LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 07-29-2005, 11:45 PM   #1
nilecirb
LQ Newbie
 
Registered: Jul 2005
Posts: 21

Rep: Reputation: 15
How can I protect root?


Not too long ago, I received a project to dual-boot some Windows machines to include Linux. These computers are used by many people, and security is, in my opinion, quite important. My largest concern at the moment is the vulnerability of root. From all my previous experiences, all I had to do to change my root password was pop in a Knoppix (or any LiveCD), and voila!...I could change my root password. For my project's setup, this could present itself as a problem.

I have browsed many forums, perused through multiple Linux security documents, and reached the conclusion that encryption might be a valid solution to my problem. As a Linux security newbie, I would like to request answers to the following questions:
1) Would encryption be the ideal answer in regards to my project?
2) If not, what would you recommend as a solution?
3) Is what I desire even possible?

Thanks in advance for any assistance.
 
Old 07-30-2005, 12:42 AM   #2
michaelsanford
Member
 
Registered: Feb 2005
Location: Ottawa/Montréal
Distribution: Slackware + Darwin (MacOS X)
Posts: 468

Rep: Reputation: 30
Why do you feel root is more vulnerable in a dual-boot system?
 
Old 07-30-2005, 12:51 AM   #3
nilecirb
LQ Newbie
 
Registered: Jul 2005
Posts: 21

Original Poster
Rep: Reputation: 15
It's not that I feel that root is more vulnerable in a dual-boot situation; I'm sorry if I mistakenly led you to interpret it that way. The fact that they will be dual-booting really has no relevance to this problem. It was merely provided as background information.
 
Old 07-30-2005, 01:05 AM   #4
michaelsanford
Member
 
Registered: Feb 2005
Location: Ottawa/Montréal
Distribution: Slackware + Darwin (MacOS X)
Posts: 468

Rep: Reputation: 30
Thank you for the clarificaiton. However, dual-booting does pose some security risks of its own, and it was those I was trying to get at.

root, per se, doesn't need much more securing than a good strong password. By that I mean a non-dictionary word, preferably a random string of characters at LEAST 8 long, longer the better. Once that's in place it should prevent people logging in to your linux system as root.

However, though I've never done this myself, I would assume that Windows would be able to see and possibly mount your Linux partitions. This, if Windows isn't clever enugh to know the Linux security system, could completely bypass your file security (though it shouldn't allow a Windows user to start applications or daemons...) You should check up on that too.

I'm a sysadmin at a wireless ISP, we use linux for the gateway systems and aside from having nice big random passwords and other hardening techniques not specifically related to the root account, I've never needed to do anything terribly special to protect root.
 
Old 07-30-2005, 04:22 AM   #5
aqoliveira
Member
 
Registered: Dec 2001
Location: Portugal
Distribution: /Red Hat/Fedora/Solaris
Posts: 620

Rep: Reputation: 30
Howzit

Try looking up more information on SELinux project this will be a good read. RH anf Fedora have this built into the OS. This allows your system to be protected even though they get root access.

http://www.nsa.gov/selinux/

cheers
 
Old 07-30-2005, 08:32 AM   #6
XavierP
Moderator
 
Registered: Nov 2002
Location: Kent, England
Distribution: Lubuntu
Posts: 19,174
Blog Entries: 4

Rep: Reputation: 428Reputation: 428Reputation: 428Reputation: 428Reputation: 428
You've all over looked one of the points raised - by putting in a live cd, the root password can be changed. I would change the boot order to ignore the cd and floppy drive and set a BIOS password. I would then look at securing the covers of the pcs so that they can only be removed by someone authorised (metal bands and a padlock) and the BIOS will the not be resettable.

Unfortunately though, if anyone has physical access to your system they will always be able to find a way around your security measures.
 
Old 07-30-2005, 11:21 AM   #7
infinity42
Member
 
Registered: Apr 2005
Location: England
Distribution: Gentoo
Posts: 142

Rep: Reputation: 16
What version of windoze is it dual booting with? If it is an NT-based one (NT, 2k, XP) then if you make sure the users do not have admin privs they will not be able to run programs like explore2fs (http://uranus.it.swin.edu.au/~jn/linux/explore2fs.htm) although I think all write support was removed from this due to bugs. Also there are IFS (Installable File System) drivers for windoze out there.. (http://uranus.it.swin.edu.au/~jn/linux/ext2ifs.htm, http://ext2fsd.sourceforge.net/#ext2fsd, http://ashedel.chat.ru/ext2fsnt/) Haven't read thro' all of them, but I'm assume at least one has some kind of write support. I don't *know* that you have to be admin to install file system drivers in windoze.. but you would sure hope so.

