Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I have been using Slackware Linux since 90s and never seen this issue before. But something has changed with Slackware Linux 15.0
Back in the days (Even the previous Slackware 14.2), you would comment out all the ttys in /etc/securetty to disallow direct root login. But my currect /etc/securetty looks like this:
console
tty0
tty1
tty2
tty3
...and I am still able to login to the machine by telneting to it.
Does anyone know how to fix this? This is obviously a HUGE security risk that was not addressed before Slackware 15.0 was released. Slackware 15.0 was the first version to introduce PAM, and no matter what I add to the /etc/pam.d/login file I am still able to login directly to the root account using telnet. Does anyone have any idea?
(I typically login using telnet to my username and then from there if I need root access I would use: su - )
So, was the problem solved when you tried the correct PAM config file name /etc/pam.d/remote ?
Thats it!! My distribution did not come with the file /etc/pam.d/remote. Not sure why! I kept messing around with /etc/pam.d/login but had no effect! As soon as you mentioned the remote file I copied the content of /etc/pam.d/login (as you mentioned) and here we go! It works!
Just to add...I had no previous experience with PAM. This was the first distribution of Slackware that came with PAM enabled and installed.
So, to prevent such a really bad security risk from the WAN...
close port 23 on your router so that telnet can _only_ be used on the LAN
Here on my router, the _only_ port that is open to the WAN is 80 for httpd
all other ports such as 21, 22, 23, etc...etc.. are closed to the WAN
so that their services can only be used on the LAN
BTW, a much better method for accessing machines within the LAN is ssh instead of telnet
and of-course, rsync works great for transferring files between machines on the LAN
it is used on a local network only with no other users
Hopefully an isolated network. Otherwise, the intruder who compromises any device on the local network can mine your TELNET packets for plaintext passwords, replay them, and become root on your system.
So, to prevent such a really bad security risk from the WAN...
close port 23 on your router so that telnet can _only_ be used on the LAN
Here on my router, the _only_ port that is open to the WAN is 80 for httpd
all other ports such as 21, 22, 23, etc...etc.. are closed to the WAN
so that their services can only be used on the LAN
BTW, a much better method for accessing machines within the LAN is ssh instead of telnet
and of-course, rsync works great for transferring files between machines on the LAN
I have ports 21 through 23 all blocked on my Cisco firewall. SSH is available just on a different high random port that I assigned. When I had ssh on a standard port 22, there were soooo many attempts and they were continuous! These bots or people just dont give up!
As far as telnet goes..yeah its just a quick way for me to hope from switch to local machines (You can probably tell I have used linux since 90s haha), but yes telnet and all unencrypted traffic is closed on my Cisco firewall (Except port 80 for the http).
Hopefully an isolated network. Otherwise, the intruder who compromises any device on the local network can mine your TELNET packets for plaintext passwords, replay them, and become root on your system.
Yeah its a bit isolated on my second segment of my router...but yes you are right!
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.