Unix Technical Forum

How to reset failedlogins for root

This is a discussion on How to reset failedlogins for root within the AIX Operating System forums, part of the Unix Operating Systems category; --> Out auditors want me to set failedlogins for root which I am OK with, but I cannot figure out ...


Go Back   Unix Technical Forum > Unix Operating Systems > AIX Operating System

How to reset failedlogins for root How to reset failedlogins for root

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack (2) Thread Tools Display Modes
  2 links from elsewhere to this Post. Click to view. #1 (permalink)  
Old 01-05-2008, 09:02 AM
Tim Porreca
 
Posts: n/a
Default How to reset failedlogins for root
Out auditors want me to set failedlogins for root which I am OK with, but I
cannot figure out what rights I have to give to myself so I can reset the
failedlogin counter should the account get locked. Need a little help.
Thanks!

Tim


Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #2 (permalink)  
Old 01-05-2008, 09:02 AM
base60
 
Posts: n/a
Default Re: How to reset failedlogins for root
Tim Porreca wrote:
> Out auditors want me to set failedlogins for root which I am OK with, but I
> cannot figure out what rights I have to give to myself so I can reset the
> failedlogin counter should the account get locked. Need a little help.
> Thanks!

You probably shouldn't be using the failedlogin counter on root. If
your auditors suggested it, they're exceptionally stupid for an auditor.

Disable remote root login and lock it to the console for emergency/
update use.

Everyone should log in as their own ID and "su" to root.

This provides an audit trail... something an auditor should find "good"
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
  #3 (permalink)  
Old 01-05-2008, 09:03 AM
Chris
 
Posts: n/a
Default Re: How to reset failedlogins for root
Easy.... This is a VERY stupid idea.

chuser loginretries=2 rlogin=false root

As a "backdoor"... configure sudo (very easy)
http://www-03.ibm.com/servers/aix/pr.../download.html

Assign yourself (and admin team) to a group and assign that group to a
group which can execute /usr/bin/ksh.

Then you can "sudo /usr/bin/ksh"... input your password and get a
"root" shell. From there, you will be able to reset root if someone
locks root out.

Good Luck,

Chris Young
Gun for Hire
614-804-8649

Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply

« DLPAR of fractional CPU (micro-partition) | ISO: device drivers 4.3.3 »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On
Forum Jump

LinkBacks (?)
LinkBack to this Thread: http://www.unixadmintalk.com/aix-operating-system/6182-how-reset-failedlogins-root.html
Posted By For Type Date
AIX Operating System [Archive] - Page 17 - Unix Technical Forum This thread Refback 06-24-2008 08:13 AM
AIX Operating System [Archive] - Page 17 - Unix Technical Forum This thread Refback 06-24-2008 08:13 AM


All times are GMT. The time now is 12:03 PM.

Contact Us - Unix Technical Forums - Top

Powered by vBulletin® Version 3.6.5
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.2.0
www.UnixAdminTalk.com