HPE Community
Operating System - HP-UX
1836375 Members
2342 Online
110100 Solutions
New Discussion

Blocking Root telnet

 
Raghuram Ollakal_1
Advisor

‎11-11-2001 05:18 AM

‎11-11-2001 05:18 AM

Blocking Root telnet

I would like to know in HPUX is there a way I can block telneting to server as " root" other than a user. I know in Sun Solaris I can block telneting as root.
no personal quote
0 Kudos
Reply
4 REPLIES 4
Patrick Wallek
Honored Contributor

‎11-11-2001 05:24 AM

‎11-11-2001 05:24 AM

Re: Blocking Root telnet

To keep someone from logging into the box directly as root from anywhere EXCEPT the console create the file /etc/securetty
and put the word

console

into the file.

# cat /etc/securetty
console
#

This will allow root to login directly from the console only. If a user has the root password, however, the user can login as him or her self and then do an 'su -' put in the root password and be logged in.
0 Kudos
Reply
David Lodge
Trusted Contributor

‎11-11-2001 05:41 AM

‎11-11-2001 05:41 AM

Re: Blocking Root telnet

Note the above will *only* stop telnet and IIRC rlogin. If you require to stop root logging in via other mechanism (eg ftp, ssh, xdm) then you have to configure those bits seperately.

FTP is easy - just put the word root in the /etc/ftpd/ftpusers file.

To stop root in xdm you have put a little scriptlet in the xstartup file...
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎11-11-2001 07:35 PM

‎11-11-2001 07:35 PM

Re: Blocking Root telnet

One additiobnal note: You can eliminate root from logging in from ANY source with:

cat /dev/null > /etc/securetty

Now this might seem to be a bit extreme, it is actually a useful mode. It means that anyone that needs root capability must supply 4 pieces of information: two logins and two passwords. In other words, only su will work to attain root user login.

NOTE: Never use su by itself...always, always use su - (that's a trailing minus character) to ensure that root will run /etc/profile and .profile rather than inheriting an unsecure environment.


Bill Hassell, sysadmin
0 Kudos
Reply
Uday_S_Ankolekar
Honored Contributor

‎11-11-2001 07:43 PM

‎11-11-2001 07:43 PM

Re: Blocking Root telnet

hi,

Insert word 'console' in /etc/securetty file
By doing this you can login as your username only.. If you want root previlage you can do su once you login.

Goodluck

-USA..
Good Luck..
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.