hi everyone

I have RH-9 installed n also have a guest login in my allocated system in the institution and some body is entering the root bypassing the password .


I know one way is to password protect the "boot loader" by specifing a password in /etc/lilo.conf but that was all in vain he is again working in the root


Is there any other way to bypass the root password and if so please specify the security measure


thanx

- please use useful thread titles
- please fdo not mark threads as urgent, questions are answered on a voluntary basis, and it is not fair to demand preferential treatment.

thanks

the_twister, does this person have access to your computer? How is he gaining root? Are there any logs? Need more info on what is happening.

no no it is not my personal computer but a computer alloted to me in the lab

so every body is allowed to sit on that computer but not get into the root as it has a "guest" login if u have any suggestions on the seeing the log file please do reply

thanx

If it's not your personal box at the institute, then the only people who should need the admin pass are the IT dept people, right? I mean, you might be trying to protect the box for the wrong reasons. For instance if it's data you're worried about, use encryption. Besides that, with physical access to the box it wouldn't be too hard to convince the box to boot anything they want or rip out the hd to "change" things. So apart from locking it up in a secure room, heres what I'm thinking of you can do:

- let BIOS have administration passwd
- set BIOS to boot from hd only
- remove cd/fd from the case
- clear out /etc/securetty so root will be denied a login from any tty , and make the file immutable,
- dont allow runlevel 1, single mode, rescue mode or whatever its called to the box can't be put down non-network mode. Maybe make rc0.d a symlink to rc6.d (reboot),
- disable the LILO prompt and make it directly boot one kernel,
- remove the CTRL+ALT+DEL sequence (inittab) and make sure sysctl is disabled (kernel compiletime option) so no one can reboot the box that way,
- set up any PAM service (also sudo) that allows root to make changes to have an extra passwd just to make it a 'lil bit harder,
- make sudo only allow you su root access,
- change yours and the root passwd weekly and and make all shadow passwd file immutable.
- watch out for the "regular" pitfalls wrt hardening the box like remote services allowing root access: read the LQ Security References
- talk to your institutes IT people. If there's need for restrictions, theyre really the ones who should implement those.

Again, since we're talking about a box with unrestricted physical access, these should be considered very, very weak protection measures and they DO NOT enhance security in an absolute way. Please think about what you're actually protecting.