Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I'm using RH 8.0 and i have a couple of questions..First i was wondering about the securetty file..From what i have understand that file is used by the login program to check if the root user is allowed to login on that device, rigth?? Is tty local devices and vc is for remote connecections?? And what does "devices" stand for??
Is it my computer or??
Second, in my securetty file i have 11 tty and 11 vc listed with no # in front of them, still i can't login at the prompt in runlevel 3 but i can login with a ordinary user and su to root. Also i can login in single user mode and in x directly with root. If all those tty's and vc's isn't commented out why can't i login directly at the prompt in runlevel 3?? Is that controlled from those PAM things??
Maybe these questions are stupid and as i have understood from this forum is that i shouldn't be able to login directly at the terminal as root or remotely without ssh. But i really trying to understand how this work..
Hope somebody got some answers or links to more info..
Yes, you're right. And devices are files with a special meaning like character devices (tty's and /dev/null for instance), block devices (HD's) fifo's (/dev/initctl for init) and pipes.
Do you mean local login or remote? RH8 comes with some utilities to determine the security level. My copy of RH8 is still boxed gathering dust so I don't know. Or are you using Bastille-linux?
Thank you for answering...I meant locally...And i am using the regular RH 8.0...Bastille as you were talking about isnīt that a hardening script that you compile into your kernel to make it safer??
I'm total newbie to security and related features in the Linux world...I'm using a document from www.openna.com - Securing and optimizing Red Hat Linux - The ultimate solution...Which i think is great..Just a tip to all other newbies..It's tested on a RH 7.1 i think but most of it works and if it don't you usually only have to change some path to the config file...
No, Bastille doesn't need in-kernel work. It's a Bash shell script.
Is there any tty uncommented (that is without a hash sign or "#" in front of it) in /etc/securetty? If there isn't, uncomment one, if there is, try logging in as root again to see if we can make syslog log some errors. Now open /var/log/messages and see if there have been errors generated. If so, post 'em here.
I'm having the same problem, it justed started out of the blue. I took a look at the log of the failing Server and of a good server. the following is what was in there:
FAILED SERVER:
Hostname PAM-securetty[2974]: /etc/securetty is either world writable or not a normal file
HOSTNAME login[2974]: FAILED LOGIN 1 FROM (null) FOR ROOT, Authenication Failure
GOOD SERVER:
HOSTNAME login(pam_unix)[3465]: (system -auth) session opened for user root by LOGIN(uid=0)
HOSTNAME -- root[3465] LOGIN ON tty1 BY root
Notice the PAM difference of the two Servers, both Server are identical and have been ruuning for some time.
I fixed my problem, somehow securettys' permissions got set to 777, they need to be 600. When I set it to 600 I could log in directly as I always did before, I can also login via ssh.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.