AIX Tip of the Week: Disabling Remote root Login

 

When multiple users have root access to a system, a common security question is who logged in as root? One alternative is to disable remote logins for the root id (chuser -rlogin=false root). This forces users to first login in with their regular user id, then "su -" to root. All "su" activity is captured in /var/adm/sulog, thus answering the question of "who logged in as root."

Comment: In general it is a good practice to disable root remote access as it provides two layers of password protection.