LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 04-08-2007, 10:24 PM   #1
SlowCoder
Senior Member
 
Registered: Oct 2004
Location: Southeast, U.S.A.
Distribution: Debian based
Posts: 1,250

Rep: Reputation: 164Reputation: 164
Root password lost ... how to keep from changing?


This is in reference to a thread: http://www.linuxquestions.org/questi...d.php?t=544396

I would like to pose a scenario:
In a multiuser lab, no people should know the root password. Knowing the installed distribution, but not knowing the root password, would someone be able to utilize the install CD in rescue mode to change the password? This does not sound very good.
 
Old 04-09-2007, 12:15 AM   #2
rickh
Senior Member
 
Registered: May 2004
Location: Albuquerque, NM USA
Distribution: Debian-Lenny/Sid 32/64 Desktop: Generic AMD64-EVGA 680i Laptop: Generic Intel SIS-AC97
Posts: 4,250

Rep: Reputation: 62
Sure they would, and on lots of distros there are even easier ways; like hitting "e" while the grub screen is displayed.
 
Old 04-09-2007, 01:31 AM   #3
introuble
Member
 
Registered: Apr 2004
Distribution: Debian -unstable
Posts: 700

Rep: Reputation: 31
Quote:
no people should know the root password
Surely at least one person should know the password.

As for the whole livecd thing .. have the computer *not* boot off the CD-ROM, and set up a BIOS password. And stuff like that. Physical security is not *that* hard to ensure given the user can not use a screwdriver.
 
Old 04-11-2007, 01:37 PM   #4
hacker supreme
Member
 
Registered: Oct 2006
Location: As far away from my username as possible
Distribution: Gentoo
Posts: 259
Blog Entries: 1

Rep: Reputation: 31
Or, if you have the right type of case. password the BIOS, change the boot settings so that it can't boot from CD, then padlock the case shut. I did with mine. (Then lost the key... Duh.)

Reason for edit: Stoopid speling mistek!
 
Old 04-11-2007, 02:10 PM   #5
PTrenholme
Senior Member
 
Registered: Dec 2004
Location: Olympia, WA, USA
Distribution: Fedora, (K)Ubuntu
Posts: 4,187

Rep: Reputation: 354Reputation: 354Reputation: 354Reputation: 354
Quote:
Originally Posted by SlowCoder
This is in reference to a thread: http://www.linuxquestions.org/questi...d.php?t=544396

I would like to pose a scenario:
In a multiuser lab, no people should know the root password. Knowing the installed distribution, but not knowing the root password, would someone be able to utilize the install CD in rescue mode to change the password? This does not sound very good.
In your scenario, the administrator would quickly become aware that the root password had been changed because her password would no longer work. In that circumstance, she would:

<edit>
First, change the BIOS so that HD boot precedes any other boot media, and protect BIOS changes with a password. This would prevent any such changes in the future. Of course, this should be done a a mater of course in any publicly accessible computer system. If there is a need to boot from some other media than the HD, she can use the BIOS password to change the setting for that boot, and then change it back.

She would also change the /etc/rc.d/rc[1-4].d/ setting so that changing the boot run level would not give root access without a password.

After that, she would:
</edit>

1) Boot into single user mode from a rescue disk
2) Create a new incremental backup to identify any changes since her last backup (see below)
3) Change the root password
4) Restore the system to a prior “known good” state from her backups
5) Start an internal investigation to identify who had made the unauthorized change, and what had been changed in the system
6) If the perpetrator could be identified, report the facts to the lab administrator for action
7) If the perpetrator could not be identified, report that to the lab administrator so a criminal investigation could be started.
8) Review the changes in the incremental backup and restore any authorized changes.

Last edited by PTrenholme; 04-11-2007 at 04:16 PM.
 
