If you are an even slightly
security-consious sysadmin, the previous sections must have set off
alarms while you were reading them. Is it really that easy to hack
Linux? Yes and No. It all it comes down to the following: Physical
Access is Root Access. Meaning, if you give someone physical access to a
system, then you are giving them a very good chance of getting root
access on your box. This is true for Windows, Linux, or any other OS out
there.
But… you say that you need to give some people physical access to the server? There are some precautions you can take to slow down attackers and stop the noob’s. In this section I will talk about various ways you can make your computer more secure against these types of attacks. So lets get started.
3.1.1 Password protecting GRUB and LILO
First, edit the /etc/inittab file and insert the following line, right after the “initdefault” line: ~~:S:wait:/sbin/sulogin. This will require a password to boot into single-user mode by making init run ‘sulogin’ before dropping the machine to a root shell. ‘sulogin’ requires the user to input the root password before continuing.
Unfortunately, the above step won’t protect us against people who know what they are doing and pass init=/bin/bash to the kernel at the LILO prompt. To prevent unauthorized access I would suggest that you password protect LILO/GRUB by following these steps:
How to Protect LILO:
Open a shell prompt and log in as root
Open /etc/lilo.conf in your favorite text editor
Add the following line before the first image stanza: password=<password> , where <password> is your password.
Run /sbin/lilo -v to let the changes take effect
Type chmod 600 /etc/lilo.conf to give only root access to read and edit the file since all passwords are in plain text
Relax a bit, as your system is a little bit more secure
How to password-protect GRUB
Open a shell prompt and log in as root
Type /sbin/grub-md5-crypt and press enter
Enter the password you chose for GRUB when prompted. This will return an MD5 hash of your password
Open /boot/grub/grub.conf in your favorite text editor
Add password –md5 <password-hash> below the timeout in the main section (Replace <password-hash> with the hash you got in the previous step)
Save and exit
The next time you reboot, the GRUB menu will not let you access the editor or command interface without first pressing [p] followed by the GRUB password.
njoy the simplicity.......
©Atul Singh
victimizeit.blogspot.com
But… you say that you need to give some people physical access to the server? There are some precautions you can take to slow down attackers and stop the noob’s. In this section I will talk about various ways you can make your computer more secure against these types of attacks. So lets get started.
3.1.1 Password protecting GRUB and LILO
First, edit the /etc/inittab file and insert the following line, right after the “initdefault” line: ~~:S:wait:/sbin/sulogin. This will require a password to boot into single-user mode by making init run ‘sulogin’ before dropping the machine to a root shell. ‘sulogin’ requires the user to input the root password before continuing.
Unfortunately, the above step won’t protect us against people who know what they are doing and pass init=/bin/bash to the kernel at the LILO prompt. To prevent unauthorized access I would suggest that you password protect LILO/GRUB by following these steps:
How to Protect LILO:
Open a shell prompt and log in as root
Open /etc/lilo.conf in your favorite text editor
Add the following line before the first image stanza: password=<password> , where <password> is your password.
Run /sbin/lilo -v to let the changes take effect
Type chmod 600 /etc/lilo.conf to give only root access to read and edit the file since all passwords are in plain text
Relax a bit, as your system is a little bit more secure
How to password-protect GRUB
Open a shell prompt and log in as root
Type /sbin/grub-md5-crypt and press enter
Enter the password you chose for GRUB when prompted. This will return an MD5 hash of your password
Open /boot/grub/grub.conf in your favorite text editor
Add password –md5 <password-hash> below the timeout in the main section (Replace <password-hash> with the hash you got in the previous step)
Save and exit
The next time you reboot, the GRUB menu will not let you access the editor or command interface without first pressing [p] followed by the GRUB password.
njoy the simplicity.......
©Atul Singh
victimizeit.blogspot.com
No comments :
Post a Comment