|
Home > Archive > Linux/Unix > November 2001 > securing linux singles
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
securing linux singles
|
|
| ahpama 2001-11-23, 1:45 am |
| Hello,
I would like to disable "Linux 1 or Linux singles" to prevent users from changing the passwd for root. What particular file do I need to edit to prevent users from entering in this mode?
thanks,
 | |
| ccieToBe 2001-11-23, 5:28 pm |
| I'm not sure what you mean. Do you want to make it more difficult for users to get into single user mode? If so, what book manager are you using? | |
| neuralfx 2001-11-24, 5:22 pm |
| ya he wants to disable 'linux single' , physical access is hard to secure on any os, without *physical security* .. to do this, add this line to ur /etc/lilo.conf , at the end of the "image=" section
password="my_password"
restricted
of course make "my_password" whatever you want. this option forces the user to enter a password whenever they want to enter a boot parameter with "linux" in it, like "linux single" .. the pw is not encrypted, so make lilo.conf only readable by root 'chmod 600 /etc/lilo.conf' .. this will plug the 'linux single' hole .. but your system still isnt entirely safe from physical access .. but this will make it a little more troublesome .. well good luck ..
-neural | |
| ccieToBe 2001-11-24, 6:01 pm |
| quote:
Originally posted by neuralfx
ya he wants to disable 'linux single' , physical access is hard to secure on any os, without *physical security* .. to do this, add this line to ur /etc/lilo.conf , at the end of the "image=" section
password="my_password"
restricted
of course make "my_password" whatever you want. this option forces the user to enter a password whenever they want to enter a boot parameter with "linux" in it, like "linux single" .. the pw is not encrypted, so make lilo.conf only readable by root 'chmod 600 /etc/lilo.conf' .. this will plug the 'linux single' hole .. but your system still isnt entirely safe from physical access .. but this will make it a little more troublesome .. well good luck ..
-neural
Great post neural. Some other things that can be done to make getting into single user mode more difficult are to set the harddrive as the first device to boot from and password protect your CMOS settings. The CMOS can still be reset easily, but that requires opening up the case so physical security's very important like neural said. |
|
|
|
|