Centos local root 로그인 막기

/etc/securetty   파일에서 

tty 부분 모두 주석처리

 [root@dk-test ~]# cat /etc/securetty

console

vc/1

vc/2

vc/3

vc/4

vc/5

vc/6

vc/7

vc/8

vc/9

vc/10

vc/11

#tty1

#tty2

#tty3

#tty4

#tty5

#tty6

#tty7

#tty8

#tty9

#tty10

#tty11

** 참고 **

출처 : https://www.centos.org/docs/5/html/5.1/Deployment_Guide/s2-wstation-privileges-noroot.html

ethod	Description	Effects	Does Not Affect
Changing the root shell.	Edit the /etc/passwd file and change the shell from /bin/bashto /sbin/nologin.	Prevents access to the root shell and logs any such attempts. The following programs are prevented from accessing the root account: · login · gdm · kdm · xdm · su · ssh · scp · sftp	Programs that do not require a shell, such as FTP clients, mail clients, and many setuid programs. The following programs arenot prevented from accessing the root account: · sudo · FTP clients · Email clients
Disabling root access via any console device (tty).	An empty /etc/securetty file prevents root login on any devices attached to the computer.	Prevents access to the root account via the console or the network. The following programs are prevented from accessing the root account: · login · gdm · kdm · xdm · Other network services that open a tty	Programs that do not log in as root, but perform administrative tasks through setuid or other mechanisms. The following programs arenot prevented from accessing the root account: · su · sudo · ssh · scp · sftp
Disabling root SSH logins.	Edit the /etc/ssh/sshd_config file and set the PermitRootLoginparameter to no.	Prevents root access via the OpenSSH suite of tools. The following programs are prevented from accessing the root account: · ssh · scp · sftp	This only prevents root access to the OpenSSH suite of tools.
Use PAM to limit root access to services.	Edit the file for the target service in the /etc/pam.d/directory. Make sure thepam_listfile.so is required for authentication.[a]	Prevents root access to network services that are PAM aware. The following services are prevented from accessing the root account: · FTP clients · Email clients · login · gdm · kdm · xdm · ssh · scp · sftp · Any PAM aware services	Programs and services that are not PAM aware.