The “/etc/host.conf” file

The “/etc/services” file
The port numbers on which certain “standard” services are offered are defined in the RFC 1700 “Assigned Numbers”. The “/etc/services” file enables server and client programs to convert
service names to these numbers (ports). The list is kept on each host and it is stored in the file “/etc/services”. Only the “root” user is allowed to make modification in this file and it is rare to edit the “/etc/services” file to make change since it already contains the more common service names to port numbers. To improve security, we can immunize this file to prevent unauthorized deletion or addition of services.
• To immunize the “/etc/services” file, use the command: [root@deep /]# chattr +i /etc/services
The “/etc/securetty” file
The 7etc/securetty” file allows you to specify which TTY devices the “root” user is allowed to login on. The 7etc/securetty” file is read by the login program (usually “/bin/login”). Its format is a list of the tty devices names allowed, and for all others that are commented out or do not appear in this file, root login is disallowed.
Disable any tty that you do not need by commenting them out (# at the beginning of the line). Edit the securetty file (vi /etc/securetty) and comment out the following lines:
ttyl
#tty2
#tty3
#tty4
#tty5
#tty6
#tty7
#tty8
Which means root is only allowed to login on ttyl. This is my recommendation, allowing “root” to log in only on one tty device and use the “su” command to switch to “root” if you need more, devices to log in as “root”.

Страниц: 1 2