Procedure to restrict direct access as root

dio34 · June 3, 2016, 5:04pm

Hello,

I would like to confirm whether the below procedure is correct.

disabled direct super user access on AIX server using below procedure. Please let me know if there is any additional step.

1) confirm the access to HMC, console to reach the LPARs

2) chuser rlogin=false root
   chuser login=true root
    
3) set Permit Root login to No
 
cp -p /etc/ssh/sshd_config /etc/ssh/sshd_config.original
 

vi /etc/ssh/sshd_config 
PermitRootLogin no

stopsrc -s sshd
startsrc -s sshd

4) confirm "rlogind" is disabled from /etc/inetd.conf
grep rlogind /etc/inetd.conf

thank you

filosophizer · June 12, 2016, 7:11am

you can try it and post the results here,

you want to have access from HMC only ?

dio34 · June 14, 2016, 4:00pm

Thanks for the response. I've tried it, worked. can only accessed from HMC. But I wanted to check If i missed anything, just in case. Thank you.

agent.kgb · June 16, 2016, 5:49am

as soon as I can become root, I can switch all these security controlls off.
as soon as you disable root completely, almost no AIX application will work in the LPAR (I still didn't find one which works).