LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - General (https://www.linuxquestions.org/questions/linux-general-1/)
-   -   linux single (https://www.linuxquestions.org/questions/linux-general-1/linux-single-36435/)

j0ck 11-25-2002 01:12 PM
linux single
 
Greetings, I just had a Red Hat machine brought to me and the root password had been changed, no one knew the password. well after some reading I found out that a certain time in the boot process I could type "linux single" and I got in and changed the root password and now all is well.
well....... is there any way to change that to where no one could do that? how can I disable that to prevent it from happening to my machine. this seems very insecure.
thanx
j0ck

RijilV 11-25-2002 01:17 PM
yes it is. Really the only way to secure booting up Linux is to either put a password on Grub or if you use Lilo put a password on that. even if you disable single user mode, someone can still type in from the boot-loader prompt something like:

linux init=/bin/bash

and have at it with your system. so yah. Grub will allow for you to have a password for entering anything but the default selections, I don't use grub but I'm sure somebody here can give you a hand...

vladkrack 11-25-2002 01:58 PM
Hi,

In grub to set a password you must edit the file /boot/grub/menu.lst and add the option "password = <your_password>", and then on to edit your line and add something to then like init=/bin/bash or linux single you will must type `p` and insert the right pass.

But your software security is direct related to your machine physical security, if you can mantain this last one anything you do will be just another dificulty in the way of the invader, but not total security. An example of how to break any resistance from boot loaders is to boot from a mini-distro in a floppy ....

verigoth 11-25-2002 06:07 PM
the only true secure linux box is a machine not on a network surrounded by a brick wall. the reason single user mode exists is because if someone has local access, they have your machine anyways...all it takes is a bootdisk...unless you make it really secure, but then all that is needed is a screwdriver...monitor local access, that's all that really can be done.

verigoth

neo77777 11-25-2002 07:34 PM
Place this line into /etc/inittab after initdefault statement
~~:S:wait:/sbin/sulogin
It will make sure that single user mode still requires the root's password. Just train your memory to memorize the root password.

neo77777 11-25-2002 07:35 PM
For more info on linux boot security issues and how to protect yourself best refer to http://www.bastille-linux.org/jay/an...rewdriver.html

j0ck 11-26-2002 02:23 PM
thanx neo ( and everyone else) that was exactly what i was looking for.
:p


All times are GMT -5. The time now is 04:22 AM.