1748213 Members
3798 Online
108759 Solutions
New Discussion юеВ

Re: Rename root

 
SOLVED
Go to solution
Arthur Luimes_2
Occasional Advisor

Rename root

Dear Security Guru's,

My manager has aked me if it is possible to rename the root user to something else, so that a hacker would have to guess both the name and it's password.

How would I do this?
Is this actually a bad idea? Are there components of HP-UX 11.00 that depend on the name "root"?

Thanks a lot,

Arthur Luimes
7 REPLIES 7
Arunvijai_4
Honored Contributor
Solution

Re: Rename root

You can't rename root user as far as i know. Its not possible in any unix OS. Try to implement some other techniques like SSL, SSH, PAM kerberos, IDS to secure your server.

-Arun
"A ship in the harbor is safe, but that is not what ships are built for"

Re: Rename root

Hi,

Block direct root access to the system. Give permission to a group of users(System admin) to do an su - from their login access root. You can even implement sudoers .

Install SSL, SSH, PAM kerberos, IDS as suggested by arun.

There is no way you can rename the ultimate super user 'root'

Regards,
Sunil
Your imagination is the preview of your life's coming attractions
Sivakumar TS
Honored Contributor

Re: Rename root


Dear Arthur,

You cannot rename root user in any HPUX, lot may dependencys are present in the system.

With Regards,

Siva.
Nothing is Impossible !
Mark Nieuwboer
Esteemed Contributor

Re: Rename root

Hi Arthur,

Block direct root access to the system. Give permission to a group of users(System admin) to do an su - from their login access root. as suggested above.
Set the login try on 3 times so after 3 badlogins you have to enable root paaswd trough the console.

One otherway is to make a user with uid 0.
and after that diable the root account with /usr/lbin/modprpw -k root.
This is not what i should do but it is an option.

grtz. Mark
Arthur Luimes_2
Occasional Advisor

Re: Rename root

Great Replies. Just what I needed.

Thanks a lot,

Arthur
Arunvijai_4
Honored Contributor

Re: Rename root

Search ITRC for locking root account and more security related information. It is a great place to look into.

-Arun
"A ship in the harbor is safe, but that is not what ships are built for"
Bill Hassell
Honored Contributor

Re: Rename root

You can indeed rename root as long as the system is not Trusted. Just edit the /etc/passwd file. But as others have mentioned, portions of HP-UX and other applications may depend on "root" and of course, 100% of sysadmin documentation will use the name root when referring to the superuser.

The very first step in protecting your system is to REPLACE the text in /etc/issue with a non-descriptive message. The typical text is the output of uname -a and that is TOO MUCH information!! It contains the hardware model and the version of HP-UX, far too much information to be shown *before* you login. Instead, just put the name (or nickname if the network name implies HP-UX) of the computer and nothing else.

Then you immdediately convert to a Trusted system. At that point, the root password cannot be guessed without locking out the root user for non-console logins. Note that the lastb command will reveal when and from which IP address a root attack was launched. And to address your manager's concerns, just create an empty /etc/securetty:

cat /dev/null > /etc/securetty

Now, *NO ONE* can login as root except at the real console. To gain root access remotely (telnet, ssh, etc) use su (which logs each access) or better yet, install and configure sudo.

The above will address your manager's concerns. But for truly important systems, you need to download and run Bastille to harden all the security on each system. And get a copy of the HP-UX Security book by Chris Wong.


Bill Hassell, sysadmin