2.3 ACCESS CONTROL

Previous page
Table of content
Next page

2.3 ACCESS CONTROL

2.3.1 Disallow Remote Root Login

Under normal operating parameters, there should never be a need for the ˜root account to log on to a server remotely. Any actions requiring a direct log on to the system via ˜root should be restricted to the local console.

Edit /etc/ securetty to reflect the following changes: 

 tty1     tty2     tty3     tty4     tty5     tty6

Save the changes and perform the following actions: 

 [root] # chown root:root /etc/securetty     [root] # chmod 400 /etc/securetty

2.3.2 Disable CTRL-ALT-Delete

For those machines with poor or non-existent physical security, it is highly recommended to disable the CTRL-ALT-Delete function that allows an attacker to shutdown the machine.

Edit /etc/inittab to comment out the following line: 

 # ca::ctrlaltdel:/sbin/shutdown -t3 -r now

Save the change and restart the service for it to take effect: 

 [root] # /sbin/init q

2.3.3 Warning Banners

It is a widely held belief that presenting some sort of statutory warning message at login time will assist the prosecution of trespassers of the computer system. Changing some of the login banners also has the additional benefit of hiding OS version information and other detailed system information that an attacker might find useful when targeting his attacks. Clearly, the organization's legal counsel should review the content of all such warnings before any changes are made to the banners.

Edit /etc/motd, /etc/issue, and /etc/issue.net to reflect the appropriate warning message for your organization and save the changes. An example follows : 

 This system is for authorized use only. All activity may be monitored and/or logged

An explanation of what each file does is listed below:

  • /etc/motd “ This file displays the "message of the day" once the user has successfully logged into the system.

  • /etc/issue “ This file is displayed to any user that is logging into the system locally.

  • /etc/issue.net “ This file is displayed to those users logging in remotely via SSH, Telnet, or FTP.

Note  

Earlier versions of Red Hat Linux contained commands in /etc/rc.d/rc.local that would overwrite /etc/issue and /etc/issue.net each time the system was booted . These commands are not present in the 7.3 release of Red Hat; therefore, modifying the files listed above should be sufficient in displaying the appropriate warning banner.

2.3.4 Password Protect Single-user Mode

Linux provides a mechanism for system maintenance via the "Single User Mode" which is typically started when the system is booting. This allows an attacker at the console to bypass any system protection and move into Run Level 1 as root. The ramifications are serious and it is necessary to password protect the single user mode to prevent this from happening.

Edit /etc/inittab to reflect the following change: 

 id:3:initdefault:     ~~:S:wait:/sbin/sulogin

Save the changes and restart the service: 

 [root] # /sbin/init q


Previous page
Table of content
Next page
Securing Linux. A Survival Guide for Linux Security
Securing Linux: A Survival Guide for Linux Security (Version 2.0)
ISBN: 0974372773
EAN: 2147483647
Year: 2002
Pages: 39
Authors: David Koconis, Jim Murray, Jos Purvis, Darrin Wassom
BUY ON AMAZON
Strategies for Information Technology Governance
Identifying and Managing Project Risk: Essential Tools for Failure-Proofing Your Project
Visual C# 2005 How to Program (2nd Edition)
The New Solution Selling: The Revolutionary Sales Process That Is Changing the Way People Sell [NEW SOLUTION SELLING 2/E]
Ruby Cookbook (Cookbooks (OReilly))
Cultural Imperative: Global Trends in the 21st Century
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy