Managing File system security

How to secure terminal in Linux

In this article from our series of RHCE exam guide we will learn how can we secure local terminal. In this example we will use a normal user created in our previous article named Vinita to deny locally login.You should create a normal user in case you do not have any.

Example Questions:-

You are the administrator of example.com domain. Your task is to deny local login to all normal users on your domain server. As well as allow only root login on First Terminal.

To accomplish this task follow this step by step guide

Login from root user and run these command

#touch /etc/nologin
#vi /etc/securetty

securetty

Comment all available terminal first as show in figure
securetty

If /etc/nologin file is created, then pam modules pan_nologin deny to all non-root users to login locally. As you can see in third line of /etc/pam.d/login file

secure terminal

secure terminal

pam_securetty modules checks the /etc/securetty file, which terminal are available to root. If terminal is not available in this file then pam_securetty module deny to login on unavailable terminal to root user.

We have made necessary change in configuration files. Now root user can login locally only from terminal 1. All other users are denied from login locally except root. root user in itself can use only terminal 1. He will be denied from login locally same as other user if he try to login locally from other terminals except terminal 1.

secure terminal root login

You can verify it by login normal user on any locally available terminal
securetty deny user
secure terminal user deny

Now you have successfully accomplished the task given you its good habit to remove all the change you have made.

First remove the /etc/nologin file
securetty
Remove all the comments you placed in /etc/securetty
securetty

Written by Admin

Add comment


Security code
Refresh

Follow us

Contact us

Write for us

We are always on the lookout for new talent and ideas. We provide you a platform to share your ideas and knowledge with the world while developing a name for yourself as an expert in your field. We encourage you to learn more and submit a article!

Advertise With us

Reach millions of global audience including network administrator and system admin. Advertising on ComputerNetworkingNotes.com will allow your company to tap into one of the largest online communities of computer networking.

Report an issue

We greatly appreciate our visitors helping us to find issues with the site. we will investigate your report and use the information you provide to improve our site.

Other reason

We love to hear from you! Regardless of the type of feedback, we are always ready to assist you.