Hi everbody..

I'm using RH 8.0 and i have a couple of questions..First i was wondering about the securetty file..From what i have understand that file is used by the login program to check if the root user is allowed to login on that device, rigth?? Is tty local devices and vc is for remote connecections?? And what does "devices" stand for??
Is it my computer or??

Second, in my securetty file i have 11 tty and 11 vc listed with no # in front of them, still i can't login at the prompt in runlevel 3 but i can login with a ordinary user and su to root. Also i can login in single user mode and in x directly with root. If all those tty's and vc's isn't commented out why can't i login directly at the prompt in runlevel 3?? Is that controlled from those PAM things??

Maybe these questions are stupid and as i have understood from this forum is that i shouldn't be able to login directly at the terminal as root or remotely without ssh. But i really trying to understand how this work..

Hope somebody got some answers or links to more info..

Thanks in advance

The Linux security newbie..

Yes, you're right. And devices are files with a special meaning like character devices (tty's and /dev/null for instance), block devices (HD's) fifo's (/dev/initctl for init) and pipes.

Do you mean local login or remote? RH8 comes with some utilities to determine the security level. My copy of RH8 is still boxed gathering dust so I don't know. Or are you using Bastille-linux?

Hi unSpawn...

Thank you for answering...I meant locally...And i am using the regular RH 8.0...Bastille as you were talking about isn´t that a hardening script that you compile into your kernel to make it safer??

I'm total newbie to security and related features in the Linux world...I'm using a document from www.openna.com - Securing and optimizing Red Hat Linux - The ultimate solution...Which i think is great..Just a tip to all other newbies..It's tested on a RH 7.1 i think but most of it works and if it don't you usually only have to change some path to the config file...

No, Bastille doesn't need in-kernel work. It's a Bash shell script.
Is there any tty uncommented (that is without a hash sign or "#" in front of it) in /etc/securetty? If there isn't, uncomment one, if there is, try logging in as root again to see if we can make syslog log some errors. Now open /var/log/messages and see if there have been errors generated. If so, post 'em here.

Hi;

I'm having the same problem, it justed started out of the blue. I took a look at the log of the failing Server and of a good server. the following is what was in there:

FAILED SERVER:

Hostname PAM-securetty[2974]: /etc/securetty is either world writable or not a normal file
HOSTNAME login[2974]: FAILED LOGIN 1 FROM (null) FOR ROOT, Authenication Failure


GOOD SERVER:
HOSTNAME login(pam_unix)[3465]: (system -auth) session opened for user root by LOGIN(uid=0)

HOSTNAME -- root[3465] LOGIN ON tty1 BY root

Notice the PAM difference of the two Servers, both Server are identical and have been ruuning for some time.

any suggestion would be aooreciated

TIA

Tomb

Hi;

I fixed my problem, somehow securettys' permissions got set to 777, they need to be 600. When I set it to 600 I could log in directly as I always did before, I can also login via ssh.

I hope this helps you guys.

Tomb