I has Centos 5.5 with kernel 2.6.18-194.17.1.el5.

centos-release-5-5.el5.centos
Linux centos 2.6.18-194.17.1.el5 #1 SMP Wed Sep 29 12:50:31 EDT 2010 x86_64 x86_64 x86_64 GNU/Linux

My problem is this:

I can login as root in to Gnome and ssh but not in console
In fact I can login with anyuser in to Gnome and ssh but not in console.

By the console I'm referring to tty1-tty6.

When the login screen is showed I write the user and password but then a message is quickly(I can´t see it) showed and erased and the login screen is showed again

I looked the file /etc/security/access.conf but all the entries are marked as comments.

I also looked the file /etc/securetty and this is the content:

console
vc/1
vc/2
vc/3
vc/4
vc/5
vc/6
vc/7
vc/8
vc/9
vc/10
vc/11
tty1
tty2
tty3
tty4
tty5
tty6
tty7
tty8
tty9
tty10
tty11


I even can use "su" with anyuser with no problem.

The next entries are written in the /var/log/audit/audit.log file everytime I has this error:


type=USER_AUTH msg=audit(1284441198.687:5305): user pid=21795 uid=0 auid=4294967295 msg='PAM: authentication acct="root" : exe="/bin/login" (hostname=?, addr=?, terminal=tty2 res=success)'
type=USER_ACCT msg=audit(1284441198.687:5306): user pid=21795 uid=0 auid=4294967295 msg='PAM: accounting acct="root" : exe="/bin/login" (hostname=?, addr=?, terminal=tty2 res=success)'
type=LOGIN msg=audit(1284441198.694:5307): login pid=21795 uid=0 old auid=4294967295 new auid=0 old ses=4294967295 new ses=430
type=USER_START msg=audit(1284441198.694:530: user pid=21795 uid=0 auid=0 msg='PAM: session open acct="root" : exe="/bin/login" (hostname=?, addr=?, terminal=tty2 res=failed)


Selinux is turned off.

May you help me please to correct this error?
Thanks in advance for your help.

Have a look at /var/log/secure.

1 members found this post helpful.

Root logins should be restricted to the system console. This may be enforced in a file in /etc/security/. Pay attention to the PAM configurations and access.conf. What is wrong with logging in as a normal user and su'ing to root or using logged sudo commands?

Also, reconsider disabling selinux protection.

thank you, I am going to read these files.

I have been a windows administrator for 15 years and this is the first linux server I have to install and administrate.

I chose centos because a friend of mine told me It was one of the best linux distros for servers.

The default configuration in centos let me login with root in to gnome, ssh and console(tty1-tty6) for this reason I thought it was a problem.

It seems that I wil have to harden the security of the server.

Thanh you for your help

You may also wish to check out the LQ Wiki under networking since you're new to Linux serving. There's a lot of good information and while it does not pertain specifically to CentOS it is still useful to know. It can be applied to CentOS.

Run vimtutor in the terminal because knowing a terminal based text editor is essential. Run "man man" in the terminal to familiarize yourself with the man pages when you need to know the options of a command. Looking up a tutorial on the bash shell is also essential because piping commands and redirecting stout/sterr is a very powerful thing (my LQ Blog lists some examples). As always LQ will be around to fill in the blanks.

1 members found this post helpful.

Since you mentioned running sshd, I thought I would mention some things to consider to further secure it. Consider using pubkey authentication instead of Challenge Response authentication. The /etc/ssh/sshd_config file has instructions for setting this up in the comments:
Disabling root logins, and adding "AllowUsers username ..." will further secure the sshd service.

You can use:
eval $(ssh-agent)
ssh-add

at your remote client to hold your private key's passphrase. This allows seemingly logging in without a passphrase. You can even put a shortcut on your screen that starts a graphical program remotely via ssh. I added this to an icon's Command line: ssh -X elite 'inkscape %F'. Clicking on the inkscape icon starts the program on my desktop, displaying it on my laptop. You could do the same thing with one of the system-config-* programs or log viewer programs, when the server is running in run level 3. Just insert `gnomesu' after the opening quote to run one of the system configuration programs remotely.

Script kiddies attacking the server will be trying username/password brute force attacks. And the "root" user is their main target. Using "AllowUsers" will also disallow system users not listed. Which are also targets of script kiddies.

3 members found this post helpful.