root logins
Ive been trying to find a way to completely lock down my server from all local and remote root connections without the use of a usb key. ? is it possible to require any root commands to require a encrypted usb key?
Hence eliminating the possibility of logging in (locally or remotely) or executing any root level command without a proper secondary key?
The other question i had was .. is it possible to limit the number of root connections to 1 ? ie if a term was open with root logged into it.. make it impossible to su, sudo or log in on any other term, local or remotely?
Would such a configuration prevent to possibility of someone installing a rootkit or similar method to gain root access or execute a command as root?
The thought being that someone must have the secondary encryption key OR physically have access to the server keyboard? and of course my last question is how to require a password on the "blank" screen saver in tty?
I know it may sound kinda overkill but the servers set up and runs awesome so theres no need to ever log into or restart it. I just want to make it exceedingly difficult to gain root access.. (and yes the pw's is bulletproof)
tia!
|