LinuxQuestions.org
LinuxAnswers - the LQ Linux tutorial section.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 12-18-2001, 06:58 PM   #1
adamrau
Member
 
Registered: Sep 2001
Posts: 42

Rep: Reputation: 15
/etc/securetty --> I commented out all lines and I can still log in as root


I dont want root to be able to login. He can su in but not directly login. I commented out all entries in /etc/securetty and i can still directly ssh into my server

Any ideas why?

Adam
 
Old 12-19-2001, 01:13 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,132
Blog Entries: 54

Rep: Reputation: 2790Reputation: 2790Reputation: 2790Reputation: 2790Reputation: 2790Reputation: 2790Reputation: 2790Reputation: 2790Reputation: 2790Reputation: 2790Reputation: 2790
If you mean you can ssh into your box as root, then add the directive
"PermitRootLogin no" to /etc/ssh/sshd_conf
If this doesnt work, check your syslogs for errormessages and post some.
 
Old 05-30-2004, 06:16 AM   #3
jschiwal
Guru
 
Registered: Aug 2001
Location: Fargo, ND
Distribution: SuSE AMD64
Posts: 15,733

Rep: Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654Reputation: 654
Which distribution do you have. Linux uses Pluggable Authentication Modules to control that sort of thing. Its possible that if the policy is set to allow root login that the securetty file isn't referenced. But I'm just guessing.

Here are the first two lines of my /etc/pam.d/login file:
Code:
#%PAM-1.0
auth       required     pam_securetty.so
Your distribution probably has a place to change the root login policy, which will save you from having to setup the /etc/pam.d/ entries yourself. In Mandrake Linux you go to MCC -> Security -> Levels and Checks -> System Options Tab. There you can disallow remote root login, or even direct root login.

I'm sure your distro has a similar tool.

Not allowing root log-in is a good idea if there is more then one person with root access. Then when ever something is done as root, you can tell from the logs which root-user made the change by checking who su-ed to root , and you know who to ask if you have any questions.

Last edited by jschiwal; 05-30-2004 at 06:25 AM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Enable remote root login in /etc/securetty jon_k Linux - Software 5 03-16-2011 11:52 PM
Assistance with extracting a series of lines from a log file katsal Linux - General 1 06-21-2005 06:55 PM
how to extract certain lines from a log file Avatar Linux - Newbie 3 02-11-2005 09:51 AM
how to remove all commented lines win32sux Linux - General 11 05-08-2004 03:27 AM
counting the commented lines using awk [ /* */] itsjvivek Linux - General 8 01-17-2003 08:30 AM


All times are GMT -5. The time now is 02:28 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration