HPE Community
Operating System - HP-UX
1834136 Members
2220 Online
110064 Solutions
New Discussion

Restrict root from Doing telnet .

 
SOLVED
Go to solution
Mr.Right
Advisor

‎05-22-2008 12:50 PM

‎05-22-2008 12:50 PM

Restrict root from Doing telnet .

I am new to HP-UX Admin , and need help form all HP-UX Gurus out there.

1. I want to restrict root form doing telnet to my HP-UX Servers.?

Please help me it's urgent.
0 Kudos
Reply
3 REPLIES 3
Tim Nelson
Honored Contributor

‎05-22-2008 01:05 PM

‎05-22-2008 01:05 PM

Solution

Re: Restrict root from Doing telnet .

create /etc/securetty with the text of "console" ( no " required )

This will restrict telnet for root to the console.

If ssh is used then this will have no effect.
If exec is used this will have no effect
If remsh is used then this will have no effect
If SMH is used then this will have no effect.

Lots more security issues to cover.

Your only other option is to write something into /etc/profile or /.profile to check the tty and exit if not /dev/console. But.. if you allow ftp for root someone can just replace that file with something else. So you should also lock out root ftp, and sftp, and rcp ... and so on.

Beware you may just lock yourself out if you get things too tight.




Reply
Tim Nelson
Honored Contributor

‎05-22-2008 01:06 PM

‎05-22-2008 01:06 PM

Re: Restrict root from Doing telnet .

BTW,

Is your first name Always ?

lol

0 Kudos
Reply
Bill Hassell
Honored Contributor

‎05-22-2008 05:31 PM

‎05-22-2008 05:31 PM

Re: Restrict root from Doing telnet .

The simplest method is to change root's password on each system. WShat problem are you trying to solve? Are these systems using a centralized password server such as NIS? As mentioned, there are many ways to login to a system so more details are needed.


Bill Hassell, sysadmin
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.