by jfinc.. » Tue, 28 Mar 2000 04:00:00
Thanks,
Jeremy
by Tom East » Tue, 28 Mar 2000 04:00:00
-Tom
--
Tom Eastep \ Eastep's First Principle of Computing:
ICQ #60745924 \ "Any sane computer will tell you how it
Shoreline, Washington USA \___________________________________________
by Martijn Kruitho » Tue, 28 Mar 2000 04:00:00
> I want to keep root from logging in both locally and through ssh. I tried
> changing root's shell to /bin/false, but that kept me from using su, which
> I want still enabled. How can I keep root from logging in, but still allow
> su access (which on my box is restricted to users in group "wheel").
> Thanks,
> Jeremy
Kind regards, Martijn
--
http://jkf.penguinpowered.com
Linux distributies voor maar
Fl 10 per CD, inclusief verzendkosten!
by Tim Hayne » Tue, 28 Mar 2000 04:00:00
> >I want to keep root from logging in both locally and through ssh. I
> >tried changing root's shell to /bin/false, but that kept me from using
> >su, which I want still enabled. How can I keep root from logging in,
> >but still allow su access (which on my box is restricted to users in
> >group "wheel").
> Make /etc/securetty an empty file.
Just an idea :)
~Tim
--
| Geek Code: GCS dpu s-:+ a-- C++++ UBLUAVHSC++++ P+++ L++ E--- W+++(--) N++
| w--- O- M-- V-- PS PGP++ t--- X+(-) b D+ G e++(*) h++(*) r--- y-
| The sun is melting over the hills, | http://piglet.is.dreaming.org/
by David Gilla » Wed, 29 Mar 2000 04:00:00
Thanks in advance for an answer....
> > Jeremy,
> > >I want to keep root from logging in both locally and through ssh. I
> > >tried changing root's shell to /bin/false, but that kept me from using
> > >su, which I want still enabled. How can I keep root from logging in,
> > >but still allow su access (which on my box is restricted to users in
> > >group "wheel").
> > Make /etc/securetty an empty file.
> One other thing as well? : /etc/sshd_config, PermitRootLogin=No
> Just an idea :)
> ~Tim
> --
> | Geek Code: GCS dpu s-:+ a-- C++++ UBLUAVHSC++++ P+++ L++ E--- W+++(--) N++
> | w--- O- M-- V-- PS PGP++ t--- X+(-) b D+ G e++(*) h++(*) r--- y-
> | The sun is melting over the hills, | http://piglet.is.dreaming.org/
_/_/_/_/ _/_/_/_/ David Gillam
_/ _/ _/
_/ _/ _/ _/_/
_/ _/ _/ _/ USA
_/_/_/_/ _/_/_/_/ Fax - 01-208-246-3867
by Tom East » Wed, 29 Mar 2000 04:00:00
-Tom
--
Tom Eastep \ Eastep's First Principle of Computing:
ICQ #60745924 \ "Any sane computer will tell you how it
Shoreline, Washington USA \___________________________________________
by David Gilla » Wed, 29 Mar 2000 04:00:00
> >Ummm....a small question here? What if you have to go to Single-User
> >mode? You can *only* use root's account to get in to correct some
> >severe problems. Will that still work when you've got it setup so root
> >cannot login (even on the console)?
> You still have single-user mode which bypasses /etc/securetty...
> -Tom
> --
> Tom Eastep \ Eastep's First Principle of Computing:
> ICQ #60745924 \ "Any sane computer will tell you how it
> Shoreline, Washington USA \___________________________________________
_/_/_/_/ _/_/_/_/ David Gillam
_/ _/ _/
_/ _/ _/ _/_/
_/ _/ _/ _/ USA
_/_/_/_/ _/_/_/_/ Fax - 01-208-246-3867
by Bill » Wed, 29 Mar 2000 04:00:00
Others answered the question as well as I could.Quote:>I want to keep root from logging in both locally and through ssh. I tried
>changing root's shell to /bin/false, but that kept me from using su, which
>I want still enabled. How can I keep root from logging in, but still allow
>su access (which on my box is restricted to users in group "wheel").
