Skip to Main Content
Linux Security Cookbook
book

Linux Security Cookbook

by Daniel J. Barrett, Richard E. Silverman, Robert G. Byrnes
June 2003
Intermediate to advanced content levelIntermediate to advanced
336 pages
8h 54m
English
O'Reilly Media, Inc.
Content preview from Linux Security Cookbook

3.19. Prohibiting root Logins on Terminal Devices

Problem

You want to prevent the superuser, root, from logging in directly over a terminal or pseudo-terminal.

Solution

Edit /etc/securetty . This file contains device names, one per line, that permit root logins. Make sure there are no pseudo-ttys (pty) devices listed, so root cannot log in via the network, and remove any others of concern to you. Lines do not contain the leading “/dev/” path, and lines beginning with a hash mark (#) are comments. For example:

               /etc/securetty:
# serial lines
tty1
tty2
# devfs devices
vc/1
vc/2

Discussion

If possible, don’t permit root to log in directly. If you do, you’re providing a route for breaking into your system: an outsider can launch (say) a dictionary attack against the terminal in question. Instead, users should log in as themselves and gain root privileges in an appropriate manner, as we discuss in Chapter 5.

See Also

securetty(5). Documentation on devfs is at http://www.atnf.csiro.au/people/rgooch/linux/docs/devfs.html.

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

Linux Administration Cookbook

Linux Administration Cookbook

Adam K. Dean

Publisher Resources

ISBN: 0596003919Errata Page