LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 04-25-2005, 07:20 PM   #1
buehler
LQ Newbie
 
Registered: Apr 2001
Location: Chicago
Distribution: Mandrake 10.0
Posts: 24

Rep: Reputation: 15
root console break-in


i heard it is possible to break into a linux box if one has physical
access to the machine.
is that true?
how can i prevent it?
 
Old 04-25-2005, 07:58 PM   #2
Moloko
Member
 
Registered: Mar 2004
Location: Netherlands
Distribution: Debian
Posts: 729

Rep: Reputation: 30
Only if there is a local exploit vulnerability present, which happens now and then, so make sure you're machine is updated regularly or prevent anyone else from approaching your computer (barbed wire and such).
 
Old 04-25-2005, 08:10 PM   #3
neo
Member
 
Registered: Apr 2005
Distribution: FreeBSD
Posts: 61

Rep: Reputation: 15
If someone has physical access to any box, Mac OS X, linux, windows, etc then they can easily get into the system.

The only way to try and prevent this would be to encrypt the hard drive and put the box in a room like the one in Mission Impossible w/ lasers, motion detectors, bio scans, finger print scans, and temp scan.

Last edited by neo; 04-25-2005 at 08:39 PM.
 
Old 04-25-2005, 08:52 PM   #4
twsnnva
Member
 
Registered: Oct 2003
Location: Newport News, Va
Distribution: Debian
Posts: 246

Rep: Reputation: 30
Quote:
The only way to try and prevent this would be to encrypt the hard drive and put the box in a room like the one in Mission Impossible w/ lasers, motion detectors, bio scans, finger print scans, and temp scan
Even with this Tom Cruise can still get to it
 
Old 04-25-2005, 10:39 PM   #5
buehler
LQ Newbie
 
Registered: Apr 2001
Location: Chicago
Distribution: Mandrake 10.0
Posts: 24

Original Poster
Rep: Reputation: 15
what about adding the following line to the file /etc/inittab
right after the line referencing /etc/rc.d/rc.sysinit:
ss:S:respawn:/sbin/sulogin

i found this info here:
http://www.cromwell-intl.com/securit...hardening.html

i'm not sure what exactly this is doing though ...
 
Old 04-25-2005, 11:25 PM   #6
btmiller
Senior Member
 
Registered: May 2004
Location: In the DC 'burbs
Distribution: Arch, Scientific Linux, Debian, Ubuntu
Posts: 4,284

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
That's basically requiring the root password to enter single user mode. It's easily bypassed though by adding init=/bin/sh to the kernel command line during boot. You can prevent that trick by using a bootloader password, password protecting the BIOS, and setting the hard drive as the first boot device. The way around that though is for the attacker either to remove the CMOS battery (which will usually reset the BIOS to factory defaults, i.e. no password) or to change the hard drive jumpers and add a new drive to boot off. Or, he can simply pull the hard drive from the case and take it home to crack at his leisure.

So basically, once someone has physical access to the machine, they can get the data off of it. This is (one reason) why mission critical servers are kept in locked rooms with strict access controls.
 
Old 04-27-2005, 08:19 AM   #7
johnnydangerous
Member
 
Registered: Jan 2005
Location: Sofia, Bulgaria
Distribution: Fedora Core 4 Rawhide
Posts: 431

Rep: Reputation: 30
how to password protect grub?+
 
Old 04-27-2005, 11:32 AM   #8
neo
Member
 
Registered: Apr 2005
Distribution: FreeBSD
Posts: 61

Rep: Reputation: 15
I'm not sure how to password protect grub. I think you have to patch it. However, it doesn't offer any real protection becuase it can easily be bypassed by anyone that knows just a little about computers.
 
Old 04-28-2005, 12:25 AM   #9
johnnydangerous
Member
 
Registered: Jan 2005
Location: Sofia, Bulgaria
Distribution: Fedora Core 4 Rawhide
Posts: 431

Rep: Reputation: 30
well if you have bios password I don't think it's easy to bypass boot loader password without striping ou the MB
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How to know when someone tried to break root password? mayank_a Linux - General 3 10-10-2005 09:51 PM
How to log in as root in a console Vodius Linux - Newbie 3 05-16-2005 06:16 AM
root console nemesi Slackware 2 04-30-2005 08:25 AM
root, opening and console Niflheim Linux - Newbie 7 01-25-2005 01:59 PM
Root password: do certain characters "break" Linux? Sumleilmus Linux - Newbie 3 12-29-2004 12:41 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 03:51 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration