HPE Community read-only access December 15, 2018
This is a maintenance upgrade. You will be able to read articles and posts, but not post or reply.
Hours:
Dec 15, 4:00 am to 10:00 am UTC
Dec 14, 10:00 pm CST to Dec 15, 4:00 am CST
Dec 14, 8:00 pm PST to Dec 15, 2:00 am PST
System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

After setup /etc/securetty file, generating message

 
SOLVED
Go to solution
Byun Hee Joong
Contributor

After setup /etc/securetty file, generating message

I setup /etc/securetty file to inhibit access as root user.

I want to generate information message when the user try to login with root user.

It's just a sample message.
"The root user is prohobited to login.
You must login with other users."

How can I generate above message?
Thanks in advance.
2 REPLIES
Matti_Kurkela
Honored Contributor
Solution

Re: After setup /etc/securetty file, generating message

The standard /usr/bin/login does not have the facilities to create customized rejection messages.

Instead, you might use /etc/issue (for serial-attached terminals) or banner files (for network connections; see the man page of your network connection server daemon) to announce this to *everyone* logging in.

If the server knows in advance that an authentication attempt is inevitably going to fail (i.e. the user chose the username "root"), it is more secure to allow the user to go through the motions of the standard authentication procedure and *then* kick the user out, *without* telling him/her exactly what was wrong.

This way a potential intruder cannot gather information on what is allowed and what isn't, and may spend some time making useless attempts. That allows the sysadmin more time and evidence to detect the intrusion attempt.

MK
MK
Steven E. Protter
Exalted Contributor

Re: After setup /etc/securetty file, generating message

Shalom,

I would use /etc/issue as well.

Or not use /etc/securetty and build some code into /etc/profile to display the message.

/etc/issue and your current changes is the most secure way to prevent direct root login.

You might also try public key only ssh login for root, it is very secure and convenient for administrators.

http://www.hpux.ws/?p=19

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com