https://community.hpe.com/t5/operating-system-hp-ux/blocking-root-telnet/m-p/2611644#M36268 I would like to know in HPUX is there a way I can block telneting to server as " root" other than a user. I know in Sun Solaris I can block telneting as root. Sun, 11 Nov 2001 13:18:47 GMT Raghuram Ollakal_1 2001-11-11T13:18:47Z https://community.hpe.com/t5/operating-system-hp-ux/blocking-root-telnet/m-p/2611644#M36268 I would like to know in HPUX is there a way I can block telneting to server as " root" other than a user. I know in Sun Solaris I can block telneting as root. Sun, 11 Nov 2001 13:18:47 GMT https://community.hpe.com/t5/operating-system-hp-ux/blocking-root-telnet/m-p/2611644#M36268 Raghuram Ollakal_1 2001-11-11T13:18:47Z https://community.hpe.com/t5/operating-system-hp-ux/blocking-root-telnet/m-p/2611645#M36269 To keep someone from logging into the box directly as root from anywhere EXCEPT the console create the file /etc/securetty<BR />and put the word<BR /><BR />console<BR /><BR />into the file.<BR /><BR /># cat /etc/securetty<BR />console<BR />#<BR /><BR />This will allow root to login directly from the console only. If a user has the root password, however, the user can login as him or her self and then do an 'su -' put in the root password and be logged in. Sun, 11 Nov 2001 13:24:19 GMT https://community.hpe.com/t5/operating-system-hp-ux/blocking-root-telnet/m-p/2611645#M36269 Patrick Wallek 2001-11-11T13:24:19Z https://community.hpe.com/t5/operating-system-hp-ux/blocking-root-telnet/m-p/2611646#M36270 Note the above will *only* stop telnet and IIRC rlogin. If you require to stop root logging in via other mechanism (eg ftp, ssh, xdm) then you have to configure those bits seperately.<BR /><BR />FTP is easy - just put the word root in the /etc/ftpd/ftpusers file. <BR /><BR />To stop root in xdm you have put a little scriptlet in the xstartup file... Sun, 11 Nov 2001 13:41:02 GMT https://community.hpe.com/t5/operating-system-hp-ux/blocking-root-telnet/m-p/2611646#M36270 David Lodge 2001-11-11T13:41:02Z https://community.hpe.com/t5/operating-system-hp-ux/blocking-root-telnet/m-p/2611647#M36271 One additiobnal note: You can eliminate root from logging in from ANY source with:<BR /><BR />cat /dev/null &gt; /etc/securetty<BR /><BR />Now this might seem to be a bit extreme, it is actually a useful mode. It means that anyone that needs root capability must supply 4 pieces of information: two logins and two passwords. In other words, only su will work to attain root user login.<BR /><BR />NOTE: Never use su by itself...always, always use su - (that's a trailing minus character) to ensure that root will run /etc/profile and .profile rather than inheriting an unsecure environment. Mon, 12 Nov 2001 03:35:37 GMT https://community.hpe.com/t5/operating-system-hp-ux/blocking-root-telnet/m-p/2611647#M36271 Bill Hassell 2001-11-12T03:35:37Z https://community.hpe.com/t5/operating-system-hp-ux/blocking-root-telnet/m-p/2611648#M36272 hi,<BR /><BR />Insert word 'console' in /etc/securetty file <BR />By doing this you can login as your username only.. If you want root previlage you can do su once you login.<BR /><BR />Goodluck<BR /><BR />-USA.. Mon, 12 Nov 2001 03:43:10 GMT https://community.hpe.com/t5/operating-system-hp-ux/blocking-root-telnet/m-p/2611648#M36272 Uday_S_Ankolekar 2001-11-12T03:43:10Z