HPE Community
Operating System - HP-UX
1834461 Members
2863 Online
110067 Solutions
New Discussion

Re: how to liminit root to telnet the host?

 
SOLVED
Go to solution
常有慈悲心
Regular Advisor

‎12-12-2004 10:17 PM

‎12-12-2004 10:17 PM

how to liminit root to telnet the host?

is it /etc/default/security
0 Kudos
Reply
8 REPLIES 8
Massimo Bianchi
Honored Contributor

‎12-12-2004 10:23 PM

‎12-12-2004 10:23 PM

Solution

Re: how to liminit root to telnet the host?

HI,
you have a number of ways.

/etc/securetty

THe list of the console root is allowed to log in.

Here you can allow root to the accessed just from the console, for example.

Install ssh and use it as the only way to login.

Install and configure tcp wrappers (never done by myself, but could be usefull to prevent logins.)


/var/adm/inetd.sec

to allow hosts to connect to the server..


HTH,
Massimo


Reply
Stf
Esteemed Contributor

‎12-12-2004 10:24 PM

‎12-12-2004 10:24 PM

Re: how to liminit root to telnet the host?

If I remember well it's in /etc/default/login where you have to comment root line...

Stf ;-)
Reply
Thierry Poels_1
Honored Contributor

‎12-12-2004 10:24 PM

‎12-12-2004 10:24 PM

Re: how to liminit root to telnet the host?

hi,

/etc/securetty is used to define terminals where root can login directly (= without su). It should only contains /dev/console.

regards,
Thierry Poels.
All unix flavours are exactly the same . . . . . . . . . . for end users anyway.
Reply
常有慈悲心
Regular Advisor

‎12-12-2004 10:51 PM

‎12-12-2004 10:51 PM

Re: how to liminit root to telnet the host?

thanks everyone.it can be done by:
vi /etc/securetty
console=/dev/console



wq!
but how can i get more help about /etc/securetty?


because man securetty not work.


0 Kudos
Reply
Bharat Katkar
Honored Contributor

‎12-12-2004 11:06 PM

‎12-12-2004 11:06 PM

Re: how to liminit root to telnet the host?

Hi,
Refer to the links below:

http://www.faqs.org/docs/securing/chap5sec41.html
http://server1.belchfire.net/protected-cgi-bin/manServer_107.pl/usr/share/man/man5/securetty.5

Hope that helps.
Regards,


You need to know a lot to actually know how little you know
Reply
Michael Duthie
Trusted Contributor

‎12-12-2004 11:24 PM

‎12-12-2004 11:24 PM

Re: how to liminit root to telnet the host?

Try

# man login

Mike
Reply
Jean-Luc Oudart
Honored Contributor

‎12-12-2004 11:35 PM

‎12-12-2004 11:35 PM

Re: how to liminit root to telnet the host?

Hi as mentioned in previous post - extract from man login :
If the /etc/securetty file is present, login security is in effect.
Only user root is allowed to log in successfully on the ttys listed in
this file. Restricted ttys are listed by device name, one per line.
Valid tty names are dependent on the installation. An example is

console
tty01
ttya1
etc.

###########################
Also

if you want to restrict users to su to root to a specific group use "SU_ROOT_GROUP" in /etc/default/security

Regards
Jean-Luc
fiat lux
Reply
Muthukumar_5
Honored Contributor

‎12-13-2004 01:09 AM

‎12-13-2004 01:09 AM

Re: how to liminit root to telnet the host?

You can use /etc/profile scripting as an another way to do this as,

if [[ "$LOGNAME" = "root" ]]
then

if [[ $(ps | grep -q telnet) -eq 0 ]]
then

echo "root login with telnet is denied"
echo "contact informations"
sleep 3

fi

fi

Ultimate way is using /etc/securetty file. More informations will be in login man page.

HTH.
Easy to suggest when don't know about the problem!
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.