HPE Community
Operating System - Linux
1822143 Members
3984 Online
109640 Solutions
New Discussion юеВ

how to stop telnet login with root

 
frederick van targero
Advisor

тАО06-07-2002 03:58 PM

тАО06-07-2002 03:58 PM

how to stop telnet login with root

Dear all, i meet great embrassed to stop telnet login by root. my server has been hacked, and, now that the root can login directly by simle telnet, i have try my best to find where the hacker has been modified.i have check the /etc/securetty for lines as pts/0-9, the /sbin/chkconfig, all the way, however, neither my stop the login with root by telnet nor i try to test on my desk linux redo telnet login with root. they all fail, i feel helpness.

i know i should remove the telnet for ssh, however, i can't right yet,it need by some functions.

thanks for your tips
frederick


frederick
0 Kudos
Reply
7 REPLIES 7
I_M
Honored Contributor

тАО06-07-2002 09:15 PM

тАО06-07-2002 09:15 PM

Re: how to stop telnet login with root

Hi

If you are using RH, chkck out /etc/pam.d/login file.

My RH7.3, the first line is
auth required /lib/security/pam_securetty.so

If you don't find this line, root user can be login.

But, do you think this is an only door that cracker can go in? I think your system has another back door that we can not imagine. So recommened action is, re-install & patch your system.

You didn't write the name of the distro. Is it a SecureLinux from HP?

Good luck
0 Kudos
Reply
frederick van targero
Advisor

тАО06-07-2002 10:52 PM

тАО06-07-2002 10:52 PM

Re: how to stop telnet login with root

it is only the normal redhat 7.2.

i checked the /lib/pam.d/login,
the line is available, and i tried to comment it in the other computer so as to remake telnet by root in testing, seems it did not work.

frederick
frederick
0 Kudos
Reply
I_M
Honored Contributor

тАО06-08-2002 12:06 AM

тАО06-08-2002 12:06 AM

Re: how to stop telnet login with root

Hello again,

Check out /etc/securetty.
This file include terminal device file name to allow root login.

And you can enable to telnet only from your network,
add following into /etc/xinetd.d/telnet.

only_from = your_network_address

Then restart xinetd.

This "only_from" valid not only root user but also other non-root users,too.

If you need sample of the config file, see /usr/share/doc/xinetd-ver/sample.conf

Good luck
0 Kudos
Reply
D. Jackson_1
Honored Contributor

тАО06-11-2002 08:48 AM

тАО06-11-2002 08:48 AM

Re: how to stop telnet login with root

I think you can also edit the /etc/xinetd.d/telnet file and put in yes for disable at the bottom of the file..

Good Luck

0 Kudos
Reply
D. Jackson_1
Honored Contributor

тАО06-11-2002 08:48 AM

тАО06-11-2002 08:48 AM

Re: how to stop telnet login with root

I think you can also edit the /etc/xinetd.d/telnet file and put in yes for disable at the bottom of the file..
Then restart xinetd.

Good Luck

0 Kudos
Reply
Bjoern Myrland
Advisor

тАО06-11-2002 11:10 PM

тАО06-11-2002 11:10 PM

Re: how to stop telnet login with root

One way to allow root login is to add entries to the file '/etc/securetty' like this:

...
pts/0
pts/1
pts/2
...
pts/10

Check your /etc/securetty file and make sure it does not have these lines.
0 Kudos
Reply
Jordan Bean
Honored Contributor

тАО06-13-2002 12:08 PM

тАО06-13-2002 12:08 PM

Re: how to stop telnet login with root

I'm assuming that you've already changed the root password. Does login ask for root's password through telnet?

What about rlogin and rsh? Since you've already checked /etc/securetty, /etc/pam.d/login and /etc/xinetd.d/telnet, I suggest you also check /etc/hosts.equiv, and ~root/.rhosts in addition to the pam and xinetd confs for rlogin and rsh. Be sure to disable these services immediately if you do not use them.

Also look for suspicious services:
# netstat -anp | grep LISTEN

Have you compared the binaries to those of a clean install?
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.