LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   password protect pxe installation (https://www.linuxquestions.org/questions/linux-security-4/password-protect-pxe-installation-331796/)

ssharma_02 06-09-2005 05:50 AM

password protect pxe installation
 
hi,
i configured pxe installation system in my network which is working fine along with dhcp, tftp servers.
I find a major security hole when ny body could install a new image , i wanted to know if there exists any password protect mechanism by which i could plug in this gap
i was thinking on lines where one could do such a thing in linux boot init=/bin/bash

any suggestions ?

Simon Bridge 06-09-2005 05:55 AM

You could always remove group/other write access to the image or image location? (setting owner=root) But isn't this done already - in which case, you need to explain how anybody can change this and where from.

Simon Bridge 06-09-2005 06:05 AM

See: http://support.novell.com/techcenter...s/tp10009.html
SECURITY DISCLAIMER: VNC is unencrypted by default, so anyone who has access to the patch between you and the server and a decent packet sniffer can capture your sessions and extract passwords, server settings, or other entered data. Therefore, it is highly recommended that you only perform unsecured VNC installations over a trusted network or in a VMWare environment. There are ways of securing VNC (SSH Tunnels for instance), but those are outside the scope of this document. For more information about securing VNC connections with SSH, see Using SSH with VNC (http://www.uk.research.att.com/archive/vnc/sshvnc.html).

If I guess you mean that someone can insert an image to the pxe part if the remote install?
Nobody should be able to go backwards through this link once the environment is established.

ssharma_02 06-09-2005 06:20 AM

Well i guess the problem is a little different, i need to ensure that the installation can only be done by the network administrator where as the other options like boot up's etc be open to all different people with ofcourse their own user login's and passwd's.


All times are GMT -5. The time now is 12:26 AM.