LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 07-03-2007, 12:59 AM   #1
matrix13
Member
 
Registered: Nov 2006
Location: Kerala, India
Distribution: Arch Linux
Posts: 134

Rep: Reputation: 25
Question root password security problem


One of my friends asked me how to log onto 'root' in a linux machine, whose password is lost.
I told them to boot with a live linux cd and edit the /etc/passwd file. And it worked.

But on a second thought I felt that the root password is this much easy to crack. Isnt that a security problem

How can I prevent cracking my root password, especially using a live linux cd...

And also, is there any other way to get the lost password without using a live linux cd...

Thank you
 
Old 07-03-2007, 01:16 AM   #2
frob23
Senior Member
 
Registered: Jan 2004
Location: Roughly 29.467N / 81.206W
Distribution: Ubuntu, FreeBSD, NetBSD
Posts: 1,449

Rep: Reputation: 47
If someone has physical access to the machine, you can never make it 100% secure from them.

You can take precautions:

1) single user mode should be insecure so it requires a password
2) the bios should be set to only boot from the primary drive
3) the bios should require a password (different from root's) to change settings


These steps alone will prevent the majority of problems. But if they can get at the machine... anything is possible.
 
Old 07-03-2007, 01:16 AM   #3
frob23
Senior Member
 
Registered: Jan 2004
Location: Roughly 29.467N / 81.206W
Distribution: Ubuntu, FreeBSD, NetBSD
Posts: 1,449

Rep: Reputation: 47
Sorry, repeat post.

Last edited by frob23; 07-03-2007 at 01:18 AM.
 
Old 07-03-2007, 01:18 AM   #4
b0uncer
Guru
 
Registered: Aug 2003
Distribution: CentOS, OS X
Posts: 5,131

Rep: Reputation: Disabled
You don't need a livecd if you can access your bootloader and tell it to boot to runlevel 1 (single-user mode usually). It'll give you a root login without asking password, so you can use it to change the root password with passwd.

Set a bootloader password, encrypt the filesystem, configure BIOS to prevent you from booting from anywhere else than harddisk, set BIOS password, ... there are many ways (NOTE: taking out the battery for a moment flushes BIOS settings, so it's a goner). But in the end it's just up to who can access and mount your disk - if somebody is eager, s/he'll just take the disk out of your machine, connect it to another pc, mount the disk and either do the change you mentioned or copy off the shadow file, put things back where they were and start cracking the encrypted password against a dictionary ("brute-force attack"). Once cracked, s/he can use regular login.

The only way that works is to remove the media where those passwords are - take the harddisk with you or put it into a safe. As long as it's in your pc, anybody who can access it can easily get into your system. Preventing physical access is pretty difficult, but that's something you must do if you want to be able to sleep well

EDIT: to make you feel better, think about this: cracking a Windows machine is just as easy. Windows2000 had a little flaw where you could easily just replace one executable file that is run at the login screen if you wait for too long, with a command prompt. Result: boot the machine, and when the login window comes up, wait for some time and you'll get a console with system permissions in front of you. Change passwords, replace the already-replaced executable again, and you're set. It's fast and easy with two computers, but doesn't produce much trouble with only one pc either. Luckily somebody told MS and they "fixed the problem" in the newer versions (but that doesn't say there aren't similar holes around..)

Last edited by b0uncer; 07-03-2007 at 01:22 AM.
 
Old 07-03-2007, 04:46 AM   #5
bfn924
LQ Newbie
 
Registered: Jun 2007
Posts: 4

Rep: Reputation: 0
Hello there...

I'm still new in this forum, so forgive me if I'm wrong...
My friend told me that he has encountered a problem with a server (handed over to his company by another vendor). The problem is that he didn't know the root password and try to reset it. He manage to boot the server into single user mode but he could not edit the shadow file. How to solve this problem (other than formatting it, of course)?
 
Old 07-03-2007, 09:09 AM   #6
Road_map
Member
 
Registered: Jan 2007
Distribution: Slackware
Posts: 341

Rep: Reputation: 31
Quote:
Originally Posted by matrix13
I told them to boot with a live linux cd and edit the /etc/passwd file. And it worked.
There is nothing to edit in /etc/passwd file.

Quote:
Originally Posted by matrix13
But on a second thought I felt that the root password is this much easy to crack. Isnt that a security problem
This is a myth. Modern Linux distributions, even in single-user mode, don't allow root login without password:
Quote:
(none) login: root
Password:
Quote:
Originally Posted by matrix13
And also, is there any other way to get the lost password without using a live linux cd...
Decrypting hashes
 
Old 07-03-2007, 07:30 PM   #7
bfn924
LQ Newbie
 
Registered: Jun 2007
Posts: 4

Rep: Reputation: 0
Quote:
Modern Linux distributions, even in single-user mode, don't allow root login without password
Which distro, because I'm using Fedora 6 currently but it doesn't request for password in single user mode.
 
