Login or Register to Ask a Question and Join Our Community


AIX

Procedure to restrict direct access as root

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems AIX Procedure to restrict direct access as root
# 1  
Old 06-03-2016
IBM Procedure to restrict direct access as root
Hello,

I would like to confirm whether the below procedure is correct.

disabled direct super user access on AIX server using below procedure. Please let me know if there is any additional step.

Code:
1) confirm the access to HMC, console to reach the LPARs

2) chuser rlogin=false root
   chuser login=true root
    
3) set Permit Root login to No
 
cp -p /etc/ssh/sshd_config /etc/ssh/sshd_config.original
 

vi /etc/ssh/sshd_config 
PermitRootLogin no

stopsrc -s sshd
startsrc -s sshd

4) confirm "rlogind" is disabled from /etc/inetd.conf
grep rlogind /etc/inetd.conf

thank you
# 2  
Old 06-12-2016
you can try it and post the results here,

you want to have access from HMC only ?
# 3  
Old 06-14-2016
Thanks for the response. I've tried it, worked. can only accessed from HMC. But I wanted to check If i missed anything, just in case. Thank you.
# 4  
Old 06-16-2016
as soon as I can become root, I can switch all these security controlls off.
as soon as you disable root completely, almost no AIX application will work in the LPAR (I still didn't find one which works).
This User Gave Thanks to agent.kgb For This Post:
dio34
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Restrict service account from direct interactive sessions

Environment: CentOS 7 I would like to have a solution where a service account can access a server in only these ways: ssh non-interactively via password or ssh key; that is, run commands or scripts (but running anything in /etc/shells will not be allowed) not ssh interactively regular... (2 Replies)
Discussion started by: bgstack15
2 Replies

2. AIX

Disabling SSH direct access for an AIX user

Hello everyone, Can anyone help me please. I want to disable SSH direct access for an AIX user. For example, if I have USER1 and USER2. I want to disactivate direct access for USER2. The user must enter his login (USER1) and his password and then he can do su - USER2 . Thanks, (3 Replies)
Discussion started by: adilyos
3 Replies

3. UNIX for Dummies Questions & Answers

Restrict access

I'm trying to use squid to restrict elinks' access to certain websites(only http traffic). I have tried some configs in squid.conf but no luck. Hope someone has a bit of time to explain me how can you make these config's :) ---------- Post updated at 05:40 PM ---------- Previous update was at... (1 Reply)
Discussion started by: Birnbacher
1 Replies

4. Ubuntu

Restrict SUDO Access

Linux ubuntu 3.0.0-12-generic #20-Ubuntu SMP Fri Oct 7 14:56:25 UTC 2011 x86_64 x86_64 x86_64 GNU/Linux Hi Folks, Please help me. I am bit struck here. Here is the OS info. Linux ubuntu 3.0.0-12-generic #20-Ubuntu SMP Fri Oct 7 14:56:25 UTC 2011 x86_64 x86_64 x86_64 GNU/Linux I have a... (17 Replies)
Discussion started by: explorer007
17 Replies

5. Red Hat

Restrict user access

Hi there I have an application user on my system that wants accesses to these file systems as such: rwx: /SAPO /SAPS12 /R3_888 /R3_888B /R3_888F /R3_888R r: /usr/sap these are the existing FS permissions:ownerships: # ls -ld /SAPO (9 Replies)
Discussion started by: hedkandi
9 Replies

6. UNIX for Dummies Questions & Answers

Restrict user access.

Hi All, How can we restrict a particular user access to a particular shell in solaris 10. Thanks in Advance. (5 Replies)
Discussion started by: rama krishna
5 Replies

7. Linux

Restrict NFS access to root

Hi Everybody, If there is a general NFS share in the LAN and for example this share has three files - a, b, c is there any way to restrict file access to the root user of one particular host(falcon) in the same LAN environment while the normal users from the same host(falcon) should be able... (4 Replies)
Discussion started by: sudhirav
4 Replies

8. Solaris

Direct/scsu access to unix account

Hey Is there any way to differentiate if a user is logged directly into a UNIX functional account or if they have scsu'ed into the functional account? Cheers Paul (2 Replies)
Discussion started by: runnerpaul
2 Replies

9. Linux

ssh - disable direct root login

Hi Guys.... I am a newbie to unix. I have a requirement. I have a server. I have to configure ssh to disable direct root login and then add a user with sudo access to this server.Then change the ssh port to 22315 and the server should permit the ssh only from my local machine ip.I also have to... (1 Reply)
Discussion started by: mahesh_raghu
1 Replies

10. Programming

Direct disk access

Is there any way to write to disk sector by sector, without any files, filesystems etc. I did that in DOS, but that was DOS. (3 Replies)
Discussion started by: Lopatonosec
3 Replies
Login or Register to Ask a Question