How to protect Root password so it cannot be reset
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
How to protect Root password so it cannot be reset
I've just read (and tried) that you can easily reset the root password on a Linux system (I'm using Fedora) without having to enter the current one to begin with. This concerns me and I would like to stop this from happening. Does anyone know how? I imagine it was put in place so if the root password was forgotten, it could be changed. I don't like this. Here is how it was done:
At the grub login prompt, add to the default boot command:
at the next prompt, type "passwd"
you're prompted to create the root password (without having to enter the current one).
Other than creating a grub password, is there a way to stop this?
What you are wanting is not really a good idea. First, you have to have physical access to the machine to change the password anyway.
Example of why it is not a good idea to have it unchangeable. I friend of mine was using windoze NT. Somehow the password file was corrupted and would not accept any passwords at all. We tried eveything in the book, and some things not in the book. We were not able to get into the OS. At the time, there was no way to get the data copied off either. It was a Gateway machine and even the techs at Gateway said they knew of no way to get in or copy the files off with what we had. We had to reinstall and he lost all his data. Yea, he backs up now.
If that had been Linux there would be several ways to get around a bad file. You can boot into single user mode and reset the password that way. You can usually boot the install CD and rescue it that way. You can also boot something like Knoppix and chroot in and change the password.
Which is worse. Keeping someone with physical access from getting your data or nobody, including you, being able to get the data. If they have physical access, you can get it anyway knowadays. Just take the drive out and put it in another machine and copy everything over. You can even ghost the drive and get every piece of data there is.
Not being able to change the password when you have physical access is not really a option, not with all that can be done knowadays for sure. That is likely true for any OS. I have seen on the screeen savers where they can get or reset the passwords in ALL windoze OSs. They can actually change the file.
I'm sure someone will have more to add. Hang in there.
It would help if it happened now but back then it did not exist. The point I am making to the original poster is that with physical access, NO computer is secure. There is always a way to get at that data on the hard drive. There are even ways to crack encryption and such. BIOS passwords can be gone too. Just take out the battery and let it sit for a day or so then boot it up. Password is gone.
It is doable to make it hard to break into a computer but they are never secure enough to prevent all access. It's sort of like putting a steel front door on the house. They just go break a windoze and go in and unlock the door from the inside. Then they do what they want too.
I sure wish I had that back then though. He lost a lot of tax info and such. We never did find out if we got all the billing done correctly.
The only thing I can think of is to use an loopback encrypted file system which holds the passwd file. This would mean you'd have to enter a password on boot to mount the partition (so you'd have no remote reboot potential). I've only used encrypted file systems for home directories and swap partitions but I don't see why you couldn't have your root partition or a seperate /etc partition that was encrypted.
Dalek - thanks for the information. As a business owner who has confidential information on a linux server, i was hoping for some different news. however, the more i learn about security, the more i realize how easy it is to get past any security that i put in. i guess it is a trade off between "ease of use" and "security", and b/c of this there are ways built in to get around secure systems.
the reason i posted with this information was that a friend of mine's company was broken into and his computers, including his server with of course confidential information, was taken. i felt secure in my company knowing that if this happened to me, i was using a linux server and no one else knows the root password. now i realize that the information (if that's what somebody would be after) is never secure with physical access and (in fact) it is easy to bypass the security of the linux system (and according to snecklifter) the windows systems as well.
I therefore looked into moving my database to a more secure server such as mysql, but then realized that, with physical access, you could actually open the tables up (even in notepad) and although there is a lot of garbage text, the real data is in there. even the tables with the userid's and passwords (although encrypted) are viewable through notepad.
Is there any other ways of making it difficult for users with physical access to get at my data (especially data in a database)?
To The Best Of My Knowledge, and a couple of years ago I researched this heavily!, *the* most secure system is BSD.
I had a client lose the root password, and *nobody* could ever recover it, nor, not having the root-word, could any data be gotten to.
