root access

Manuales · ‎04-03-2006

where can i restrict access to login always first with a user different to root?

thanks, Manuales.

Jeff Schussele · ‎04-03-2006

Hi Manuales,

Create a file /etc/securetty and place in it the word console
Make sure the perms are 400 so that only root can read it.
This restricts direct root logins to ONLY the /dev/console device.

HTH,
Jeff

PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!

Robert-Jan Goossens · ‎04-03-2006

Hi Manuales,

check if the file excist
# ll /etc/securetty

root can login only at the console
# echo console > /etc/securetty

and I would create a unix group
# cd /etc/default
add SU_ROOT_GROUP=group_name to the security file.

Regards,
Robert-Jan

Arunvijai_4 · ‎04-03-2006

Hi Manuales,

Check /etc/securetty file. If not available, create it.

-Arun

"A ship in the harbor is safe, but that is not what ships are built for"

Alzhy · ‎04-03-2006

In addition to the above for handling telnet access by root and IF you have SSH in your environment AND to plug that backdoor:

Upgrade to HP's latest SecureShell version from:

http://h20293.www2.hp.com/portal/swdepot/displayProductInfo.do?productNumber=T1471AA

And edit your /opt/ssh/etc/sshd_config and add:

EnforceSecureTTY yes

This will consult /etc/securetty (just as telnet does) and will restrict your admins to login as themselves first and sudo or su to root - or use the Console for direct root login.

Hakuna Matata.

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Forums

Discussions

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

root access

root access

Re: root access

Re: root access

Re: root access

Re: root access