LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 08-12-2003, 10:57 AM   #1
the_twister
LQ Newbie
 
Registered: Aug 2003
Location: Hyderabad , India
Posts: 5

Rep: Reputation: 0
Question Urgent help needed


hi everyone

I have RH-9 installed n also have a guest login in my allocated system in the institution and some body is entering the root bypassing the password .


I know one way is to password protect the "boot loader" by specifing a password in /etc/lilo.conf but that was all in vain he is again working in the root


Is there any other way to bypass the root password and if so please specify the security measure


thanx

 
Old 08-12-2003, 11:11 AM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,414

Rep: Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967Reputation: 1967
- please use useful thread titles
- please fdo not mark threads as urgent, questions are answered on a voluntary basis, and it is not fair to demand preferential treatment.

thanks
 
Old 08-12-2003, 09:09 PM   #3
twilli227
Member
 
Registered: May 2003
Location: S.W. Ohio
Distribution: Ubuntu, OS X
Posts: 760

Rep: Reputation: 30
Urgent reply needed

the_twister, does this person have access to your computer? How is he gaining root? Are there any logs? Need more info on what is happening.
 
Old 08-13-2003, 03:42 AM   #4
the_twister
LQ Newbie
 
Registered: Aug 2003
Location: Hyderabad , India
Posts: 5

Original Poster
Rep: Reputation: 0
no no it is not my personal computer but a computer alloted to me in the lab

so every body is allowed to sit on that computer but not get into the root as it has a "guest" login if u have any suggestions on the seeing the log file please do reply

thanx
 
Old 08-13-2003, 10:58 AM   #5
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,561
Blog Entries: 54

Rep: Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927Reputation: 2927
If it's not your personal box at the institute, then the only people who should need the admin pass are the IT dept people, right? I mean, you might be trying to protect the box for the wrong reasons. For instance if it's data you're worried about, use encryption. Besides that, with physical access to the box it wouldn't be too hard to convince the box to boot anything they want or rip out the hd to "change" things. So apart from locking it up in a secure room, heres what I'm thinking of you can do:

- let BIOS have administration passwd
- set BIOS to boot from hd only
- remove cd/fd from the case
- clear out /etc/securetty so root will be denied a login from any tty , and make the file immutable,
- dont allow runlevel 1, single mode, rescue mode or whatever its called to the box can't be put down non-network mode. Maybe make rc0.d a symlink to rc6.d (reboot),
- disable the LILO prompt and make it directly boot one kernel,
- remove the CTRL+ALT+DEL sequence (inittab) and make sure sysctl is disabled (kernel compiletime option) so no one can reboot the box that way,
- set up any PAM service (also sudo) that allows root to make changes to have an extra passwd just to make it a 'lil bit harder,
- make sudo only allow you su root access,
- change yours and the root passwd weekly and and make all shadow passwd file immutable.
- watch out for the "regular" pitfalls wrt hardening the box like remote services allowing root access: read the LQ Security References
- talk to your institutes IT people. If there's need for restrictions, theyre really the ones who should implement those.

Again, since we're talking about a box with unrestricted physical access, these should be considered very, very weak protection measures and they DO NOT enhance security in an absolute way. Please think about what you're actually protecting.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Urgent - Help Needed rigel_kent Linux - General 1 07-21-2005 09:20 AM
Please Urgent Help Needed Here !!! dezeque Linux - General 6 05-26-2005 04:37 PM
urgent help needed on fedora cool_ashwin22 Fedora 7 09-16-2004 06:54 AM
Urgent Help Needed rankxeros Linux - Security 5 03-08-2004 05:32 PM
Urgent help needed J_Szucs Linux - Newbie 7 07-09-2002 10:39 AM


All times are GMT -5. The time now is 11:25 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration