Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
It's extremely hard to protect a computer from physical tampering. I would also suggest putting in a bios password. Also make sure you have it set to only boot from the hard drive, that will prevent people from using boot disks to gain access.
One of the best ways to prevent physical tampering is simply to keep the computer locked up. You can get cases that have locks on them (but their easily bipassed). Other than that just keep you're house/room locked when you're not there.
Locking it up will keep someone from resetting the bios and/or removing the hard drive.
If you're concerned with sensative data I would suggest useing some form of data encrypion and/or keeping that data on an external drive that you can take with you. If you're just conserned with someone messing up you're computer there's nothing you can really do about it. All the security in the world wont stop a large electo-magnet or power surge.
Last edited by andy753421; 08-06-2005 at 09:42 PM.
One of the best ways to prevent physical tampering is simply to keep the computer locked up. You can get cases that have locks on them (but their easily bipassed).
Just a thought, you can weld some bended and pierced iron plates (L-shaped) to the sides of the sliding panels of the case and on the case itself, then use a regular lock to prevent case opening. It's kinda ugly solution, but the one who'd like to open the case to erase the bios or something should take the time to cut the lock, making some noise too.
Other than that, remove the harddrive from the computer and hide it while you're away...just kidding.
Originally posted by coolblue Well...hmm..thanx for ur solutions but I really can't afford to lock up my pc that way....my family uses it and I'm just a 21-yr kid using the same pc
So I know that NO ONE in my family would do any intentional damage to my pc......what I ONLY want is that no one should get access to my linux system by changing password etc.
Apart from encrypting personal files, isn't there ANY other way?
Create a BIOS password, share that with your family. Then create a Grub/Lilo password, if trusted users also use the same Linux OS, share the password with them and only them. Get a padlock to lock your computer case so no one can pull the cmos battery to reset the BIOS password. Then always use strong passwords for all users, setup sudo for trusted users who might need sudo access but limit it so they can't change root's password, etc. Then change root's password to something random, forget it and get on with your life so you don't have to worry about someone tampering with your family's computer.
Originally posted by coolblue I'm just a 21-yr kid
Wow! A 21 year old kid who actually admits that he is still a kid. Amazing.
Ultimately, it is next to impossible to prevent a savy attacker, whom has physical access to the PC, from accessing anything on that PC. This is true regardless of what operating system the PC is running (Windows, Linux, or whatever). They are only a CMOS reset and bootdisk away from anything on the PC. Your efforts would be better served encrypting the actual files you wish nobody else to see, than trying to protect passwords from local users. Beyond that, you can take some steps outlined in the other posts to prevent "most" non-savy folks from accessing your PC.
Well..hehe..I'd ALWAYS like to think of myself as a kid...who wants to grow old? maybe thinking of oneself as a kid retards the ageing process and keeps u youthful for a longer time just my own silly thoughts...
Thanks for all ur solutions..I'll hide the files & encrypt them..that I think is the most I can do
An external hdd for your personal files might be an idea.
Computer cases aren't particularly strong so it seems a bit of a daft idea putting a padlock on it, it may be a good idea to put a lock on the door to the computer room and give everyone who needs access a key.
I know it's a bit of an old topic - but here is an idea:
Use an encrypted root partition that requires the key upon boot - most likely not too hard to set up (never had to do it myself, but might soon).
If you want something more extreme: put an encrypted partition table inside another partition table - then have a custom boot loader that knows exactly where that partition table starts and asks you for the key to decrypt the initial table that contains partitions that are encrypted (in case the table itself is decrypted). Also store that boot loader on a usb stick and boot from that (if your motherboard supports usb boot).
Those ideas are only theoretical and your criticism is welcome.
Originally posted by andy753421
All the security in the world wont stop a power surge. [/B]
Maybe not, but a surge protector will.
Sorry, I know this is mostly irrelevant, but I just wanted to mention how curious I find it that so few people in North America (by which I mean Halifax, Nova Scotia, Canada) use these. Maybe it is a degree of paranoia that comes from having lived nine years in a South American country with unstable power, but I have one of the little boxes hooked between every computer in the house and the power outlets. Yep, even the old laptop from '95 with a smashed screen. Well why not? They're cheap and could save your system from pretty bad stuff. Just wanted to get that idea out there, you know, spread surge protector awareness. Always use protection kind of thing.