Problem: You want to prevent the superuser,root from logging in directly over a terminal or pseudo-terminal
Soution: Edit /etc/securetty, this file contains device names, one per line, that permit root logins.Make sure there are no pseudo-ttys(pty) devices listed, so root cannot log in via the network, and remove any others of concern to you.
/etc/securetty
# serial lines
tty1
tty2
# devfs devices
vc/1
vc/2
If possible dont permit root to log in directly.
Soution: Edit /etc/securetty, this file contains device names, one per line, that permit root logins.Make sure there are no pseudo-ttys(pty) devices listed, so root cannot log in via the network, and remove any others of concern to you.
/etc/securetty
# serial lines
tty1
tty2
# devfs devices
vc/1
vc/2
If possible dont permit root to log in directly.
No comments:
Post a Comment