login security

login security

Post by Chris Newpo » Sat, 24 Sep 1994 08:07:31


> I've got a question/problem with SCO
> I've got a bit of a security problem where I work, people have big
> mouths and give out the root password. So using SCO's sysadmsh I have
> turned off authorization to the su command for everyone and enabled it
> for only the users who need it.

> What my question/problem is, how do I disable them from just logging
> in as root? Under Sun/BSD I can mark terminals "unsecure" and no one can
> telnet in as root from that location (the console for these machines IS
> a secure location, but unfortunately our local network is not).

> Is there a way to keep users from telnetting in as root? Ideally I'd like
> to allow console logins as root, but if I have to lock everyone out
> except for a su to root that's ok.

SCO Xenix allows you to specify a tty which will be the system console and
ONLY this tty will be allowed to login as root --- lock it in a cupboard.
I am not sure about SCO Unix but it should have somthing similar.
See the login(M) man page.

I have the following line in /etc/default/login :-

SCO are sure to have a similar mechanisn in SCO Unix but I do not have any
info -- I hope this points you in the right direction.

    | B'Shalom  from  Chris Newport          | Home of : netix.bbs            |
    | Location   : Clevedon, Avon, UK        |         : The Netix Consultancy|

    |   Consultancy and Software development   Unix & Comms Specialists       |


1. login security software recommendations wanted

We'd really appreciate any recommendations anyone could give as to how
we could best accomplish our goals listed below. If we need to purchase
software that's OK too. Our system is Solaris 7, we have about 15-20
user accounts, the machine is behind a firewall, the users are barely
computer literate, and these requirements are coming from "on high"
from people who don't have any familiarity with Unix.

1) log failed login violations
2) password requirements: >= 5 chars., not same as name, not same as
previous passwords, lockout after 3 attempts, 60 day expiration, disable
after 30 days inactivity
3) limit one login per user (nice to have, they say)
4) screen saver locks > 15 mins.
6) Unix virus scan software

I've looked at PAM and NIS+. What do you think? Which do you prefer
and why?

Sent via Deja.com http://www.deja.com/
Before you buy.

2. book recommendation?

3. Xwindows graphical login security question

4. help with linux clustering (BEOWULF)

5. Redhat 4.0 -- 4.1 login security different?

6. About shutdown

7. CERT-94:09 What happened to the login security patch?

8. Yamaha DX Chipset and Linux

9. login security software recommendations wanted

10. Login/Security on RS6000

11. Telnet Login Security

12. NIS -> NIS+ migration and login security

13. Interative UNIX login Security breaching VS PPP