Shulou(Shulou.com)06/01 Report--

This article mainly explains "how to restrict user Root remote login under Linux". Interested friends may wish to have a look. The method introduced in this paper is simple, fast and practical. Let's let the editor take you to learn "how to restrict users' Root remote login under Linux".

Restricting users to log in remotely from root is of practical significance to ensure the security of the computer system. This article introduces you some methods to achieve the purpose of restricting root remote login.

Method 1: in the / etc/default/login file, add a line of setup command.

CONSOLE = / dev/tty01

It takes effect immediately after setting, and there is no need to reboot. In the future, users can only log in at the console (/ dev/tty01) root, which restricts root remote login. However, it also limits local area network users' root login, which brings a lot of inconvenience to the daily maintenance work of administrators.

Method 2: 1. In order to restrict root remote login, we must first distinguish which users are remote users (that is, whether to log in through another Windows system or UNIX system for telnet) and which users are LAN users. This can be achieved through the following shell program.

TY= `tty | cut-b 9-12`

WH= `finger | cut-b 32-79 | grep "$TY" | cut-b 29-39`

KK= `tty | cut-b 6-9`

If ["$KK" = "ttyp"]

Then

WH=$WH

Else

WH= "local"

Fi

In the above Shell command program, WH is the host IP address of the logged-in user, but if the correspondence between the IP address and the machine name is defined in the / etc/hosts file, WH is the host name of the user login. Suppose the IP address of the terminal server connected to the local area network is:

99.57.32.18, then add a line to the / etc/hosts file:

99.57.32.18 terminal_server

All terminals that log in to the host through 99.57.32.18 terminal server, WH is the same value, that is, terminal server name terminal_server.

two。 In the .profile file of root, different processing is performed according to the WH value, thus restricting root remote login.

Trap 1 2 3 9 15 If ["$WH" = "local"-o "$WH" = "terminal_server"] then echo "Welcome." else exit fi

Method 3: sometimes for the convenience of work, some computers in the local area network are allowed to log in with root, for example, computers with IP address 99.57.32.58 in the local area network are allowed to log in with root. To achieve this, we need to make two additions in the aforementioned method:

1. In the / etc/hosts file, add a line: 99.57.32.58 xmh.

two。 In the above Shell program segment, you will include the following:

If ["$WH" = "local"-o "$WH" = "terminal_server"]

Modified to:

If ["$WH" = "local"-o "$WH" = "terminal_server"-o "$WH" = "xmh"]

Method 4: after the above processing, it is still possible for ordinary users to log in and use su commands to become root users, so as to achieve the purpose of root remote login. To prevent root remote login in this way, you need to restrict ordinary users from executing su commands:

1. Change the su command owner to root

two。 Change the permissions of the su command to 700

At this point, I believe you have a deeper understanding of "how to restrict user Root remote login under Linux". You might as well do it in practice. Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.