2012年(34)
分类: LINUX
2012-11-24 12:09:07
1、修改login文件
redhat中对于远程登录的限制体现在/etc/pam.d/login 文件中,如果把限制的内容注销掉,那么限制将不起作用。
#%PAM-1.0
auth [user_unknown=ignore success=ok ignore=ignore default=bad]
pam_securetty.so
auth
include
system-auth
#account
required
pam_nologin.so
account
include
system-auth
password
include
system-auth
# pam_selinux.so close should be the first session rule
session
required
pam_selinux.so close
session
include
system-auth
session
required
pam_loginuid.so
session
optional
pam_console.so
# pam_selinux.so open should only be followed by sessions to be
executed in the user context
session
required
pam_selinux.so open
session
optional
pam_keyinit.so force revoke
~
2、移除securetty文件
验证规则设置在/etc/security文件中,该文件定义root用户只能在tty1-tty6的终端上记录,删除该文件或者将其改名即可避开验证规则实现root用户远程登录。
[root@rhel ~]# mv /etc/securetty /etc/securetty.bak
3、修改securetty文件
[root@rhel ~]# vim /etc/securetty
console
vc/1
....
....
vc/10
tty1
....
tty11
pts/1
pts/2
....
....
....
pts/11
一般不建议此方法