[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Securetty: limits root login while allowing 'su -'

On Fri, 24 Oct 2003 10:50, Bernd Eckenfels wrote:
> In article <[🔎] slrnbpghvr.3o6.ennio@deby.ei.hnet> you wrote:
> > I discovered I could 'su -' to root in the excluded ttys.  Do you think
> > this is normal behaviour or does my system need re-configuration ?
>
> This is the intended normal behaviour. Idea behind it is to avoid random
> admins logging into the system as root so they are not trackable. If the
> login as non root and use su, they at least are visible in last.

I think that the idea is to prevent password guessing.  If an attacker 
successfully logs in as root then in 99.9% of cases they can remove any log 
entries showing how they did it.

If the user knows that they can't just login as root then they have to su from 
their own account, which means that their attempts are logged and appropriate 
action can be taken long before they guess the right password.

> I think you could, however add "auth requisite pam_securetty.so" to
> /etc/pam.d/su, but havent tried.

Another possibility is pam_wheel.so...

-- 
http://www.coker.com.au/selinux/   My NSA Security Enhanced Linux packages
http://www.coker.com.au/bonnie++/  Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/    Postal SMTP/POP benchmark
http://www.coker.com.au/~russell/  My home page
Reply to: