Fedora Security :: Disable Logging In As Root In Console?
Feb 22, 2010
I wanted to disable root logins in console, so I searched for that. I found that if I change root's bash to "/sbin/nologin" in "/etc/passwd", root user will not be able to login. So I did that. But when I wanted to use sudo command, it didn't show me root bash, but it only do the same thing as logging in as root in single user mode (shows message that this account is disabled). So, how I can disable root logins, but keep enabled sudo command for standard users?
I've enabled the root account on Ubuntu 9.10, however I want to stop it from being used to login via GDM. 9.10 seems to have a different GDM version, how can I carry this out under 9.10
How to disable logging to console in Fedora 13? To get rid of messages like Stopping HAL daemon: [ OK ]
and all other messages during shutdown and restart. Actually, earlier when i shutdown the system only a single shutdown message is showing on the screen, i don't know what happened, now it is showing lot of messages. i tried the quiet parameter in kernel boot parmeters but no effect.
my linux system doesn't have X only console login possible. i would like to deny all user to login from any sources, local machine, remote console (putty, winscp) etc. except root.
i've found something about /etc/security/access.conf and i've put:
+ : root : ALL - : ALL : ALL
but still users other then root are able to login (via putty for example).
Sitting at the console, I log in with any user name and NO PASSWORD IS REQUESTED. I get logged in automatically without entering the user's password.
I did: passwd joeuser
To change his password and still he goes right in without being asked for a password!
Possibly related- 10 days ago, my smtp server was breached as a spam relay. The username they cracked was deleted. I added fail2ban for postfix. The logs show no further intrusion.
I run ProFTPd with TLS authentication on my Debian Lenny server. My problem is that despite of the fact that my users connect chrooted, one of my friends had root privileges after logging in form a Macintosh and could browse the root directory, too.
I need to login as root, or at least get root privileges, in a cron triggered backup run. The straight way to do this would be the backup server making an ssh connection to the server to be backed up (this way because I want to avoid many servers being backed up in parallel and the backup server itself would be managing this diversity), via the rsync command which would be performing the backup's synchronization step.
I'm looking for alternatives to this in some form. I'd like to disallow direct root login to my ssh port (not 22One idea I have is to have the backup server initiate an ssh login as a non-root user, to either the actual source server, or to a server that can reach the source server ... and set up port forwarding. Over the forwarded port, then initiate the rsync that logs in as root via another port that allows direct root, but cannot be reached from the internet at all (because the border firewall doesn't include this port as allowed in).FYI, these logins will be using ssh keys, not passwords. I do need to keep ownership metadata for files being backed up, so this is why I am using root. Also, rsync is needed to get the incremental updates to keep bandwidth usage lower (otherwise I could just transfer a tarball each day).Anyone have any other ideas or comments, for security issues, based on experience doing things like this (backups, routine data replication, etc)?
I am having some trouble logging into my machine: it seems to not accept my password. I am fairly sure I am typing it correctly. I can work around it easily enough by logging into the console and changing the password, but it is annoying.
how to disable the desktop effects of gnome in the console of F13? My desktop freezes every time directly after login, I assume the desktop effects could have something to do with it. (x86_64 + open nvidia driver)
I have installed fedora 14 in my computer. I installed some applications from root. I created a user id. I am unable to install my internet (broadband connection) now. every time it shows the error "Authentication failure" "install from root" something like that. How can I switch between user and root. Or how can I login as root again?
Everyone is wondering why we can't run gEdit and other tools from a terminal by logging in as root(e.g"su-"), I understand that by making changes they are trying to force us as users of Linux to learn better habits that are more secure, but the issues are driving people nuts!
I for one really like being able to log as root and open gEdit to make drive changes without having to login as root, I would normally still have access to all my things like email etc. So changing Linux to force everyone to not use tools like gEdit as root is becoming more of an inconvenience than they realize, there must be a safe way to do this!
I upgraded my lappy to FC10 and I boot to console mode. The blue sun image comes up there, I can get rid of it by hitting escape a couple of times but I want to disable it completely. It's messing up my desire to boot with the framebuffer.
i just installed linux mandriva 2009. i set password for root and created a user account. when i try to login as root, after logging out as user, it does not allow me and gives the error "root logins are not allowed". even it does not show the root account. if i try to go to root from konsole terminal using su root, it allows to enter as a root but when i try to start the GUI with startx it gives error.not sure what to do and why i can't see my account in GUI mode
I was trying to edit a file requiring root permissions, so I used sudo. I typed the root password and it failed. This happened three times, and the process was ended. I then logged in as root (su) and was able to navigate to the file and make changes as root. Am I missing something? How would I edit the sudoers file such that this password would work? Or is there another way to log in to the sudo group to make these changes? How do I set sudo passwords?
I switched over to Fedora a couple of days ago. I'm using the built-in firewall shipped with it but I can't find out how to enable logging of dropped packets. Among others I'd like to use psad that needs firewall logging. Is there an easy way to do this? I'm not an iptables "expert".
I can login as root in to Gnome and ssh but not in the console In fact I can login with anyuser in to Gnome and ssh but not in the console. By the console I'm referring to tty1-tty6. When the login screen is showed I write the user and password but then a message is quickly(I can�t see it) showed and erased and the login screen is showed again I looked the file /etc/security/access.conf but all the entries are marked as comments. I also looked the file /etc/securetty and this is the content:
console vc/1 vc/2 vc/3
[code]....
I even can use "su" with root with no problem. The next entries are written in the /var/log/audit/audit.log file everytime I has this error:
I have installed the new phpMyadmin3.4.1 on a server running Ubuntu 9.10 with apache and mysql. It runs on php5.2.10The apache config seems fine as the virtual directory that I configured works fine. http://<ip-of-server>/phpmyadminlink works. The home page is displayed. But when I enter the user name and password, instead of logging into the console, it again redirects me to the index page of the site. There are no errors displayed. I have checked that cookies on browser are enabled.The server is hosted on amazon web services, if that makes any difference
1). What is the console command to scan all of Fedora, not just a specific directory, but the entire computer?
2). Even tho I have consulted the CLAM AV site on how to update to the latest virus signature database, I don't either understand what they are telling me to do, or I am not "getting" how to do it.
I found this on Bee's website. For more info on this exploit there are links there:[URl]..All you have to do in Fedora 13 is enter the following lines in a shell as normal user:
[Code]...
I don't think this can be considered solely an "upstream" problem, because I first tried it in Arch using the same version of glibc, and the final command causes both gnome-terminal and xterm windows to disappear.
My objective is pretty simple: To have a variable within a bash script where I can switch between logging to file or screen.
Simple example of what I am trying to do:
Code:
So, as you can see, I have a variable which clears the log path if the user variable vLOG is not 'Y'. This should mean the user can run the script from the command line and view all the output (instead of it going to a log file).
The problem is that with the final line of the script (which ultimately tests the intention), I don't get the required result as the vLOGPATH variable is just passed to echo as text.
I have tried using 'echo -e' and getting some backslashes in there, I have tried using eval but I am either using them incorrectly.
i am using fedora 7. i want that, users other than root should not be able to shutdown the system, i had already changed the mode of /sbin/shutdown to -rwxr-w--(750)