Several methods for SCO to restrict remote logon of ROOT users
Source: Internet
Author: User
Article title: SCO several methods to restrict remote logon by ROOT users. Linux is a technology channel of the IT lab in China. Includes basic categories such as desktop applications, Linux system management, kernel research, embedded systems, and open source.
Method 1: Disable telnet.
After the telnet function is blocked, no user can log on. of course, the ROOT user cannot log on. However, this method is too extreme. Therefore, it is not advisable.
Method 2: Add a line of command in/etc/default/login
CONSOLE = tty01
After this setting, you can only log on to the first console as ROOT. No other console or all remote users can log on.
Method 3: Only the specified user is allowed to log on remotely as the ROOT user.
If the server address is 134.33.86.13, machines with the address 134.33.86.17 and 134.33.86.18 are allowed to log on as ROOT.
1. edit the/etc/hosts file as follows:
127.0.0.1 local
134.33.86.13 jnzy.jndx.com
134.33.86.17 root2
134.33.86.18 root3
2. write a program and put it in the file/. profile.
# @ (#) Root. profile 68.1 98/01/20
#
# Copyright (C) 1989-1998 The Santa Cruz Operation, Inc.
# All Rights Reserved.
# The information in this file is provided for the exclusive use
# The licensees of The Santa Cruz Operation, Inc. Such users have
# Right to use, modify, and induplicate ate this code into other products
# For purposes authorized by the license agreement provided they include
# This notice and the associated copyright notice with any such product.
# The information in this file is provided "as is" without warranty.
#
TY = 'tty | cut-B 9-12'
WH = 'finger | cut-B 32-79 | grep "$ TY" | cut-B 29-39'
KK = 'tty | cut-B 6-9'
If ["$ KK" = "ttyp"]
Then
WH = $ WH
Else
WH = "local"
Fi
Trap 1 2 3 9 15
If ["$ WH" = "local"-o "$ WH" = "root2"]
Then
SHELL =/bin/sh
HOME =/
PATH =/bin:/etc:/usr/bin:/tcb/bin:/zy
# Set terminal type
Eval 'tset-m scoansi :ansi {TERM:-scoansi}-m :\? $ {TERM:-scoansi}-e-r-s-Q'
Export TERM PATH SHELL HOME
[-X/bin/mesg] & mesg n # if mesg is installed...
Date
Else
Echo "you can not telnet by root: \ 07 \ 07" # reject logon and alert
Echo "press any key to exit" # press any key to exit
Read sad
Exit
Fi
In this way, the ROOT user can be logged on only on machines with IP addresses 134.33.8.17 and 134.33.86.18. other addresses cannot be logged on with the ROOT user.
To ensure system security.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
