In this article from our series of RHCE exam guide we will learn how can we secure local terminal. In this example we will use a normal user created in our previous article named Vinita to deny locally login.You should create a normal user in case you do not have any.
You are the administrator of example.com domain. Your task is to deny local login to all normal users on your domain server. As well as allow only root login on First Terminal.
To accomplish this task follow this step by step guide
Login from root user and run these command
#touch /etc/nologin #vi /etc/securetty
Comment all available terminal first as show in figure
If /etc/nologin file is created, then pam modules pan_nologin deny to all non-root users to login locally. As you can see in third line of /etc/pam.d/login file
pam_securetty modules checks the /etc/securetty file, which terminal are available to root. If terminal is not available in this file then pam_securetty module deny to login on unavailable terminal to root user.
We have made necessary change in configuration files. Now root user can login locally only from terminal 1. All other users are denied from login locally except root. root user in itself can use only terminal 1. He will be denied from login locally same as other user if he try to login locally from other terminals except terminal 1.
You can verify it by login normal user on any locally available terminal
Now you have successfully accomplished the task given you its good habit to remove all the change you have made.
First remove the /etc/nologin file
Remove all the comments you placed in /etc/securetty