Tuesday, 25 June 2013

How to Prohibit root logins on Terminal Devices

Problem: You want to prevent the superuser,root from logging in directly over a terminal or pseudo-terminal

Soution: Edit /etc/securetty, this file contains device names, one per line, that permit root logins.Make sure there are no pseudo-ttys(pty) devices listed, so root cannot log in via the network, and remove any others of concern to you.

 /etc/securetty


 # serial lines
 tty1
 tty2
 # devfs devices
 vc/1
 vc/2
 

If possible dont permit root to log in directly.

No comments:

Post a Comment