I found out the reason behind this was a line in /etc/inittab:
x:5:respawn:/etc/X11/prefdm -nodaemon
So just comment out or remove the line from /etc/inittab then
---------- Post updated at 10:41 ---------- Previous update was at 10:20 ----------
And again "you was able to init 5", but the others on the box? can they do so?
I think you still havent learnt the main thing : ROOT is GOD in unix...
Anyone root can do what he wants, just look at you! You are not connected as ping are you? And second thing after that is never connect unless needed (maintenance) as root but use su/sudo or equivalent.
There is a way to secure a box in a way there is no root account: It by using RBAC, but I tell you, the day you forget the name/passwd of the account which can grant you root privilege, you are doomed...
So just comment out or remove the line from /etc/inittab then
---------- Post updated at 10:41 ---------- Previous update was at 10:20 ----------
And again "you was able to init 5", but the others on the box? can they do so?
I think you still havent learnt the main thing : ROOT is GOD in unix...
Anyone root can do what he wants, just look at you! You are not connected as ping are you? And second thing after that is never connect unless needed (maintenance) as root but use su/sudo or equivalent.
There is a way to secure a box in a way there is no root account: It by using RBAC, but I tell you, the day you forget the name/passwd of the account which can grant you root privilege, you are doomed...
You are right but then i just wanted to disable the display (I know root can enable it again).
and root can do anything but some security guides says you need to remove execute permissions for root as well(to prevent accidental executing of some commands).
This is just a precaution taken to avoid executing init 5 and getting into graphical mode by root.
Is there any good method other than this?
remove execute permissions for root as well(to prevent accidental executing of some commands).
That is why you should not be connected as root, and always use root privilege to its strictly minimum, when absolutely necessary...
In other words, unless you are bringing down the server for maintenance (and so you are in front of the console) you should never see a root connection...
you cant avoid root to type init 5, but you could limit root access by not using it as described previously, the TRUE first precaution is to give root access only to people that are in charge of the system. Its not the root access that is dangerous its the person using it!
---------- Post updated at 12:39 ---------- Previous update was at 12:28 ----------
You could perhaps look if you cannot like in HP-UX let only people belonging to a choosen group to be allowed to su root (that will limit the access if someone unauthorized gets hold of root passwd...) and use sudo yourself without passwd ( in case you are stressed by hierarchy to connect "as" and looking over your shoulders...)
---------- Post updated at 13:04 ---------- Previous update was at 12:39 ----------
That said, I agree with you on one point:
I noticed that (HP-UX) although:
I noticed that someone distant can connect using X via XDMCP and connect as root...
And so I went through X config files to find a way of blocking... but again who has root passwd? (In my case I was fighting against "collegues" who do have root passwd and use it rather than using their own account and "su"...)
---------- Post updated at 16:15 ---------- Previous update was at 13:04 ----------
I work for a small company and we are heavily invested in linux. I would like to find out if it is advantageous to disable/remove X11 or X windows so no GUI login is available.
Any good compelling reasons? (2 Replies)
Hi all Expertise,
I have following issue to solve,
SSL / TLS Renegotiation DoS (low) 222.225.12.13
Ease of Exploitation Moderate
Port 443/tcp
Family Miscellaneous
Following is the problem description:------------------
Description The remote service encrypts traffic using TLS / SSL and... (2 Replies)