Restricting direct login and su access

On critical systems it is usually considered a bad practice to allow direct remote logins to system users, such as root or other application owners, and shared users, such as oracle. As a method for better control and from the user audit point of view, it is recommended to create different login users that will be allowed to connect and perform switches (su) to users considered critical. No other users should be exposed to the external world to allow direct, remote, or local connections.

In this recipe, we will create a group log and a user named loguser1, and we will disable direct logins for all others.

Getting ready

All steps will be performed on nodeorcl1.

How to do it...

  1. Create a designated group for users ...

Get Oracle 11g Anti-hacker's Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.