1827667 Members
3592 Online
109966 Solutions
New Discussion

restrict root access

 
newunix
Frequent Advisor

restrict root access

i have made an entry as console in /etc/securetty file,but also i am able to take rlogin.

how shall i restrict it.
1 REPLY 1
Matti_Kurkela
Honored Contributor

Re: restrict root access

The best practice would be to completely disable all non-encrypted login methods (telnet, rlogin, rexec and remsh) and use SSH instead.

Unlike those older login methods, SSH has a flexible configuration file that can be used to configure many types of restrictions as necessary.

You can disable telnet, rlogin, rexec and remsh by commenting out the appropriate lines in /etc/inetd.conf and then sending a "kill -HUP" signal to the inetd process.

If you cannot disable rlogin, you should instead verify that root rlogin is not authorized in /etc/hosts.equiv or the .rhosts file in root user's home directory. Also verify that /etc/securetty has only "console" and nothing else.

MK
MK