LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 03-06-2006, 05:10 PM   #1
Wheat_Thins
Member
 
Registered: Nov 2005
Location: Michigan
Distribution: Primary: Ubuntu 8.10
Posts: 94

Rep: Reputation: 15
Close The "linux single" Hole on a FDC4 system?


Do I need to modify the grub.conf to remove access from using the "single" parameter that can be passed at startup? If so what do I have to add to the file to restrict access to this?

Thanks in Advance!
 
Old 03-06-2006, 05:30 PM   #2
acid_kewpie
Moderator
 
Registered: Jun 2001
Location: UK
Distribution: Gentoo, RHEL, Fedora, Centos
Posts: 43,417

Rep: Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985Reputation: 1985
don't think of it as a "whole" it's your-own-stupid-fault (tm) if you are in a situation where someone can physically walk up to that machine to get to the bootloader. if they can walk away with the box, why ot let them choose runlevel's?

anyway.... you can set passwords to allow per boot option edit access. http://www.gnu.org/software/grub/man.../password.html
 
Old 03-07-2006, 06:05 AM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3608Reputation: 3608Reputation: 3608Reputation: 3608Reputation: 3608Reputation: 3608Reputation: 3608Reputation: 3608Reputation: 3608Reputation: 3608Reputation: 3608
...next to that add a line in /etc/inittab along the lines of (unique code)":S:wait:/sbin/sulogin" will not allow access when dropping to single mode w/o root password. As tricky already said it's not a one stop solution and rather easy to bypass.
 
Old 03-07-2006, 11:15 AM   #4
doublejoon
Member
 
Registered: Oct 2003
Location: King George, VA
Distribution: RHEL/CentOS/Scientific/Fedora, LinuxMint
Posts: 370

Rep: Reputation: 44
/sbin/grub-md5-crypt create a grub password
 
Old 03-07-2006, 09:01 PM   #5
Crito
Senior Member
 
Registered: Nov 2003
Location: Knoxville, TN
Distribution: Kubuntu 9.04
Posts: 1,168

Rep: Reputation: 53
First thing any decent "cracker" will do after gaining access is change the root/admin password. I'd set a BIOS boot password only, as that's the only one that can't be changed remotely. Otherwise you might end up getting locked out of your own box.

I don't think it's a "hole" either BTW. Quite the contrary, it might just save your arse in a pinch. Think about being locked out of your mission-critical production box and not having a recent or good backup to restore from! That "hole" might just save the whole business.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
how to use "touch" for a hole file tree mandavi Linux - General 11 07-05-2005 06:16 AM
"User" & "System" CPU load difference JJX Linux - General 3 06-06-2004 02:42 AM
How to disable "linux single" at lilo prompt hus Linux - Security 1 05-09-2004 03:22 AM
"X-MS" cant open because "x-Multimedia System" cant access files at "smb&qu ponchy5 Linux - Networking 0 03-30-2004 12:18 AM
A source close to SCO: "linux code has been copied in to system V" qanopus General 4 06-12-2003 02:02 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 04:06 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration