Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations SkipVought on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Max login retries for root

Status
Not open for further replies.
LHLTech

LHLTech

MIS
Nov 15, 2001
50
0
0
GB
Hi,

I am trying to set a maximum number of login retries for the root account on a server to 3. I am able to do it for all other users, but it seems as though the root account is exempt from this.

I have tried everything I know (/etc/security/user) and even tried locking the account, but root is still always able to log in. The best I can manage is to restrict root login to the console, but this is not what the client wants.

Anyone have any ideas? The IBM support website is unhelpful.

Thanks LHLTech

IBM Certified ATE
 
Sort by date Sort by votes
The root account, quite sensibly, will not lock.

Dave
 
Upvote 0 Downvote
Is there any official documentation from IBM anywhere from that effect. I need to be able to show that to the client as their auditors are insisting that we do this change for them.

I personally agree that it should not be done, but they pay us, and at the moment won't listen to our "We think it's not possible" line.

Many thanks LHLTech

IBM Certified ATE
 
Upvote 0 Downvote
Would your client be satisfied by setting up root's account so it can't be logged into remotely?

By doing this, anyone who needs to be root would either have to be at the console (and presumably the system is in a limited access locked computer room, right?) or they would have to su to root after logging in as a regular user. And you would have an sulog of everyone who tried so su to any user.



 
Upvote 0 Downvote
Aye, well it looks like that is the option we would have to go for.. it's not so much the client complaining but their auditors - has anyone ever come across auditors that don't make the most ridiculous requests for servers? *:cool:
LHLTech

IBM Certified ATE
 
Upvote 0 Downvote
Yeah. Auditors sometimes don't know what they are asking for. If you had a sand box that you could use to mess up the root account in passwd and show them the contortions you have to go through to get root user back, maybe that would convince them!

Here's another thought: check out sudo. It allows the users you designate to have some or all of root's privileges, and it keeps track of all commands a user executes under sudo. Auditors might not appreciate it, but it can help sys admins track the root (so to speak) of a problem.
 
Upvote 0 Downvote
Ok - thanks for your help

LHLTech

IBM Certified ATE
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

bhm-ibm
  • Locked
  • Question
ELK Monitoring tool for AIX
Replies
0
Views
75
bhm-ibm
bhm-ibm
amandeepgautam
  • Locked
  • Question
futex alternative for aix
Replies
0
Views
34
amandeepgautam
amandeepgautam
trifo
  • Locked
  • Question
Setting up NIM for different networks
Replies
0
Views
53
trifo
trifo
macrun95
  • Locked
  • Question
Trying to install yum for AIX
Replies
1
Views
61
w5000
w5000
Tony DBA
  • Locked
  • Question
APAR numbers for different AIX 7.1 TLs
Replies
1
Views
78
w5000
w5000

Part and Inventory Search

Sponsor

Back
Top