Tuesday, February 13, 2007

Prevent Remote Logins by root

It can be fairly difficult to track system administrators who remotely login as root. Here's a way to prevent that particular activity, especially in an environment that requires stringent auditing.

vi /etc/default/login
#/dev/console
/dev/console
:wq! (saves and quits)

As you can see, the comment prefacing /dev/console has been removed. A user should not be able to remotely login as root.

2 comments:

Anonymous said...

I post on the previous version of this, correcting your mistake - and you then just repost with the corrections and don't mention my correction? Nice!!!

esofthub said...

Actually, after seeing your comment, I realized I meant to write about remote logins. Yes, you did point out that uncommenting the /dev/console only allows root to login into the console. Thanks for the correction.