There were several of us that tried to recover for them, and I was told that the company contacted several hi-power companies by phone & got told there was most likely no way, since they had used every security trick in BSD.
I'm moderately sure a true Expert Cracker could find a way, but even That creature would have to work hard for it & need much time. I might een be wrong & the EC *couldn't* get in (but I bet the CIA could!)
Protecting the hardware is the most important line of defence, though. Next after that comes BSD, which, BTW, learning is a "rhymes with witch."
Is there a particular reason why people have physical access to the boxes that contain the data? It is always a good idea to keep systems with sensitive data locked away. Check out the EncFS page for information on a few different ways to encrypt your file system. These methods can be used to ensure if somebody stole the physical disk they wouldn't be able to mount your critical partitions.
Robert - I have never heard of BSD, but I will take a look into it. Is there a link to it (I'll check google once i'm done here).
JTshaw - thanks for the tip on the loopback file system. the link you provided on the encrypted file system (i took a quick look) seems like it might be easier for me to implement. the reason i'm looking into this is b/c, although our office is physically secure and alarmed, we still have an obligation to protect the sensitive data of others on our file systems if they were stolen. as i have done more reading on security, it seems like it is all about "layers" of defense. the physical access "layer" seems to be the most important, but if that is compromised, i want it difficult for even an above average user to get around on my system. i had thought that linux would be great for that b/c of the security built in, but reading about resetting the root password (of course) changed all that!
Let me just repeat, because I think it needs it, that once someone has physical access to the machine, there is no way to prevent them from getting the data off of it. This is true of any operating system -- Windows, Linux, BSD, etc. After all, an attacker with physical access can also just yank the power out, take out the hard drive, and mount it in another system. Doing that, they don't even need the root password on the system.
If you're data is that important, put the machine in a secure room and invest in a two-factor authentication system for the lock (e.g. key card + PIN number). If you're very concerned, hire a security firm to patrol the premises as well. If you're less concerned (and the data is not terribly valuable), a sturdy key lock for the server room and a burglar alarm is probably good enough.
again, thanks for the input. i understand what people are saying about not being totally secure if physical access is compromised.
robert, i did look into bsd and it appears to be more secure. for example, the "hack" that i mentioned earlier to overwrite the root password can be stopped with bsd by editing the /etc/ttys file to change a line that reads:
console none unknown off secure
console none unknown off insecure
this protects the root password when attempting single-user mode and requires a root password in order to enter single-user mode.
with regards to security, i guess it is kind of like locking your door. a determined thief will be able to get past anything, but i want to discourage them as much as possible from trying. the bsd tip might be something that helps doing that.
Originally posted by btmiller If you're data is that important, put the machine in a secure room and invest in a two-factor authentication system for the lock (e.g. key card + PIN number). If you're very concerned, hire a security firm to patrol the premises as well. If you're less concerned (and the data is not terribly valuable), a sturdy key lock for the server room and a burglar alarm is probably good enough.
Don't forget to secure those drop-in ceiling tiles! You'd be surprised at some of the so-called "secure" rooms folks use. Hehe.
I purchased the "BSD Hacks" book and it seems that BSD has a lot to offer in the way of security. However, one point made early in the book is that a lot of the hacks can be applied, one way or another, to other open source operating systems.
I did some searching online, and noticed that there are ways to "help" secure the linux operating system against local intrusion, while still indicating that a determined person with physical access will get in no matter what you do.
it actually describes how to password protect single-user mode in fedora. I've included the link above so that others won't have to do the searching that I did.
I still might give OpenBSD a try, but as somewhat of a newbie (especially with UNIX), i don't think that it will be easy. Noticing that there are ways to help secure with fedora might be good enough for me. That, along with encrypting my file system will probably be enough. However, I don't really understand encrypted file systems that much. Not to go off topic here, but I understand that it is supposed to be transparent (ie the appropriate user doesn't even know that it is encrypted). Now, if the root password is changed in single-user mode, does the new root user have access to the encrypted data? this maybe a dumb question, but i don't understand it all too much.