Ive been trying to find a way to completely lock down my server from all local and remote root connections without the use of a usb key. ? is it possible to require any root commands to require a encrypted usb key?
Hence eliminating the possibility of logging in (locally or remotely) or executing any root level command without a proper secondary key?
The other question i had was .. is it possible to limit the number of root connections to 1 ? ie if a term was open with root logged into it.. make it impossible to su, sudo or log in on any other term, local or remotely?
Would such a configuration prevent to possibility of someone installing a rootkit or similar method to gain root access or execute a command as root?
The thought being that someone must have the secondary encryption key OR physically have access to the server keyboard? and of course my last question is how to require a password on the "blank" screen saver in tty?
I know it may sound kinda overkill but the servers set up and runs awesome so theres no need to ever log into or restart it. I just want to make it exceedingly difficult to gain root access.. (and yes the pw's is bulletproof)
|Thread||Thread Starter||Forum||Replies||Last Post|
|root on ZFS||gkontos||FreeBSD Installation and Upgrading||12||18th December 2009 09:43 AM|
|ssh root||Nk2Network||OpenBSD Security||22||8th April 2009 06:59 PM|
|NTOP as root||sniper007||FreeBSD Security||0||27th January 2009 07:42 PM|
|Wheel Can't su root||MetalHead||OpenBSD General||2||22nd November 2008 12:44 AM|
|Enable root logins and solving display issues?||disappearedng||FreeBSD General||5||7th June 2008 10:24 PM|