Old 07-04-2007, 12:18 AM   #8
matrix13
Member
 
Registered: Nov 2006
Location: Kerala, India
Distribution: Arch Linux
Posts: 134

Original Poster
Rep: Reputation: 25
Thanx for all the replys...

--For Road Map. I dont understand "There is nothing to edit in /etc/passwd file.". I removed the x after root, like
root:x:....
Then saved it and reboot the system as root. It didnt ask for a password.
So, you mean this is not necessary...(clarification needed, please)

--And b0uncer, from your reply I felt that Windows is much secure in this aspect. (parden me, as I didnt crack any Windows machine. But I would like to) Is that true?

--I heard of providing a bootloader password. My bootloader is GRUB. So, how can I set a password in GRUB?
--Can I remove the single user mode from the bootloader. What is your advice...
--Finally, how can I encrypt my file system?

thnaks all...
 
Old 07-04-2007, 03:09 AM   #9
Peter_APIIT
Member
 
Registered: Dec 2006
Posts: 551

Rep: Reputation: 30
I want to disable the root login without passwd in single user mode in Fedora 7. Any methods to do so ?
 
Old 07-06-2007, 09:37 PM   #10
Peter_APIIT
Member
 
Registered: Dec 2006
Posts: 551

Rep: Reputation: 30
Any help please.
 
Old 07-07-2007, 02:08 PM   #11
whistl
Member
 
Registered: May 2005
Location: USA
Distribution: Ubuntu, CentOS
Posts: 37

Rep: Reputation: 15
physical access = no security

If you want to provide some reasonable boot security on a pc class machine, you have to:

1) edit your bios boot priority settings to remove everything except your hard drive
2) set a bios password so nobody can change that
3) use a cable lock or a good locking computer cabinet to prevent anyone from being able to steal the hard disk or open the case and reset/reflash the bios
4) use a grub password to prevent anyone from booting anything other than the default stanza.

The downside is that if you ever forget your passwords or lose your keys, you have screwed yourself instead.

In addition, or maybe instead, you might seriously consider using LUKS, dm_crypt and a loooong passphrase to provide partition level encryption, so if anyone manages to get physical access to your system or steals your hard drive, they will still be unlikely to find anything useful. The downside is a serious disk i/o performance penalty.
 
Old 07-08-2007, 04:35 AM   #12
Peter_APIIT
Member
 
Registered: Dec 2006
Posts: 551

Rep: Reputation: 30
Does remote loggin can boot inot runlevel 1 ?

This is my major concerns.
 
Old 07-08-2007, 10:42 AM   #13
whistl
Member
 
Registered: May 2005
Location: USA
Distribution: Ubuntu, CentOS
Posts: 37

Rep: Reputation: 15
not likely

Quote:
Originally Posted by Peter_APIIT
Does remote loggin can boot inot runlevel 1 ?

This is my major concerns.
No, normal user accounts cannot reboot a box into runlevel 1.

Only someone with root privileges on your system (via the root password, a local account with sudo access, or by using a local account and cracking some setuid program) could modify your grub config file and reboot the box into runlevel 1. But if they are remote, then they couldn't access it, since single user mode is only accessible from the PC console.

Then again, if someone can get root privs on your system, they don't NEED to boot into runlevel 1. They are already root!
 
Old 07-08-2007, 10:47 AM   #14
v00d00101
Member
 
Registered: Jun 2003
Location: UK
Distribution: Fedora 8, Centos 5.1
Posts: 480

Rep: Reputation: 30
Just encrypt /home and it then becomes completely moot whether they can boot into and access your machine. The data that matters is stored safely in a place they can not easily access.

If you were really paranoid encrypt everything (/ and /home) and set it up to ask for passwords before it boots the main system. Guides are available from google, but its not something i would recommend to the noob element.

I am more of a prevent access to data by method x, person. Physical security can not always be maintained, so falling back to encryption is the only logical step.
 
Old 07-09-2007, 05:06 AM   #15
Peter_APIIT
Member
 
Registered: Dec 2006
Posts: 551

Rep: Reputation: 30
Any good guide to encrypt the / and /home ?


Thanks for your help.
 
  


Reply

Tags
passwd


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
How could normal user obtain root password or change root password ckamheng Debian 18 02-18-2009 10:28 PM
Security, root and password ageing Robhogg Linux - Security 9 06-27-2006 08:05 AM
Root password no good for "software security device?" Rusted Linux - Security 3 04-26-2006 05:00 AM


All times are GMT -5. The time now is 03:16 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration