetty file to force root login only from the console. I would configure the /var/adm/inetd.sec file, but this would disable rlogin for everyone. I'm only interested in disable rlogin for root. Any advice is appreciated.<BR /><BR />Thanks,<BR />Henry Mon, 12 Jul 2004 12:20:31 GMT Henry Nguyen 2004-07-12T12:20:31Z https://community.hpe.com/t5/operating-system-hp-ux/disable-root-rlogin/m-p/3329131#M188722 Hello All:<BR /><BR />Is there a way to disable rlogin for root, but allow all the r* services enable(ie. rcp, remsh...) for root. I have already set up an /etc/securetty file to force root login only from the console. I would configure the /var/adm/inetd.sec file, but this would disable rlogin for everyone. I'm only interested in disable rlogin for root. Any advice is appreciated.<BR /><BR />Thanks,<BR />Henry Mon, 12 Jul 2004 12:20:31 GMT https://community.hpe.com/t5/operating-system-hp-ux/disable-root-rlogin/m-p/3329131#M188722 Henry Nguyen 2004-07-12T12:20:31Z https://community.hpe.com/t5/operating-system-hp-ux/disable-root-rlogin/m-p/3329132#M188723 TCP wrappers.<BR /><BR />Check /etc/hosts.allow and /etc/hosts.deny<BR /><BR />Anil Mon, 12 Jul 2004 12:29:07 GMT https://community.hpe.com/t5/operating-system-hp-ux/disable-root-rlogin/m-p/3329132#M188723 RAC_1 2004-07-12T12:29:07Z https://community.hpe.com/t5/operating-system-hp-ux/disable-root-rlogin/m-p/3329133#M188724 That's not true. With /var/adm/inetd.sec, you can specify a user ID which you want to deny a service. Man inetd.sec for an example.<BR /><BR />Hai Mon, 12 Jul 2004 12:40:13 GMT https://community.hpe.com/t5/operating-system-hp-ux/disable-root-rlogin/m-p/3329133#M188724 Hai Nguyen_1 2004-07-12T12:40:13Z https://community.hpe.com/t5/operating-system-hp-ux/disable-root-rlogin/m-p/3329134#M188725 Henry,<BR /><BR />There is no way, you can do that with inetd.sec. If is for rejecting/allow service to a host/network<BR /><BR />Your only option seems to be tcp wrappers.<BR /><BR />Anil Mon, 12 Jul 2004 12:44:03 GMT https://community.hpe.com/t5/operating-system-hp-ux/disable-root-rlogin/m-p/3329134#M188725 RAC_1 2004-07-12T12:44:03Z https://community.hpe.com/t5/operating-system-hp-ux/disable-root-rlogin/m-p/3329135#M188726 Hi Hai,<BR /><BR />I have to agree w/RAC on this one.<BR />With inetd.sec granularity can only go down to hostname/IP as well as subnet.<BR />With tcp-wrappers you *can* go down to username - like:<BR />username@hostname.com<BR /><BR />Henry - I believe that's the only way you can do this short of some code in /etc/profile that will query access method as well as login name to disallow root rlogins.<BR /><BR />tcp-wrappers cab be had here:<BR /><BR /><A href="http://hpux.cs.utah.edu/hppd/hpux/Networking/Admin/tcp_wrappers-7.6/" target="_blank">http://hpux.cs.utah.edu/hppd/hpux/Networking/Admin/tcp_wrappers-7.6/</A><BR /><BR />highly recommended.<BR /><BR />Rgds,<BR />Jeff Mon, 12 Jul 2004 12:53:28 GMT https://community.hpe.com/t5/operating-system-hp-ux/disable-root-rlogin/m-p/3329135#M188726 Jeff Schussele 2004-07-12T12:53:28Z https://community.hpe.com/t5/operating-system-hp-ux/disable-root-rlogin/m-p/3329136#M188727 Jeff and RAC,<BR /><BR />You are both right. My bad for believing my memory with reviewing the man page. Henry, inetd.sec cannot handle this. Sorry for my mistake.<BR /><BR />Hai Mon, 12 Jul 2004 14:05:14 GMT https://community.hpe.com/t5/operating-system-hp-ux/disable-root-rlogin/m-p/3329136#M188727 Hai Nguyen_1 2004-07-12T14:05:14Z https://community.hpe.com/t5/operating-system-hp-ux/disable-root-rlogin/m-p/3329137#M188728 Hi,<BR /><BR />Have you checked /etc/inetd.conf and run inetd -c to pick up the changes if required. Also ensure no TCP wrappers by checking if you have a /etc/hosts.allow and /etc/hosts.deny.<BR /><BR />It also worth checking /var/adm/inetd.sec for any entries.<BR /><BR />Regards,<BR />Simon Tue, 24 Jan 2006 04:51:37 GMT https://community.hpe.com/t5/operating-system-hp-ux/disable-root-rlogin/m-p/3329137#M188728 Simon Wickham_6 2006-01-24T04:51:37Z https://community.hpe.com/t5/operating-system-hp-ux/disable-root-rlogin/m-p/3329138#M188729 Yes. You can simply make in /.profile file.<BR /><BR />/.profile<BR /><BR />ps | grep -q 'rlogind'<BR />if [[ $? -eq 0 ]]<BR />then<BR /> echo "ERROR: rlogin with root account is disabled"<BR /> sleep 2<BR /> exit 1<BR />fi<BR /><BR />Note: remsh <HOSTNAME> is like rlogin <HOSTNAME><BR /><BR />It is working.<BR /><BR />--<BR />Muthu</HOSTNAME></HOSTNAME> Tue, 24 Jan 2006 05:01:05 GMT https://community.hpe.com/t5/operating-system-hp-ux/disable-root-rlogin/m-p/3329138#M188729 Muthukumar_5 2006-01-24T05:01:05Z