How to Temporarily Disable Dial-up Logins
Restricting Superuser (root) Access on the Console
The superuser account is used by the operating system to accomplish basic functions, and has wide-ranging control over the entire operating system. The superuser account has access to and can execute essential system programs. For this reason, there are almost no security restraints for any program that is run by superuser.
You can protect the superuser account on a system by restricting access to a specific device through the /etc/default/login file. For example, if superuser access is restricted to the console, you can log in to a system as superuser only from the console. If anybody remotely logs in to the system to perform an administrative function, they must first log in with their user login and then use the su command to become superuser. See the following section for detailed instructions.
Note - Restricting superuser login to the console is set up by default when you install the Solaris release.
An alternative to using the superuser account is to setup role-based access control (RBAC). For overview information on RBAC, see Chapter 17, Role-Based Access Control (Overview).
How to Restrict Superuser (root) Login to the Console
Edit the /etc/default/login file.
Uncomment the following line:
CONSOLE=/dev/console
Any users who try to remotely log in to this system must first log in with their user login, and then use the su command to become superuser.
Attempt to log in remotely as superuser to this system, and verify that the operation fails.
Monitoring Who Is Using the su Command
You can monitor su attempts by monitoring the /var/adm/sulog file. This file logs each time the su command is used. The su logging in this file is enabled by default through the following entry in the /etc/default/su file:
SULOG=/var/adm/sulog |
The sulog file lists all uses of the su command, not only the su attempts that are used to switch from user to superuser. The entries show the date and time the command was entered, whether or not the attempt was successful (+ or -), the port from which the command was issued, and finally, the name of the user and the switched identity.
Through the /etc/default/su file, you can set up the system to display on the console each time an attempt is made to use the su command to gain superuser access from a remote system. This method is a good way to immediately detect someone who is trying to gain superuser access on the system that you are currently working on. See the following section for detailed instructions.
How to Monitor Who Is Using the su Command
Monitor the contents of the /var/adm/sulog file on a regular basis.
# more /var/adm/sulog SU 12/20 16:26 + pts/0 nathan-root SU 12/21 10:59 + pts/0 nathan-root SU 01/12 11:11 + pts/0 root-joebob SU 01/12 14:56 + pts/0 pmorph-root SU 01/12 14:57 + pts/0 pmorph-root
How to Display Superuser (root) Access Attempts
to the Console
Edit the /etc/default/su file.
Uncomment the following line:
CONSOLE=/dev/console
Use the su command to become root, and verify that a message is printed on the system console.
Modifying a System's Abort Sequence
Use the following procedure to disable or enable a system's abort sequence. The default system behavior is that a system's abort sequence is enabled.
Some server systems have a key switch that if set in the secure position, overrides the software keyboard abort settings. So, any changes you make with the following procedure might not be implemented.