How to control the root access to the system.

You can control root access to the system by setting parameters in the /etc/default/login file. The /etc/default/login file establish default parameters for users when they log in to the system.

One of the parameters you can set is CONSOLE variable. There are three possible states that restrict access to the root account:

If CONSOLE variable is commented out ( #CONSOLE=/dev/console ), the root user can log in to the system from any workstation. In other words, root access to the system is unlimited.
If CONSOLE variable is not commented ( CONSOLE=/dev/console ), the root user can log in only localy on the system console. No remote access is possible.
If CONSOLE variable does not have any value assign to it ( CONSOLE= ), then the root user cannot log in from anywhere. The only possibility how to become root user is to switch from regular user account by using su command.

Source : Net