LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (http://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   Intruders can log in to my Linux box using run level 1 without using the password ?? (http://www.linuxquestions.org/questions/linux-newbie-8/intruders-can-log-in-to-my-linux-box-using-run-level-1-without-using-the-password-797191/)

Andrew Dufresne 03-23-2010 12:03 AM

Intruders can log in to my Linux box using run level 1 without using the password ??
 
Hi,

Well I have been using linux for sometime, and have kept strong passwords for every user account. But recently I noticed when we boot into run level 1, it does not ask for any password.

This means that anyone can turn on my computer in my absence, on grub menu press a, then 1 to append 1 to the kernel arguments, which will make my system boot in run level 1.

It won't ask for any password. Once in run level 1, the intruder can easily access my files, copy them, change their permissions, change even the root password.

Now how can I make my system more secure?
Is there a way to get detailed info of each log in session, like which user, which run level, for how long and things like that?

Regards

Sayan Acharjee 03-23-2010 12:05 AM

Quote:

Originally Posted by Andrew Dufresne (Post 3908428)
Hi,

Well I have been using linux for sometime, and have kept strong passwords for every user account. But recently I noticed when we boot into run level 1, it does not ask for any password.

This means that anyone can turn on my computer in my absence, on grub menu press a, then 1 to append 1 to the kernel arguments, which will make my system boot in run level 1.

It won't ask for any password. Once in run level 1, the intruder can easily access my files, copy them, change their permissions, change even the root password.

Now how can I make my system more secure?
Is there a way to get detailed info of each log in session, like which user, which run level, for how long and things like that?

Regards

You can secure your grub by putting a grub password, so that whenever someone presses e to enter into runlevel 1, it will ask for the grub password.

linuxlover.chaitanya 03-23-2010 12:07 AM

Any user who has a physical access to your machine should be able to change the kernel parameters. You should keep your machine physically safe. And also keep a password for the Grub. So that anyone who wants to or tries to edit the grub parameters will need to pass the password. And without the password, grub menu will not be accessible for editing.
Look Here for how to protect your grub with password.

chrism01 03-23-2010 12:13 AM

You can even add a bios passwd on some systems, but in any case, physical access to a system means all bets are off eg they could remove the hdd & put it in another system; in which case encryption is the only answer.
This is true of any OS, not just Linux.

Sayan Acharjee 03-23-2010 12:15 AM

To secure grub:
Quote:

#grub-md5-crypt >> /etc/grub.conf
Enter password and press enter, then re-enter password and press enter again, it will take you back to # prompt.
Now open the file /etc/grub.conf with vi,
Edit the file in following manner:

Quote:

default=0
timeout=5
password --md5 your_password
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title Fedora Core (2.6.11-1.1369_FC4)
root (hd0,0)
kernel /vmlinuz-2.6.11-1.1369_FC4 ro root=LABEL=/1 rhgb quiet
initrd /initrd-2.6.11-1.1369_FC4.img
The newly added line should have that alphanumeric password which you'll find in the bottom of the file (you have redirected the password in this file when creating the password)cut that password and paste it like password --md5 your_password

save and exit.


All times are GMT -5. The time now is 11:25 AM.