HPE Community
Operating System - HP-UX
1847172 Members
5708 Online
110263 Solutions
New Discussion

protecting the root account

 
zenus
Occasional Advisor

‎05-13-2008 03:36 AM

‎05-13-2008 03:36 AM

protecting the root account

how can i prevent root account to remote connect?
0 Kudos
Reply
6 REPLIES 6
Rita C Workman
Honored Contributor

‎05-13-2008 03:38 AM

‎05-13-2008 03:38 AM

Re: protecting the root account

One thing you can do is to ensure that there are NO .rhosts or hosts.equiv on your systems...

Rgrds,
Rita
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎05-13-2008 03:45 AM

‎05-13-2008 03:45 AM

Re: protecting the root account

Shalom,

You can if you wish disable remote login and require console only login.

http://groups.google.com/group/comp.unix.questions/browse_thread/thread/a9a13d004ff7bf28/1fe6e6401cd58e71

How far you go in this idea depends on how hard you want it to be for you to fix the system when it requires authorized work.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
zenus
Occasional Advisor

‎05-13-2008 03:45 AM

‎05-13-2008 03:45 AM

Re: protecting the root account

how and where can i verify that? (.rhosts and hosts.equiv)
0 Kudos
Reply
Sajjad Sahir
Honored Contributor

‎05-13-2008 03:55 AM

‎05-13-2008 03:55 AM

Re: protecting the root account

u can see like these

more .rhosts
more /etc/hosts.equiv
# more .rhosts

data1 root
data1.domain root
data2 root
data2.domain root

data1 oracle
data2 oracle
data1# more /etc/hosts.equiv

data2 oracle
data2 root
data1 oracle
data1 root
u have to check the entries in .rhosts file and hosts.equiv file u have to check it
in order to part of security

thanks and regards

Sajjad
0 Kudos
Reply
Bill Hassell
Honored Contributor

‎05-13-2008 04:01 AM

‎05-13-2008 04:01 AM

Re: protecting the root account

The most important features have been mentioned:

Create the securetty file like this:

print "console" > /etc/securetty

Now, no one can login as root unless they are using the system console.

Remove any .rhosts file in root's $HOME directory. Remove /etc/hosts.equiv if you are not using the 'r' commands (rlogin, rcp and remsh) or at least remove any root entry in that file.

The best way to remove root access is to change the root password every day to a random value. No one will know the root password and therefore must use two logins to get root access: one as an ordinary user and then use sudo to run single commands as root.

Also, turn off VUE or CDE so remote Xwindow desktop is not available. You can still use Xwindows but without the desktop feature.

Consider using only ssh rather than telnet and if not needed, turn off ftp (use scp instead).


Bill Hassell, sysadmin
0 Kudos
Reply
Rita C Workman
Honored Contributor

‎05-13-2008 04:24 AM

‎05-13-2008 04:24 AM

Re: protecting the root account

First, remember that users may have set up .rhosts files, so if this is permitted exclude these from your search.

You might try this to locate .rhost files...you may wish to run this when things are quiet, cause find takes up some resources.

find / -name .rhosts -print

Rgrds,
Rita
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.