Restricting direct login and su access
On critical systems it is usually considered a bad practice to allow direct remote logins to system users, such as root or other application owners, and shared users, such as oracle
. As a method for better control and from the user audit point of view, it is recommended to create different login users that will be allowed to connect and perform switches (su
) to users considered critical. No other users should be exposed to the external world to allow direct, remote, or local connections.
In this recipe, we will create a group log and a user named loguser1
, and we will disable direct logins for all others.
Getting ready
All steps will be performed on nodeorcl1
.
How to do it...
- Create a designated group for users ...
Get Oracle 11g Anti-hacker's Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.