[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Get rid og linux single in red hat
Alex Shnitman wrote:
> Hi, фефеб!
>
> On Tue, Sep 19, 2000 at 07:05:10PM +0200, you wrote the following:
>
> > Anyone knows how one can secure a Linux box localy against booting it in
> > single mode by anwanted persons ?
> > At least in my RH boxes everyone can type "linux single" in LILO prompt and
> > then passwd to kick me off.
>
> Add the following lines to lilo.conf:
>
> password = m2D92n3zf
> restricted
>
> Then adding parameters to the kernel will require entering this
> password. (Booting without adding parameters won't.)
>
And make sure that /etc/lilo.conf is _not_ world readable!!!!
>
> You may also want to make sure that the BIOS is set up to not boot
> from the floppy drive, and that there's a password on the BIOS. That's
> about as secure as you can get with it. Be advized that generally, if
> someone has physical access to the box he can own it in *some* way, so
> it's OK for e.g. university computer rooms where there are people who
> look from time to time that people aren't unscrewing boxes and taking
> the hard drives out, but it's not 100% foolproof, and it can't be.
there are more ways:
1) install package sulogin
This will ask root password when booting single. Debian way (tm).
2) tweak /usr/src/linux/init/main.c
Pay attention to lines 1080 - 1090, add call to getty at 1419
Thus, you can insist on authentication even if user tries to break in using
boot lines such as
boot: linux init=/bin/bash
>
>
> --
> Alex Shnitman | http://www.debian.org
> alexsh@hectic.net, alexsh@linux.org.il +-----------------------
> http://alexsh.hectic.net UIN 188956 PGP key on web page
> E1 F2 7B 6C A0 31 80 28 63 B8 02 BA 65 C7 8B BA
>
> For Sale: Parachute. Only used once, never opened, small stain.
>
> =================================================================
> To unsubscribe, send mail to linux-il-request@linux.org.il with
> the word "unsubscribe" in the message body, e.g., run the command
> echo unsubscribe | mail linux-il-request@linux.org.il
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il