I'm not sure whether completely denying login access for root is a good idea. Depending on your circumstances in terms of the physical access to the system, maybe the following is appropriate:
- Restrict root access to the physical console attached to the system by having
in /etc/securetty
- Disable root login via ssh by setting
in /etc/ssh/sshd_config
Hope this helps.