Answer: Do the following steps as:
1.touch /etc/nologin
2.vi /etc/securetty
comment all available terminall then first.
If /etc/nologin file is created, then pam modules pan_nologin deny to all non-root users to login locally.
/etc/pam.d/login file calls the module.
#%PAM-1.0
auth requiredpam_securetty.so
auth requiredpam_stack.so service=system-auth
auth requiredpam_nologin.so
account requiredpam_stack.so service=system-auth
password requiredpam_stack.so service=system-auth
# pam_selinux.so close should be the first session rule
session requiredpam_selinux.so close
session requiredpam_stack.so service=system-auth
session optionalpam_console.so
# pam_selinux.so open should be the last session rule
session requiredpam_selinux.so multiple open
pam_securetty modules checks the /etc/securetty file, which terminal are available to root. If terminal is not available in this file then pam_securetty module deny to login on unavailable terminal to root user.
Submit