On Mon, 26 Mar 2001, Wolfgang Pfeiffer wrote:
> Just read the thread on how to create a new password for root (entering
> single user mode, writing "linux single" at the lilo prompt then typing
> "passwd" etc. ...
>
> How can I prevent this, because this possibility (as convenient it may be
> for a poor admin having lost his password) basically leaves my system
> vulnerable for every creep knowing the trick, too ...
>
> Please tell me someone I'm wrong ...
>
> Regards.
> Wolfgang.
>
>
Yo are basicly at the mercy of anyone that can get at the physical
console. There are ways you can protect yourself to some extent.
Password protect LILO - for each boot lable, or to enter options
at the LILO prompt.
Disable booting from anything except the hard drive.
Do not have DOS or Windows on the machine. (Loadlin lets me boot what I
want and get full access.)
Set BIOS passwords for setup, and booting.
Lock the case of the machine.
Lock the machine to an inmovable object.
Restrict physical access to the machine.
Basicly, if someone can get at the machine itself, knows what they are
doing, and has enough time, they will get in.
Know your cleaning staff, and any maintence workers that work when the
building is otherwise deserted. I have lost cound of the offices,
banks, and computer rooms I have had unrestricted access to just because
I was an electrician doing work after hours. It is a good thing I am
honest - imagine what I could do with a BBC CD in my pocket...
Mikkel
--
Do not meddle in the affairs of dragons,
for you are crunchy and taste good with ketchup.
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
