LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 01-12-2001, 10:55 AM   #1
markma
LQ Newbie
 
Registered: Dec 2000
Posts: 12

Rep: Reputation: 0

Greetings Guru's and Guresses,

I have noticed to my dismay, that if I reboot a Red Hat Linux 6.2 box, I can bring the box up in single user mode to a root prompt without any password, and even change it!

How can I prevent this?

Mark
 
Old 01-12-2001, 11:00 AM   #2
trickykid
LQ Guru
 
Registered: Jan 2001
Posts: 24,149

Rep: Reputation: 255Reputation: 255Reputation: 255
well....

one of the few security risks involving linux and physical access. well one thing would be is to have a bios password, or you can make a password for lilo. but anyone who has access to root once in can see or change that password in the lilo.conf file.

just add this to the lilo.conf file for a password for lilo:

password=anything here you want for password

but remember, this is not encrypted but will keep anyone out that does not have access to root like with su or does not know linux at all.

hope this helps in anyway....

Drew
 
Old 01-12-2001, 12:37 PM   #3
markma
LQ Newbie
 
Registered: Dec 2000
Posts: 12

Original Poster
Rep: Reputation: 0
Thanks

Not comforting, but helpful!

Mark
 
Old 01-14-2001, 12:30 PM   #4
jeremy
root
 
Registered: Jun 2000
Distribution: Debian, Red Hat, Slackware, Fedora, Ubuntu
Posts: 13,022

Rep: Reputation: 3751Reputation: 3751Reputation: 3751Reputation: 3751Reputation: 3751Reputation: 3751Reputation: 3751Reputation: 3751Reputation: 3751Reputation: 3751Reputation: 3751
What I usually do is add a password, run /sbin/lilo, then remove the password from the lilo.conf file. Since changes do not take effect until you run lilo again you are still password protected, but no one can see it. Now someone with su can just change the password, but every bit helps
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
How could normal user obtain root password or change root password ckamheng Debian 18 02-18-2009 10:28 PM
Booting into Single User on MDK 9 asks for root password instead of booting into root acadcworks Linux - General 6 01-10-2006 06:51 AM
root password amer_58 Linux - Newbie 6 08-20-2005 02:41 PM
Logged in as root, prompted for root password ta0kira Slackware 13 04-25-2005 01:29 AM
root / SU password Stephanie Linux - General 9 09-04-2002 11:13 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 09:54 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration