|
|||||||||||
|
|
||||||||||||||
|
||||||||||||||
|
|
||||||||||||||
What is 'sudo'?
This is a way of securing and limiting root access on your system. Sudo ('superuser
do') allows the administrator to give certain users (or groups of users) the
ability to run some (actually all) commands as root while logging all
commands and arguments. Sudo operates on a per-command basis, it is not a replacement
for the shell. Consider having only sudo on your system, instead of "su",
as sudo does better logging as well.
How do I disable root login over network?
The /etc/securetty file lists the devices on which "root" may log in. If you
remove all entries except for tty1 through tty8, you'll prevent network logins
for root.
ttyS* are serial devices (e.g., a modem or serial-connected
terminal)
ttyp*, ttyq*, etc are network terminals
A tip on your system
security, consider removing "/etc/hosts.equiv"
This file allows other hosts to be trusted by your system. It can be used to
log on to your machine without a password. If you are not running "r" commands,
you should have no use for this file and it should be removed. Also, disable
'r' programs like rlogin, rsh and use ssh and scp.
Can't telnet as 'root'
into the system from outside?
You can login as root from
the local console, also can do a "su", but not telnet as 'root'? This
is because this is the default behaviour for security reasons. If you can, use
ssh and scp instead of telnet and ftp. If you cannot or think that your system
is secure, add the necessary number of pseudo terminals in /etc/securetty.
You may also face this problem while logging from xterms locally.
ttyp0, ttyp1, ...., ttypa, ... (add one in each line)
How do I look at the log files for 'su' usage?
grep "su.*-root" /var/log/auth.log
![[HOME]](../images/homepage.gif){kind=small}