Prevent log in as root
Keith Morse
kgmorse at mpcu.com
Sun Apr 25 20:22:45 UTC 2004
On Sat, 24 Apr 2004, Richard Kurth wrote:
> Is there a way to Prevent anyone from logging in as root. I what them
> to only log in as admin and su to root. What would I change to make
> this work?
If the person has console access then all bets are off. Traditionally,
access to root capabilities are managed using sudo and restricting access
to root's password as well as implementing an aggressive password rotation
policy.
One other thing you might find interesting is a project called LIDS. It
can really lock down the file system even to the point where root cannot
modify files. But... It's involved and tedious. One linux I'm aware that
implements it by default is Engarde Linux (Commercial).
More information about the redhat-list
mailing list