LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 11-08-2007, 02:11 PM   #1
OgreCoder
LQ Newbie
 
Registered: Feb 2004
Posts: 3

Rep: Reputation: 0
Emptying securetty does not prevent root login


I am trying to prevent root from logging in in any way other than by using su. I currently prevent this through ssh, ftp, etc. The only exceptions is at the actual console. From everything I know and have found, I should just be able to empty my /etc/securetty file and stop this from happening. I have done this on another computer running the exact same operating system as me, CentOS 4.5, and it works there. PAM is configured exactly the same on both systems as well. Any thoughts?
 
Old 11-09-2007, 11:28 PM   #2
DropSig
Member
 
Registered: Apr 2004
Location: Saskatchewan
Distribution: Ubuntu, Centos
Posts: 208

Rep: Reputation: 30
usermod -L works for normal users i've used it but never tryed with root
 
Old 11-18-2007, 10:58 PM   #3
fotoguy
Senior Member
 
Registered: Mar 2003
Location: Brisbane Queensland Australia
Distribution: Custom Debian Live ISO's
Posts: 1,291

Rep: Reputation: 62
you could also try modifying the /etc/passwd file, and changing the login for root from /bin/bash to /bin/false. So if root tries to login from it wont get a console.
 
Old 11-18-2007, 11:05 PM   #4
DropSig
Member
 
Registered: Apr 2004
Location: Saskatchewan
Distribution: Ubuntu, Centos
Posts: 208

Rep: Reputation: 30
or make roots password empty
 
Old 11-20-2007, 07:25 AM   #5
evilDagmar
Member
 
Registered: Mar 2005
Location: Right behind you.
Distribution: NBG, then randomed.
Posts: 480

Rep: Reputation: 31
Quote:
Originally Posted by DropSig View Post
or make roots password empty
Umm... no.
 
Old 11-20-2007, 07:35 AM   #6
DropSig
Member
 
Registered: Apr 2004
Location: Saskatchewan
Distribution: Ubuntu, Centos
Posts: 208

Rep: Reputation: 30
why not? few distro do that by default.
 
Old 11-20-2007, 07:49 AM   #7
evilDagmar
Member
 
Registered: Mar 2005
Location: Right behind you.
Distribution: NBG, then randomed.
Posts: 480

Rep: Reputation: 31
Quote:
Originally Posted by DropSig View Post
why not? few distro do that by default.
They _lock_ it... They don't make it empty. There's a big difference between a disabled/locked password and an empty string. (whew)
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Enable remote root login in /etc/securetty jon_k Linux - Software 5 03-17-2011 12:52 AM
wrong login shell prevent root login cefs99 Linux - Security 4 05-31-2006 09:28 AM
OpenSSH, prevent root login, how? cylarz Linux - Security 1 04-22-2006 06:23 AM
Emptying trash as root timelord726 Linux - General 4 08-18-2004 02:26 AM
securetty and login?? Nevyn2 Linux - Security 5 08-26-2003 03:58 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 07:48 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration