Defense Method 4: restrict the remote login of ROOT users to UNIX systems

Convert a common user to an administrator:

To make a common system user a system administrator, run the SU command in UNIX. This command is used to replace the Subsititute user). However, it was often used by some hackers to convert it into the administrator ROOT) identity. Therefore, this command also became the Super user suqer user) the SU command parameter is the user name to be converted to. If no parameter is included, use the SU command. The system believes that the user must be converted to the ROOT identity. Therefore, a prompt message is displayed, requesting that the correct ROOT password be provided. For example, if DAVID wants to obtain the identity of BDSK, enter:

$ Su bdsk

To obtain the system settings of a new user, use the hyphen (-) to indicate that the SU program is not only the user, in addition, you need to obtain the user's environment when logging on to the system.

Defense methods:

In UNIX systems, computer security systems are built on the authentication mechanism. If the root password is out of password, the system will be compromised, especially in the network environment, and the consequences will be even worse. Therefore, it is of practical significance to restrict user root remote logon to ensure the security of computer systems. This article introduces some methods to restrict remote root logon.

◆Method 1:

In the/etc/default/login file, add a set command line:

CONSOLE =/dev/tty01

The setting takes effect immediately without requiring a reboot. Later, the user can only log on to the console/dev/tty01) root, thus limiting root remote login. However, it also limits root login for LAN users, it brings a lot of inconvenience to the Administrator's daily maintenance work.

◆Method 2:

1. To Restrict root remote logon, you must first identify which users are remote users, that is, whether telnet logon is performed through another Windows or UNIX system, and which users are LAN users. Use the following shell program to achieve this goal.

TY=`tty | cut -b 9-12` WH=`finger | cut -b 32-79 | grep "$TY " | cut -b 29-39` KK=` tty | cut -b 6-9` If [ "$KK" = "ttyp" ] Then WH=$WH Else WH="local" Fi

In the preceding Shell command program, WH is the Host IP address of the logon user. However, if the IP address and host name are defined in the/etc/hosts file, WH indicates the host name for user logon. Assume that the IP address of the terminal server connected to the LAN is 99.57.32.18, add a line to the/etc/hosts file:

99.57.32.18 terminal_server

All the terminal servers that log on to the host through the 99.57.32.18 Terminal Server. The WH value is the same, that is, the terminal server name terminal_server.

2. Perform different processing based on the WH value in the root. profile file to restrict remote root login.

Trap 1 2 3 9 15 If [ "$WH" = "local" -o "$WH" = "terminal_server" ] Then Echo "Welcome......" Else Exit Fi

◆Method 3:

Sometimes, to facilitate work, allow root logon on some computers in the LAN. For example, to allow root logon on a computer with an IP address of 99.57.32.58 in the LAN, you need to do so in the aforementioned method, add two points:

1. Add a line in the/etc/hosts file: 99.57.32.58 xmh.

2. In the preceding Shell section, set the following content:

If [ "$WH" = "local" -o "$WH" = "terminal_server" ]

To:

If [ "$WH" = "local" -o "$WH"= "terminal_server" -o "$WH"= "xmh" ]

◆Method 4:

After the above processing, there is still the possibility of using the su command to become a root user after a common user logs on, thus achieving the root remote login goal. To prevent root remote logon using this method, you must restrict normal users from executing the su command:

1. Change the su command owner to root;

2. Change the su command permission to 700.

Related Articles]

• How to remotely log on to Windows in Linux

• Remote logon to TELNET)

• How to solve the problem of enabling root users and other logins in Ubuntu