(fwd) disabling remote console
Christoph Doerbeck
doerbeck at dma.isg.mot.com
Thu Sep 3 09:55:40 EDT 1998
> >> I should not have been, but I was surprised when I could remotely log
> >> in as root. I would like to disable this so remote users would have to
> >> log on under their account and then su to do anything as root. In Solaris
> >> we put a line CONSOLE=/dev/console in the file /etc/default/login. I
> >> could not find a similar place on my Linux host. Is there one?
>
> I think you should have a look at /etc/securetty (list "devices" onto which
> you can log as root - usually should only contain /dev/tty13 ;) ).
> Regarding su, /etc/ttys limits the ports one can use to "su".
>
Also have a look at PAM, if your're running RedHat >= 4.2
You'll probably want something like this in /etc/pam.d/login as the first
line:
auth required /lib/security/apm_securetty.so
This is really spooky... I think I'm finally starting to understand
the PAM configuration process. Time from another LinuxSoup topic...
***
Subcription/unsubscription/info requests: send e-mail with subject of
"subscribe", "unsubscribe", or "info" to discuss-request at blu.org
More information about the Discuss
mailing list