topic Re: how to liminit root to telnet the host? in Operating System - HP-UX

how to liminit root to telnet the host?

常有慈悲心 — Mon, 13 Dec 2004 06:17:44 GMT

is it /etc/default/security

Re: how to liminit root to telnet the host?

Massimo Bianchi — Mon, 13 Dec 2004 06:23:31 GMT

HI,
you have a number of ways.

/etc/securetty

THe list of the console root is allowed to log in.

Here you can allow root to the accessed just from the console, for example.

Install ssh and use it as the only way to login.

Install and configure tcp wrappers (never done by myself, but could be usefull to prevent logins.)

/var/adm/inetd.sec

to allow hosts to connect to the server..

HTH,
Massimo

Re: how to liminit root to telnet the host?

Stf — Mon, 13 Dec 2004 06:24:05 GMT

If I remember well it's in /etc/default/login where you have to comment root line...

Stf ;-)

Re: how to liminit root to telnet the host?

Thierry Poels_1 — Mon, 13 Dec 2004 06:24:17 GMT

hi,

/etc/securetty is used to define terminals where root can login directly (= without su). It should only contains /dev/console.

regards,
Thierry Poels.

Re: how to liminit root to telnet the host?

常有慈悲心 — Mon, 13 Dec 2004 06:51:32 GMT

thanks everyone.it can be done by:
vi /etc/securetty
console=/dev/console

wq!
but how can i get more help about /etc/securetty?

because man securetty not work.

Re: how to liminit root to telnet the host?

Bharat Katkar — Mon, 13 Dec 2004 07:06:58 GMT

Hi,
Refer to the links below:

http://www.faqs.org/docs/securing/chap5sec41.html
http://server1.belchfire.net/protected-cgi-bin/manServer_107.pl/usr/share/man/man5/securetty.5

Hope that helps.
Regards,

Re: how to liminit root to telnet the host?

Michael Duthie — Mon, 13 Dec 2004 07:24:01 GMT

Try

# man login

Mike

Re: how to liminit root to telnet the host?

Jean-Luc Oudart — Mon, 13 Dec 2004 07:35:38 GMT

Hi as mentioned in previous post - extract from man login :
If the /etc/securetty file is present, login security is in effect.
Only user root is allowed to log in successfully on the ttys listed in
this file. Restricted ttys are listed by device name, one per line.
Valid tty names are dependent on the installation. An example is

console
tty01
ttya1
etc.

###########################
Also

if you want to restrict users to su to root to a specific group use "SU_ROOT_GROUP" in /etc/default/security

Regards
Jean-Luc

Re: how to liminit root to telnet the host?

Muthukumar_5 — Mon, 13 Dec 2004 09:09:00 GMT

You can use /etc/profile scripting as an another way to do this as,

if [[ "$LOGNAME" = "root" ]]
then

if [[ $(ps | grep -q telnet) -eq 0 ]]
then

echo "root login with telnet is denied"
echo "contact informations"
sleep 3

fi

fi

Ultimate way is using /etc/securetty file. More informations will be in login man page.

HTH.