5.7. Disable all console access

The Linux-PAM library installed by default on your system allows the system administrator to choose how applications authenticate users, such as for console access, program and file access. In order to disable all these accesses for the users, you must comment out all lines that refer to pam_console.so in the /etc/pam.d/ directory. This step is a continuation of the above hack Disable console program access. The following script will do the trick automatically for you. As root creates the disabling.sh script file, touch disabling.sh and add the following lines inside:

               # !/bin/sh
               cd /etc/pam.d
               for i in * ; do
               sed '/[^#].*pam_console.so/s/^/#/' < $i > foo && mv foo $i
               done
               
Make this script executable with the following command and execute it:

               [root@deep] /# chmod  700  disabling.sh
               [root@deep] /# ./disabling.sh
               
This will comment out all lines that refer to pam_console.so for all files located under /etc/pam.d directory. Once the script has been executed, you can remove it from your system.