Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Disable root telnet access in AIX

Posted on 2000-02-25
8
Medium Priority
?
3,158 Views
Last Modified: 2010-05-18
Simple question, but I don't know AIX:

How do you disable root access via telnet in AIX 4.3.1?

Thanks!
0
Comment
Question by:edskee
8 Comments
 
LVL 21

Expert Comment

by:tfewster
ID: 2559612
Create an entry "root" in /etc/securetty; Any usernames in this file have to be logged in on a secure (not a networked) device.

You can still get root access remotely by logging in as yourself and using su.
0
 
LVL 2

Author Comment

by:edskee
ID: 2559655
Did that, that doesnt work in AIX
0
 
LVL 21

Expert Comment

by:tfewster
ID: 2559698
In the absence of a definitive AIX method:

Modify roots .profile, to add the following lines

if [ -n `ps -ef |grep $PPID |grep telnetd` ]
#i.e. connected by telnet
then
  echo "Cannot log in as root remotely"
  #exit 0
fi

After thorough testing, uncomment the "exit 0" line.

Note that this still allows su (and su -) and does not check for rlogin or rsh access;

 
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 2

Author Comment

by:edskee
ID: 2559856
I'll accept that as an answer if I cannot find a better way, but do you mean to tell me that AIX cannot do this and Linux can? I KNEW Linux was better! :P

Anyone got a real AIX way to do it? :)
0
 
LVL 15

Expert Comment

by:samri
ID: 2560235
Edskee,
       I'm really naive in AIX.  But in Solaris, there is a file in /etc/default called login (/etc/default/login).  You need to uncomment the entry that says CONSOLE=/dev/console.
       Perhaps you can check the same file in AIX.

Good luck,

Samri
0
 
LVL 21

Expert Comment

by:tfewster
ID: 2564316
From  the security manual on IBM's web site:

in /etc/security/user, set the root entry as follows
root:
      login = false
      su = true

I can't check this, because the only AIX system I have access to doesn't
allow (my) account to su to root.

I also found references to restricting remote logins using SMIT, but no definite
"How To"

Hope this helps
Tim
0
 

Accepted Solution

by:
cmcheline earned 80 total points
ID: 2565040
There are several ways to do this. Here are a couple of the easiest:

1) type "smit chuser" -> type "root" as the user to change -> modify  "User can LOGIN?" to false to disable login at the console ->  modify  "User can LOGIN REMOTELY?" to false to disable login from a telnet session -> press enter to accept changes

2) type "chuser login='false' rlogin='false' root"
0
 
LVL 2

Author Comment

by:edskee
ID: 2565313
Thanks much. Helped a lot.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you do backups in the Solaris Operating System, the file system must be inactive. Otherwise, the output may be inconsistent. A file system is inactive when it's unmounted or it's write-locked by the operating system. Although the fssnap utility…
This tech tip describes how to install the Solaris Operating System from a tape backup that was created using the Solaris flash archive utility. I have used this procedure on the Solaris 8 and 9 OS, and it shoudl also work well on the Solaris 10 rel…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.
Suggested Courses

886 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question