Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 3193
  • Last Modified:

Disable root telnet access in AIX

Simple question, but I don't know AIX:

How do you disable root access via telnet in AIX 4.3.1?

Thanks!
0
edskee
Asked:
edskee
1 Solution
 
tfewsterCommented:
Create an entry "root" in /etc/securetty; Any usernames in this file have to be logged in on a secure (not a networked) device.

You can still get root access remotely by logging in as yourself and using su.
0
 
edskeeAuthor Commented:
Did that, that doesnt work in AIX
0
 
tfewsterCommented:
In the absence of a definitive AIX method:

Modify roots .profile, to add the following lines

if [ -n `ps -ef |grep $PPID |grep telnetd` ]
#i.e. connected by telnet
then
  echo "Cannot log in as root remotely"
  #exit 0
fi

After thorough testing, uncomment the "exit 0" line.

Note that this still allows su (and su -) and does not check for rlogin or rsh access;

 
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
edskeeAuthor Commented:
I'll accept that as an answer if I cannot find a better way, but do you mean to tell me that AIX cannot do this and Linux can? I KNEW Linux was better! :P

Anyone got a real AIX way to do it? :)
0
 
samriCommented:
Edskee,
       I'm really naive in AIX.  But in Solaris, there is a file in /etc/default called login (/etc/default/login).  You need to uncomment the entry that says CONSOLE=/dev/console.
       Perhaps you can check the same file in AIX.

Good luck,

Samri
0
 
tfewsterCommented:
From  the security manual on IBM's web site:

in /etc/security/user, set the root entry as follows
root:
      login = false
      su = true

I can't check this, because the only AIX system I have access to doesn't
allow (my) account to su to root.

I also found references to restricting remote logins using SMIT, but no definite
"How To"

Hope this helps
Tim
0
 
cmchelineCommented:
There are several ways to do this. Here are a couple of the easiest:

1) type "smit chuser" -> type "root" as the user to change -> modify  "User can LOGIN?" to false to disable login at the console ->  modify  "User can LOGIN REMOTELY?" to false to disable login from a telnet session -> press enter to accept changes

2) type "chuser login='false' rlogin='false' root"
0
 
edskeeAuthor Commented:
Thanks much. Helped a lot.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Tackle projects and never again get stuck behind a technical roadblock.
Join Now