Old 04-12-2007, 02:06 PM   #6
Road_map
Member
 
Registered: Jan 2007
Distribution: Slackware
Posts: 341

Rep: Reputation: 31
Quote:
Originally Posted by SlowCoder
This is in reference to a thread: http://www.linuxquestions.org/questi...d.php?t=544396

I would like to pose a scenario:
In a multiuser lab, no people should know the root password. Knowing the installed distribution, but not knowing the root password, would someone be able to utilize the install CD in rescue mode to change the password? This does not sound very good.
I think is just another myth. Did you try to boot in "single user mode" or in "rescue mode" with your distro install CD? I try many times in Slackware:
Code:
bare.i root=/dev/hda1 noinitrd ro telinit S -t 10
but finally was allways only
Quote:
(none) login:
Or I miss the point?
 
Old 04-12-2007, 02:12 PM   #7
ramram29
Member
 
Registered: Jul 2003
Location: Miami, Florida, USA
Distribution: Debian
Posts: 848
Blog Entries: 1

Rep: Reputation: 47
The solution is simple:

Put your Linux server inside a locked closet where nobody can get physical access to it.

You can also password protect Grub and your BIOS. My last recommendation would be to disable root login on all consoles, but make sure at least one of your other accounts has root priviledge.
 
Old 04-13-2007, 06:14 PM   #8
Zention
Member
 
Registered: Mar 2007
Posts: 119

Rep: Reputation: 16
In your pose bit - why should no one know the root password in a multi user lab.

It is not a given that no one should know the root password, you should really explain what you are trying to achieve.

Assuming you want people to have access to their data restricted to themselves and not allow root (the admin) the ability to sniff around it - then you have to look towards encryption. So, you would encrypt part of the disk for each user.
 
Old 04-13-2007, 09:17 PM   #9
SlowCoder
Senior Member
 
Registered: Oct 2004
Location: Southeast, U.S.A.
Distribution: Debian based
Posts: 1,250

Original Poster
Rep: Reputation: 164Reputation: 164
Coming back to read my post, and all of your responses, I guess I left out information. Sorry about that.

1. I do realize at least one person should know the root password, but that should be the admin, not a general lab user.
2. I use BIOS passwords and boot orders at my job to keep users from attempting to boot from CD. I understand that aspect of security.

I think I should have thought it out more thoroughly before posting. This scenario just seems like such an easy way to bypass root, that it suprised me how easy it apparently is. With Windows, you have to pay mondo bucks for that type of security-breaking utility, generally much more than the average schmo wants to spend.
 
Old 04-14-2007, 03:52 AM   #10
Valkyrie_of_valhalla
Member
 
Registered: Jan 2006
Location: Romania
Distribution: Suse 12.0, Slackware 12.1, Debian, Ubuntu, Gentoo
Posts: 301

Rep: Reputation: 30
Not really, it's easy with windows too. You just need to get 2 files with a live cd, and there are tons of free utilities that can tell you the admin password. Alternatively, there are tons of exploits that give you admin privileges.

For Linux, if you already have a bios password, put in a grub password, and it's going to be pretty hard for the average user to get the root password (unless he has a screwdriver with him, and will reset the bios, or uses another hard drive as master, setting the one in the lab as slave, either way needing to open up the computer)
 
Old 04-14-2007, 11:56 PM   #11
ramram29
Member
 
Registered: Jul 2003
Location: Miami, Florida, USA
Distribution: Debian
Posts: 848
Blog Entries: 1

Rep: Reputation: 47
There is an ultimate way to protect a Linux root password which goes far beyond BIOS, Grub, and even external attempts: Encrypted File System. With newer version of the 2.6 kernel you can actually encrypt the root file system - in this way even if you do mount the hard disk externally you still cannot mount it unless you know the encrypted password. Just an FYI.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Lost Root password Oakstaff Linux - Newbie 6 11-29-2006 05:03 AM
Lost root password zillah Solaris / OpenSolaris 10 05-24-2005 06:28 PM
Lost root password Nectalathiel SUSE / openSUSE 2 12-26-2004 02:28 PM
Lost Root Password ThaMainframe Mandriva 4 11-12-2004 06:27 PM
lost root password brandonAd Linux - Security 7 08-03-2003 04:23 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 04:41 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration