Solved

Disable root telnet access in AIX

Posted on 2000-02-25
8
3,069 Views
Last Modified: 2010-05-18
Simple question, but I don't know AIX:

How do you disable root access via telnet in AIX 4.3.1?

Thanks!
0
Comment
Question by:edskee
8 Comments
 
LVL 20

Expert Comment

by:tfewster
ID: 2559612
Create an entry "root" in /etc/securetty; Any usernames in this file have to be logged in on a secure (not a networked) device.

You can still get root access remotely by logging in as yourself and using su.
0
 
LVL 2

Author Comment

by:edskee
ID: 2559655
Did that, that doesnt work in AIX
0
 
LVL 20

Expert Comment

by:tfewster
ID: 2559698
In the absence of a definitive AIX method:

Modify roots .profile, to add the following lines

if [ -n `ps -ef |grep $PPID |grep telnetd` ]
#i.e. connected by telnet
then
  echo "Cannot log in as root remotely"
  #exit 0
fi

After thorough testing, uncomment the "exit 0" line.

Note that this still allows su (and su -) and does not check for rlogin or rsh access;

 
0
Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
LVL 2

Author Comment

by:edskee
ID: 2559856
I'll accept that as an answer if I cannot find a better way, but do you mean to tell me that AIX cannot do this and Linux can? I KNEW Linux was better! :P

Anyone got a real AIX way to do it? :)
0
 
LVL 15

Expert Comment

by:samri
ID: 2560235
Edskee,
       I'm really naive in AIX.  But in Solaris, there is a file in /etc/default called login (/etc/default/login).  You need to uncomment the entry that says CONSOLE=/dev/console.
       Perhaps you can check the same file in AIX.

Good luck,

Samri
0
 
LVL 20

Expert Comment

by:tfewster
ID: 2564316
From  the security manual on IBM's web site:

in /etc/security/user, set the root entry as follows
root:
      login = false
      su = true

I can't check this, because the only AIX system I have access to doesn't
allow (my) account to su to root.

I also found references to restricting remote logins using SMIT, but no definite
"How To"

Hope this helps
Tim
0
 

Accepted Solution

by:
cmcheline earned 20 total points
ID: 2565040
There are several ways to do this. Here are a couple of the easiest:

1) type "smit chuser" -> type "root" as the user to change -> modify  "User can LOGIN?" to false to disable login at the console ->  modify  "User can LOGIN REMOTELY?" to false to disable login from a telnet session -> press enter to accept changes

2) type "chuser login='false' rlogin='false' root"
0
 
LVL 2

Author Comment

by:edskee
ID: 2565313
Thanks much. Helped a lot.
0

Featured Post

Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you do backups in the Solaris Operating System, the file system must be inactive. Otherwise, the output may be inconsistent. A file system is inactive when it's unmounted or it's write-locked by the operating system. Although the fssnap utility…
In tuning file systems on the Solaris Operating System, changing some parameters of a file system usually destroys the data on it. For instance, changing the cache segment block size in the volume of a T3 requires that you delete the existing volu…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question