System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

root account disabled by scanner

SOLVED
Go to solution
Jonathan Grymes
Frequent Advisor

root account disabled by scanner

I recently had a scanner probe my HPUX system and it subsequently locked the root account. This was a legimate scan by my companys infosec group. The attempt occured mutilple times.
From syslog:
May 5 15:24:59 fgexsh41 sshd[19987]: error: PAM: Authentication failed for root from 150.114.112.123.
I have ssh configured to not permit root login. But the attempts disabled root. Is there a way to prevent root from locking by this kind of attack?
1 REPLY
Steven E. Protter
Exalted Contributor
Solution

Re: root account disabled by scanner

Shalom,

Disable interactive login and force root login to use public keys.
http://www.hpux.ws/?p=19

This will force you to install public keys to permit root login.

It disables interactive login and solves the problem without compromising security.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com