topic Re: Root Login in Operating System - HP-UX

Root Login

avm — Sat, 24 Mar 2001 14:49:43 GMT

Hi Friends,
Can anybody tell us how to disable root login from other terminals (except console) and disabling the "su login for root also
So that no one can enter into system as root

Thanks in adv
avm

Re: Root Login

Carsten Krege — Sat, 24 Mar 2001 15:24:58 GMT

If the file /etc/securetty exists and contains a line with the word "console", root will only be allowed to login from the console. See the man page of login(1). However, login via su(1) will still be allowed with securetty set.

If you convert your system to a trusted system (use SAM -> Auditing and Security ), you can refine the security policy which user can use what terminal to login (in the System Security Policies section).

You can unconvert the system at any time (also using SAM in any "Actions" submenu.).

Carsten

Re: Root Login

Philip Chan_1 — Sat, 24 Mar 2001 15:32:04 GMT

First, use /etc/securetty (with the word "console") to stop non-console login of root.

Second, convert your system to trust, make yourselve a restricted SAM user (sam -r) with superuser privileges, login by your account then disable "root" user.

~Philip

Re: Root Login

Vincenzo Restuccia — Mon, 26 Mar 2001 13:46:56 GMT

Edit /etc/securetty with:
CONSOLE=/dev/console

Re: Root Login

Steve Faidley — Wed, 04 Apr 2001 17:25:54 GMT

Understand that this is not perfect in a nontrusted HP system. Sun keeps you out via ftp but HP doesn't.
If you know what your doing you can ftp as root and rename the file, then login via telnet.
So if you realy want to lock it down you need to deny root from ftping via the /etc/ftpd/ftpusers file.
See man ftpusers