More details! => No direct root login

More details! => No direct root login

Post by Leilah Hadda » Fri, 28 Feb 1997 04:00:00




>Hello,

>I am required by management/security to eliminate direct root logins.
>The ability for 'su' must still exist for root.

>   Any ideas ?

>Thanks in advance,

>Leilah

MORE:

I am working on SGIs running IRIX 6.2 os.  The requirement is to
have only user accounts available for direct logins from a terminal.  
We are running NIS also.

 
 
 

More details! => No direct root login

Post by Chuck Gebelei » Sat, 01 Mar 1997 04:00:00


First change all secure listings in your /etc/ttytab file from secure to
unsecure. This will prevent direct logins as root.  To limit the users who
can 'su' add them to the /etc/group, not the /var/etc/group, file on each
unix box at the end of the wheel line.  Separate users by commas.




> >Hello,

> >I am required by management/security to eliminate direct root logins.
> >The ability for 'su' must still exist for root.

> >   Any ideas ?

> >Thanks in advance,

> >Leilah

> MORE:

> I am working on SGIs running IRIX 6.2 os.  The requirement is to
> have only user accounts available for direct logins from a terminal.  
> We are running NIS also.


 
 
 

More details! => No direct root login

Post by Michael Cha » Sat, 08 Mar 1997 04:00:00


It seems like when using bash on linux, the whole su command is been saved
including typing of the su password!

Michael



Quote:> First change all secure listings in your /etc/ttytab file from secure to
> unsecure. This will prevent direct logins as root.  To limit the users
who
> can 'su' add them to the /etc/group, not the /var/etc/group, file on each
> unix box at the end of the wheel line.  Separate users by commas.

 
 
 

More details! => No direct root login

Post by Lance Caven » Sat, 08 Mar 1997 04:00:00




Quote:>It seems like when using bash on linux, the whole su command is been saved
>including typing of the su password!

 I don't use bash, but I don't think bash can log this..

 When you type su, it should show up in bash's log file, however because
you enter the password in the "su" program, bash can't log this. You should
only see something like "su root" in the log file.

 Correct me if I'm wrong.

+---------------------------------------------------+

|Systems Administrator         Ascio Communications |
+---------------------------------------------------+
| "I would never lie. I willfully participated in a |
|  campaign of misinformation."        - Fox Mulder |
+---------------------------------------------------+