Solved

Disable root telnet access in AIX

Posted on 2000-02-25
8
3,103 Views
Last Modified: 2010-05-18
Simple question, but I don't know AIX:

How do you disable root access via telnet in AIX 4.3.1?

Thanks!
0
Comment
Question by:edskee
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 21

Expert Comment

by:tfewster
ID: 2559612
Create an entry "root" in /etc/securetty; Any usernames in this file have to be logged in on a secure (not a networked) device.

You can still get root access remotely by logging in as yourself and using su.
0
 
LVL 2

Author Comment

by:edskee
ID: 2559655
Did that, that doesnt work in AIX
0
 
LVL 21

Expert Comment

by:tfewster
ID: 2559698
In the absence of a definitive AIX method:

Modify roots .profile, to add the following lines

if [ -n `ps -ef |grep $PPID |grep telnetd` ]
#i.e. connected by telnet
then
  echo "Cannot log in as root remotely"
  #exit 0
fi

After thorough testing, uncomment the "exit 0" line.

Note that this still allows su (and su -) and does not check for rlogin or rsh access;

 
0
What Is Transaction Monitoring and who needs it?

Synthetic Transaction Monitoring that you need for the day to day, which ensures your business website keeps running optimally, and that there is no downtime to impact your customer experience.

 
LVL 2

Author Comment

by:edskee
ID: 2559856
I'll accept that as an answer if I cannot find a better way, but do you mean to tell me that AIX cannot do this and Linux can? I KNEW Linux was better! :P

Anyone got a real AIX way to do it? :)
0
 
LVL 15

Expert Comment

by:samri
ID: 2560235
Edskee,
       I'm really naive in AIX.  But in Solaris, there is a file in /etc/default called login (/etc/default/login).  You need to uncomment the entry that says CONSOLE=/dev/console.
       Perhaps you can check the same file in AIX.

Good luck,

Samri
0
 
LVL 21

Expert Comment

by:tfewster
ID: 2564316
From  the security manual on IBM's web site:

in /etc/security/user, set the root entry as follows
root:
      login = false
      su = true

I can't check this, because the only AIX system I have access to doesn't
allow (my) account to su to root.

I also found references to restricting remote logins using SMIT, but no definite
"How To"

Hope this helps
Tim
0
 

Accepted Solution

by:
cmcheline earned 20 total points
ID: 2565040
There are several ways to do this. Here are a couple of the easiest:

1) type "smit chuser" -> type "root" as the user to change -> modify  "User can LOGIN?" to false to disable login at the console ->  modify  "User can LOGIN REMOTELY?" to false to disable login from a telnet session -> press enter to accept changes

2) type "chuser login='false' rlogin='false' root"
0
 
LVL 2

Author Comment

by:edskee
ID: 2565313
Thanks much. Helped a lot.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This tech tip describes how to install the Solaris Operating System from a tape backup that was created using the Solaris flash archive utility. I have used this procedure on the Solaris 8 and 9 OS, and it shoudl also work well on the Solaris 10 rel…
Using libpcap/Jpcap to capture and send packets on Solaris version (10/11) Library used: 1.      Libpcap (http://www.tcpdump.org) Version 1.2 2.      Jpcap(http://netresearch.ics.uci.edu/kfujii/Jpcap/doc/index.html) Version 0.6 Prerequisite: 1.      GCC …
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question