But if you're running Windoze 9x it will be much more tricky. You could rely on windoze 9x's inbuilt security features, like BSODing when you try to install a program, or even running a program for that matter. The statistics all point to the crackers getting so irritated and bored staring at Blue Screens they will just give up.

The best way to avoid the boot cd worries is to follow XavierP's advice, unless you want to go the whole way and use encrypted file systems.

Hope that helps
 
Old 07-30-2005, 12:32 PM   #8
nilecirb
LQ Newbie
 
Registered: Jul 2005
Posts: 21

Original Poster
Rep: Reputation: 15
Quote:
However, though I've never done this myself, I would assume that Windows would be able to see and possibly mount your Linux partitions. This, if Windows isn't clever enugh to know the Linux security system, could completely bypass your file security (though it shouldn't allow a Windows user to start applications or daemons...) You should check up on that too.
Thank you for replying, michaelsanford. Windows users have very limited permissions: they cannot even install programs on the local computer. Rather, they have shares allocated to them from a local Windows server. Even so, reiserfs (which is the root filesystem) support in Windows should be close to nonexistent. Please correct me if I'm incorrect about that.

Quote:
Try looking up more information on SELinux project this will be a good read. RH anf Fedora have this built into the OS. This allows your system to be protected even though they get root access.
Thanks aqoliveira, I'll look into that; it sounds interesting.

Quote:
You've all over looked one of the points raised - by putting in a live cd, the root password can be changed. I would change the boot order to ignore the cd and floppy drive and set a BIOS password. I would then look at securing the covers of the pcs so that they can only be removed by someone authorised (metal bands and a padlock) and the BIOS will the not be resettable.

Unfortunately though, if anyone has physical access to your system they will always be able to find a way around your security measures.
Thank you, XavierP; this is exactly what I needed. It seems like changing the startup sequence and securing the BIOS is the only way to prevent users from changing the root password.

Quote:
What version of windoze is it dual booting with? If it is an NT-based one (NT, 2k, XP) then if you make sure the users do not have admin privs they will not be able to run programs like explore2fs (http://uranus.it.swin.edu.au/~jn/linux/explore2fs.htm) although I think all write support was removed from this due to bugs. Also there are IFS (Installable File System) drivers for windoze out there.. (http://uranus.it.swin.edu.au/~jn/linux/ext2ifs.htm, http://ext2fsd.sourceforge.net/#ext2fsd, http://ashedel.chat.ru/ext2fsnt/) Haven't read thro' all of them, but I'm assume at least one has some kind of write support. I don't *know* that you have to be admin to install file system drivers in windoze.. but you would sure hope so.
Thanks for replying, infinity42. The computers are dual-booting with Windows XP Professional, and as I mentioned previously, the user's permissions are quite limited.

Quote:
The best way to avoid the boot cd worries is to follow XavierP's advice, unless you want to go the whole way and use encrypted file systems.
If I were to use encrypted filesystems, the root password could not be changed by Knoppix (or the like), correct? Also, I've heard that most encrypted filesystems require a cleartext (or possibly not) password stored on a USB key. However, I need these computers to be able to boot without this necessity.

Again, thank you everyone for all the assistance.
 
Old 07-30-2005, 02:18 PM   #9
XavierP
Moderator
 
Registered: Nov 2002
Location: Kent, England
Distribution: Lubuntu
Posts: 19,174
Blog Entries: 4

Rep: Reputation: 428Reputation: 428Reputation: 428Reputation: 428Reputation: 428
Oh, 1 other thing, you can also password protect your bootloader ..... not sure if that's been mentioned yet.
 
Old 07-30-2005, 05:11 PM   #10
nilecirb
LQ Newbie
 
Registered: Jul 2005
Posts: 21

Original Poster
Rep: Reputation: 15
Password protecting the bootloader has not been mentioned yet, but I have already implemented that.
 
Old 07-30-2005, 05:40 PM   #11
Walman
Member
 
Registered: Jun 2004
Location: Venezuela
Distribution: RHEL ,Centos,Debian,Slax , Solaris
Posts: 94

Rep: Reputation: 15
Hi


I don't understand how can you , just by playing a live CD , you can change root password .
Do you mean that booting from the cd you can change the root passwd ? If so I am agree
with XavierP that you have to change your BIos so that nobody can boot from the CD .

I still believe that the only way you can change root passwd is by being root itself .
 
Old 07-30-2005, 09:47 PM   #12
CroMagnon
Member
 
Registered: Sep 2004
Location: New Zealand
Distribution: Debian
Posts: 900

Rep: Reputation: 33
You can certainly change root's password from a Knoppix CD, because you can become root in Knoppix. If I mount the root system under Knoppix as "/drive", then I can edit /drive/etc/passwd, because "user 0" has access to that file (ditto /drive/etc/shadow).

In essence, anyone who has unmonitored physical access to your machine can circumvent any roadblock you throw up, short of encrypting the partition (which means, of course, that they wouldn't be able to use the system either). Setting a BIOS password, disabling boot from alternative devices, and locking up the case are the best steps (you need to lock the case, because someone can easily reset your CMOS settings by opening it up).
 
Old 07-31-2005, 04:28 AM   #13
jdogpc
Member
 
Registered: Jul 2005
Location: Mafra, PT
Distribution: Fedora Core
Posts: 90

Rep: Reputation: 15
Hi nilecirb,

under my point of view as sysadmin you're wright when you say anybody can change root password just by booting with a live or rescue cd, i've done that myself quite a few times to recover some systems.
I think the only way you have to do that is by encrypting the file system, I just don't know how the will react with an encrypted fs as I have never tried it before.

As for SELinux builtin on Fedora and RedHat these only work when the machine is running and if you mess around the fs without SELinux active you may end with a unmountable fs. Also on Fedora, I can't say for sure on RedHat, if you boot the machine and change the boot loader settings to bot to runlevel 1 you will be droped in a sh shell with root previliged.

As I told you try encrypting fs.

Good luck
 
Old 07-31-2005, 06:33 AM   #14
infinity42
Member
 
Registered: Apr 2005
Location: England
Distribution: Gentoo
Posts: 142

Rep: Reputation: 16
If you boot init 1 most newer distros will require the root password before you get a shell (can't tell you exactly which off the top of my head.. I'm pretty sure fedora 3 & gentoo 2005.0 do). Just thought I'd add that, even though if you use grub you can just make it require a password to edit the boot opts.
 
Old 07-31-2005, 06:01 PM   #15
tkedwards
Senior Member
 
Registered: Aug 2004
Location: Munich, Germany
Distribution: Opensuse 11.2
Posts: 1,549

Rep: Reputation: 51
Quote:
I don't understand how can you , just by playing a live CD , you can change root password .
Anyone who has physical access to the inside of the computer can bypass any operating system security measures. This is simply a fact of reality since even if you put BIOS password on someone can just unplug your harddrive and plug it into his or her own computer and read it. Although if its encrypted all they'll be able to read will be gibberish.

However if you're in a controlled environment nilecirb where your users won't be able to open the box, but may be able to sneak in a LiveCD then setting the BIOS password might be enough.

Also remember that Windows (any version) is just as easy to password-recover via a LiveCD as any Linux distro, just do google for 'windows XP password recovery' for example:
http://www.petri.co.il/forgot_admini...r_password.htm
http://www.google.com.au/search?q=wi...en-US:official
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Protect against root password change ejennings_98 Linux - Security 10 11-20-2005 09:01 PM
How to protect Root password so it cannot be reset PAB Linux - Security 14 04-05-2005 07:05 AM
How Do You Protect Yourself? nuka_t Linux - Security 5 08-18-2004 11:35 PM
What does the GPL protect? Thaidog General 4 06-28-2004 02:51 AM
i need PATCH that protect against local root exploit for kernel 2.2.19 Slackware veenrak Linux - Security 2 10-09-2002 09:23 PM


All times are GMT -5. The time now is 11:05 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration