Thursday, May 27, 2004, 8:31:22 PM, you wrote: > On Thursday 27 May 2004 20:14, Robert Walker wrote: >> Hello all, >> >> I was trying to increase the security of my Linux box (famous last >> words). I am running Mandrake 9.2 set for console login (run level 3). >> >> I was reading an article about stopping root logins for >> Red Hat Linux (v8.0)... Decided to follow the suggestions. This turned >> out to be a really bad move :-) >> >> Anyhow I am now in the situation where I have ended up with: >> /etc/securetty which is blank (dumb) >> /etc/ssh/sshd_config which disallows root logins (good) >> >> I have KDE, X and tightvnc installed but I am not currently using them. >> >> I can't 'su' root to execute a command/change to root or login as root >> either with a remote secure shell or a local shell!! I just get the >> message: >> "This account is currently not available." >> So I can't even copy the old securetty~ file back... >> >> Do I need to reinstall everything again (would not be fun given the amount >> of hassle I had setting it all up - especially the driver for the PCI >> ADSL modem and kernel customisations) and start from scratch?? >> Is there any other way of getting root access apart from <login> and >> <su>?? >> >> Is there anyway to boot from a CD to get root access back?? Or some >> other solution (possibly mounting the hard disk on another box with >> Linux installed)??
> I am not sure how to get your system back to how it should be, but for future > reference if you want to disable root login, instead of following a RedHat > Guide just Open Mandrake Control Centre>Security>Levels and Checks > Selecting High (or is it Higher) security level will disable root login. Or > alternatively regardless of your security level you can customise your > existing level by selecting the 'System options' tab. > The 'Direct Root Login' option will enable/disable root login for you. > Hope you manage to recover the system without a reinstall. You might be able > to set a new root password if you go into run level 1. Try booting into > 'failsafe' from your lilo menu. > derek Hi Derek, Cheers for the quick response. No I'm buggered... Run level 1/failsafe gives all the same problems. The root account is disabled because it can not be accessed/logged into from any tty device. Can I mount the physical hard disk on a different Linux box and change the securetty file? How would I do this? Would it just show up in the mounts if I plug it into an IDE port or do I need to do else to mount it (e.g. alter fstab on the other machine)? I.e. hate Slackware because its harder to find the relevant configuration files for stuff... Its all a bit bizare because the machine is stable as an internet gateway its not urgent (it still works without root access). But I did want to setup a place holding webserver on it today (hah hah thats not going happen now :-). -- Best regards, Robert mailto:[EMAIL PROTECTED]
____________________________________________________ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com ____________________________________________________