Just one question : why not over SSH? SSH is reasonably secure, isn't it?
Bill "Houdini" Weiss
---
Robert the high speed hacker, had a very high-speed switch,
and if you ever saw it, you would see the fibre twitch.
All of the other admins, used to cry and curse his name,
they never let poor Robert, play in any high-speed games.
Then one foggy weekend night, San Cisco came to say,
Robert with your ports so tight, won't you link my sites tonight?
Then all the admins loved him, they thought it would be real neat,
If Robert the high-speed-hacker, would teach them to be 3L1T3.
mike, comp.os.linux.security
by jfinc.. » Wed, 29 Mar 2000 04:00:00
>Thanks in advance for an answer....
The reason for not allowing logins locally for root is that my computer isn't
entirely physically secure. However, the people who might be around it aren't
so bold as to reboot into single user mode; however, they might be so bold as
to log in as root given the oppurtunity. This makes it that much harder for
them to do so.
And I can always su root.
Jeremy
by jfinc.. » Wed, 29 Mar 2000 04:00:00
Reasonably secure, yes. However, since I don't want to restrict which computerQuote:>Just one question : why not over SSH? SSH is reasonably secure, isn't it?
And I'll always have su.
Jeremy
by Tim Hayne » Wed, 29 Mar 2000 04:00:00
> Reasonably secure, yes. However, since I don't want to restrict which
> computer can ssh into my box (being all over the place) I'd rather not
> allow anyone and everyone to attempt to log in as root over ssh.
> And I'll always have su.
(Personally I think that sudo-versus-su is a bit like .rhosts - it cuts
BOTH ways, if you use it then you can set up accounts that give you root
instantly, if you don't then you have to let the root password through
somewhere. Oops.)
~Tim
--
| Geek Code: GCS dpu s-:+ a-- C++++ UBLUAVHSC++++ P+++ L++ E--- W+++(--) N++
| w--- O- M-- V-- PS PGP++ t--- X+(-) b D+ G e++(*) h++(*) r--- y-
| The sun is melting over the hills, | http://piglet.is.dreaming.org/
by Tim Hayne » Wed, 29 Mar 2000 04:00:00
> > >Ummm....a small question here? What if you have to go to Single-User
> > >mode? You can *only* use root's account to get in to correct some
> > >severe problems. Will that still work when you've got it setup so root
> > >cannot login (even on the console)?
> > You still have single-user mode which bypasses /etc/securetty...
> Well, *that's* good to know! :-) Thanks!
~Tim
--
| Geek Code: GCS dpu s-:+ a-- C++++ UBLUAVHSC++++ P+++ L++ E--- W+++(--) N++
| w--- O- M-- V-- PS PGP++ t--- X+(-) b D+ G e++(*) h++(*) r--- y-
| The sun is melting over the hills, | http://piglet.is.dreaming.org/
1. Need HELP to Log User Log-ins form the internet
Hi,
I've setup a FreeBSD 4.1.1-STABLE box to connect a network to the internet
with natd and ipfw firewall.
I've also setup the FreeBSD box to let teleworkers log in with FTP and
telnet.
Now I would like to log FTP and telnet Log-in's from teleworkers who connect
to the machine from the internet.
I woul like to see the time and IP numer from which users Log-in.
I have looked at the /var/log/messages file but this only shows SU Login's.
All help is greatly appriciated!
Luke
3. Prevent ROOT using logging on as ROOT
4. korganizer - in development still?
5. PPP error when only su to root; OK if logged in as root
7. Can't log in as root, but can su root
9. Keep log of history commands
10. Keep a program running after logging out
11. SUMMARY: How to keep users from logging in
12. login sessions keep on using CPU power after being logged out.
13. How do I keep a log of every command each user issues?