User's Manual

Solaris 9 Security CX-310-301 48

Note: The expiry information is stored in /etc/shadow.

Restricting root Logins

It is bad practice to allow root to login directly across the network. The only time that root should be able

to login, is at the console.

To prevent remote logins as root, make sure the following entry in /etc/default/login is not commented out

(does not have a “#” in column 1):

CONSOLE=/dev/console

The only way for a user to become root is to use the su command after having first logged in as a normal

user. This makes it more difficult for an attacker, because there are two passwords that have to be

compromised in order to gain root access.

Dormant Accounts

When someone leaves the organization, their account should be deleted immediately, or at least locked, and

the files either archived, or moved to another user, or deleted.

To lock the account temptest:

# passwd –l temptest

To delete the account temptest:

# userdel temptest

To delete the account temptest and remove the home directory (including files:

# userdel –r temptest

You should also look for any other files that the user may have owned that did not reside in the home

directory, because these files will become a security risk if the user account is deleted. You can use the find

command to change the ownership of these files. In the example below, the files owned by user temptest

are changed to be owned by root:

# find / -user temptest -print

find: cannot find temptest name

Notice that find cannot identify the user temptest because it has already been deleted. In this instance, use

the UID, which was 8888, instead: