topic Re: how to stop telnet login with root in Operating System - Linux

how to stop telnet login with root

frederick van targero — Fri, 07 Jun 2002 22:58:36 GMT

Dear all, i meet great embrassed to stop telnet login by root. my server has been hacked, and, now that the root can login directly by simle telnet, i have try my best to find where the hacker has been modified.i have check the /etc/securetty for lines as pts/0-9, the /sbin/chkconfig, all the way, however, neither my stop the login with root by telnet nor i try to test on my desk linux redo telnet login with root. they all fail, i feel helpness.

i know i should remove the telnet for ssh, however, i can't right yet,it need by some functions.

thanks for your tips
frederick

Re: how to stop telnet login with root

I_M — Sat, 08 Jun 2002 04:15:21 GMT

Hi

If you are using RH, chkck out /etc/pam.d/login file.

My RH7.3, the first line is
auth required /lib/security/pam_securetty.so

If you don't find this line, root user can be login.

But, do you think this is an only door that cracker can go in? I think your system has another back door that we can not imagine. So recommened action is, re-install & patch your system.

You didn't write the name of the distro. Is it a SecureLinux from HP?

Good luck

Re: how to stop telnet login with root

frederick van targero — Sat, 08 Jun 2002 05:52:31 GMT

it is only the normal redhat 7.2.

i checked the /lib/pam.d/login,
the line is available, and i tried to comment it in the other computer so as to remake telnet by root in testing, seems it did not work.

frederick

Re: how to stop telnet login with root

I_M — Sat, 08 Jun 2002 07:06:28 GMT

Hello again,

Check out /etc/securetty.
This file include terminal device file name to allow root login.

And you can enable to telnet only from your network,
add following into /etc/xinetd.d/telnet.

only_from = your_network_address

Then restart xinetd.

This "only_from" valid not only root user but also other non-root users,too.

If you need sample of the config file, see /usr/share/doc/xinetd-ver/sample.conf

Good luck

Re: how to stop telnet login with root

D. Jackson_1 — Tue, 11 Jun 2002 15:48:24 GMT

I think you can also edit the /etc/xinetd.d/telnet file and put in yes for disable at the bottom of the file..

Good Luck

Re: how to stop telnet login with root

D. Jackson_1 — Tue, 11 Jun 2002 15:48:55 GMT

I think you can also edit the /etc/xinetd.d/telnet file and put in yes for disable at the bottom of the file..
Then restart xinetd.

Good Luck

Re: how to stop telnet login with root

Bjoern Myrland — Wed, 12 Jun 2002 06:10:38 GMT

One way to allow root login is to add entries to the file '/etc/securetty' like this:

...
pts/0
pts/1
pts/2
...
pts/10

Check your /etc/securetty file and make sure it does not have these lines.

Re: how to stop telnet login with root

Jordan Bean — Thu, 13 Jun 2002 19:08:29 GMT

I'm assuming that you've already changed the root password. Does login ask for root's password through telnet?

What about rlogin and rsh? Since you've already checked /etc/securetty, /etc/pam.d/login and /etc/xinetd.d/telnet, I suggest you also check /etc/hosts.equiv, and ~root/.rhosts in addition to the pam and xinetd confs for rlogin and rsh. Be sure to disable these services immediately if you do not use them.

Also look for suspicious services:
# netstat -anp | grep LISTEN

Have you compared the binaries to those of a clean install?