Recipe 3.19 Prohibiting root Logins on Terminal Devices

Previous page
Table of content
Next page

3.19.1 Problem

You want to prevent the superuser, root, from logging in directly over a terminal or pseudo-terminal.

3.19.2 Solution

Edit /etc/securetty. This file contains device names, one per line, that permit root logins. Make sure there are no pseudo-ttys (pty) devices listed, so root cannot log in via the network, and remove any others of concern to you. Lines do not contain the leading "/dev/" path, and lines beginning with a hash mark (#) are comments. For example:

/etc/securetty: # serial lines tty1 tty2 # devfs devices vc/1 vc/2

3.19.3 Discussion

If possible, don't permit root to log in directly. If you do, you're providing a route for breaking into your system: an outsider can launch (say) a dictionary attack against the terminal in question. Instead, users should log in as themselves and gain root privileges in an appropriate manner, as we discuss in Chapter 5.

3.19.4 See Also

securetty(5). Documentation on devfs is at http://www.atnf.csiro.au/people/rgooch/linux/docs/devfs.html.

Previous page
Table of content
Next page
Linux Security Cookbook
Linux Security Cookbook
ISBN: 0596003919
EAN: 2147483647
Year: 2006
Pages: 247
Authors: Daniel J. Barrett, Richard E. Silverman, Robert G. Byrnes
BUY ON AMAZON
Certified Ethical Hacker Exam Prep
Oracle Developer Forms Techniques
Professional Java Native Interfaces with SWT/JFace (Programmer to Programmer)
Google Maps Hacks: Tips & Tools for Geographic Searching and Remixing
.NET System Management Services
FileMaker 8 Functions and Scripts Desk Reference
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy