LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 03-31-2004, 08:32 PM   #1
LHRM
LQ Newbie
 
Registered: Mar 2004
Distribution: RedHat
Posts: 4

Rep: Reputation: 0
How can I remove root logons using Linux Single and Linux Rescue from Red Hat startup


One of my students discovered that auser doing "shutdown now" is able to logon as Single User on RedHat 6.1. I tried it on RedHat 7.2, but I was already on as root, and got the same result. I tried it on Suse 8.0 and it required that the root password be reentered. As my students become more knowledgeable I need to tighten security on the college's network. I assume it is a modification to the startup script but I need to know where to look.
 
Old 03-31-2004, 10:02 PM   #2
leonscape
Senior Member
 
Registered: Aug 2003
Location: UK
Distribution: Debian SID / KDE 3.5
Posts: 2,313

Rep: Reputation: 47
Do you mean as the machine is rebooting?

You can install passwords on GRUB and LILO to prevent Single User access.

If not then ignore me
 
Old 03-31-2004, 10:03 PM   #3
irish_rover
Member
 
Registered: Sep 2002
Location: IN, USA
Distribution: Debian, Endian FW
Posts: 368

Rep: Reputation: 30
You should be able to set up the boot manager to require a password to allow passing options to the kernel. Also, just curious, why do the users have access to run shutdown?
 
Old 03-31-2004, 11:48 PM   #4
LHRM
LQ Newbie
 
Registered: Mar 2004
Distribution: RedHat
Posts: 4

Original Poster
Rep: Reputation: 0
Thanks for your quick response. With the "out of the box" Red Hat Linux it is possible to, at Lilo boot: to type Linux Single and get the Linux bash root access without entering your password. I need to find and modify the startup script to prevent Linux from reponding. I never considered that a user could type "shutdown now" and get a response but it happened. I don't know where the startup script is stored and therefore I can't modify it. Hi leonscape. The indivdual had been logged on as a user. I was surprised that RH Linux 6.1 even responded to the "shutdown now" from a non-root logon but it did. Hi Irish Rover - I didn't even consider that a user could use outher than CTRL-ALT-DELETE to exit but apparently "shutdown now" worked. I'm bringing up a RH 7.2 Linux and preparing to log on as a user to check it again but since it is almost 1:00 AM here in New York and I have to get up in four hours, I'll try to get back to you after I get some sleep and try it a few more times. Thanks.
 
Old 04-01-2004, 12:15 PM   #5
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,472
Blog Entries: 54

Rep: Reputation: 2901Reputation: 2901Reputation: 2901Reputation: 2901Reputation: 2901Reputation: 2901Reputation: 2901Reputation: 2901Reputation: 2901Reputation: 2901Reputation: 2901
One of my students discovered that auser doing "shutdown now" is able to logon as Single User on RedHat 6.1.
Three different issues. Unset the setuid bit on /sbin/shutdown effectively disables unprivileged users to use it. Then set up sudo for users who may use the command and parameters. RHL 6.x is definately a security risk itself.


I tried it on RedHat 7.2, but I was already on as root, and got the same result.
"testing" it like that doesn't make any sense, if you don't specifically take away root caps, root isn't denied anything.


I tried it on Suse 8.0 and it required that the root password be reentered.
You're looking for "sulogin" in /etc/inittab. While you're there, comment out the ctrl-alt-del line there.


As my students become more knowledgeable I need to tighten security on the college's network.
First of all you should get your own security knowledge up to date. Please check out the LQ FAQ: Security references. Then install a recent and maintained release of your favourite distro. Put the box on a separate segment where they can do no harm, harden the box, check the logs and audit regularly.


Last edited by unSpawn; 04-01-2004 at 12:17 PM.
 
Old 04-01-2004, 12:50 PM   #6
ugge
Senior Member
 
Registered: Dec 2000
Location: Gothenburg, SWEDEN
Distribution: OpenSUSE 10.3
Posts: 1,028

Rep: Reputation: 45
There are a lot more to the safety of a PC system running linux than just the boot loader and normal logins.
To make your system even a little safe you will have to set a BIOS password and disable boot on CD and floppy. Why?
If you can boot your computer then you can run a floppy/cd based linux mount your original linux as a sub folder, then go in and alter the /etc/passwd file effectively give you root access.
Security begins at the physical layer. Best is to deny physical access to the actual computer case.
 
Old 04-02-2004, 01:25 AM   #7
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,472
Blog Entries: 54

Rep: Reputation: 2901Reputation: 2901Reputation: 2901Reputation: 2901Reputation: 2901Reputation: 2901Reputation: 2901Reputation: 2901Reputation: 2901Reputation: 2901Reputation: 2901
Security begins at the physical layer. Best is to deny physical access to the actual computer case.
IMHO physical security only makes sense where you would need it (and on those occasions it's better to have the boxen located in a restricted access area of the building), yes, apart from that you're right, and it's not mentioned that often.

On a personal note even restricted area's aren't all that good if the rest of the security policy fails, is absent or doesn't care for proper emergency plans. Being the friendly, interested and helpful kind of co-worker I've been given too much information and allowed access too easily to locations, networks and systems.
 
Old 04-02-2004, 02:17 AM   #8
ugge
Senior Member
 
Registered: Dec 2000
Location: Gothenburg, SWEDEN
Distribution: OpenSUSE 10.3
Posts: 1,028

Rep: Reputation: 45
Ooops I managed to double post.

Last edited by ugge; 04-02-2004 at 02:18 AM.
 
Old 04-02-2004, 02:18 AM   #9
ugge
Senior Member
 
Registered: Dec 2000
Location: Gothenburg, SWEDEN
Distribution: OpenSUSE 10.3
Posts: 1,028

Rep: Reputation: 45
The paranoid administrator would claim that there is no secure computers where there are physical access. It's right that security is a balance between usability and safety depending on the security need and expected level of attempted break ins.

My previous post as with this post is an informative post, just to widen the perspective.
The BIOS password and boot order would still need to be fixed on the computers. Without that I would say that there are no security at all, unless the disks are encrypted or otherwise made unreadable to other systems than the intended linux installation.
 
Old 04-09-2004, 07:07 PM   #10
frogman
Member
 
Registered: Sep 2003
Distribution: Mandrake, Slack, Debian and PicoBSD
Posts: 181

Rep: Reputation: 30
Quote:
Originally posted by ugge
The BIOS password and boot order would still need to be fixed on the computers.
There is usually a default manufacturer BIOS password only a Google away.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How to remove "Welcome to Red Hat" at RH9 startup? DJ Shaji Red Hat 3 04-05-2005 12:30 PM
how do you use the rescue disk for Red Hat 8.0? Tiyogi Red Hat 6 03-28-2004 11:37 AM
Processor for a server with Red Hat Linux 9 - single or dual? san_lss Linux - Hardware 1 03-19-2004 06:33 AM
How to rescue Mandrake like Red Hat Dr Thrall Mandriva 3 11-09-2003 12:31 PM
Red Hat does not plan to release another product in the red hat linux line... Whitehat General 5 11-03-2003 06:33 PM


All times are GMT -5. The time now is 05:04 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration