Security Basics mailing list archives
RE: Is there a kernel patch to stop single user mode?
From: Ranjeet Shetye <ranjeet.shetye2 () zultys com>
Date: 24 Sep 2003 11:01:21 -0700
On Wed, 2003-09-24 at 08:41, Tiago de Oliveira Quadra wrote:
And disable USB, SERIAL and LPT ports on the BIOS? And put a password in BIOS? And lock the server on a secure RACK? What else? As Dave Gillett said: - "... is a matter of physical security, not OS security." -----Original Message----- From: Mike MacNeill [mailto:mmacneil () crosscountry com] Sent: sexta-feira, 19 de setembro de 2003 19:10 To: Carlos Eduardo Pinheiro; John Hebert Cc: security-basics () securityfocus com Subject: Re: Is there a kernel patch to stop single user mode? Don't forget to remove the floppy or cdrom drive as well. Both could be used to boot from and then mount the drive, edit lilo.conf, rmeove the password etc etc...From: "Carlos Eduardo Pinheiro" <cabeca () gmx net> Date: Fri, 19 Sep 2003 18:12:12 -0300 To: "John Hebert" <johnhebert () it-group com> Cc: <security-basics () securityfocus com> Subject: Re: Is there a kernel patch to stop single user mode? Set up a password on lilo.conf and use the option "restricted", itwill askfor the password just if a kernel parameter was specified at thecommandline. i think it will solve your problem no? Regards, Carlos Eduardo Pinheiro - cabeca () gmx net - ICQ#: 134439332 ----- Original Message ----- From: "John Hebert" <johnhebert () it-group com> To: <security-basics () securityfocus com> Cc: <general () brlug net> Sent: Friday, September 19, 2003 1:13 PM Subject: Is there a kernel patch to stop single user mode?Is there a way to stop someone with physical access to the box frombootinginto single user mode and changing the root password? I'm notinterestedinsolutions that require setting a boot or poweron password in theBIOS. I'dlike something that could be done in the Linux kernel, so as to applytomultiple platforms. Thanks, John Hebert------------------------------------------------------------------------ ---Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm------------------------------------------------------------------------ ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --- ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
remove module support from kernel - i know its a pain to remove module support and give up hotplug,initrd etc. secure, self-contained, convenient - pick 2 out of 3. -- Ranjeet Shetye Senior Software Engineer Zultys Technologies Ranjeet dot Shetye2 at Zultys dot com http://www.zultys.com/ The views, opinions, and judgements expressed in this message are solely those of the author. The message contents have not been reviewed or approved by Zultys. --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Is there a kernel patch to stop single user mode? John Hebert (Sep 19)
- Re: Is there a kernel patch to stop single user mode? Chris Ess (Sep 19)
- RE: Is there a kernel patch to stop single user mode? David Gillett (Sep 19)
- Re: Is there a kernel patch to stop single user mode? Matt Howard (Sep 19)
- Re: Is there a kernel patch to stop single user mode? Carlos Eduardo Pinheiro (Sep 19)
- Re: Is there a kernel patch to stop single user mode? Mike MacNeill (Sep 19)
- Re: Is there a kernel patch to stop single user mode? Ansgar -59cobalt- Wiechers (Sep 22)
- <Possible follow-ups>
- RE: Is there a kernel patch to stop single user mode? Tiago de Oliveira Quadra (Sep 24)
- RE: Is there a kernel patch to stop single user mode? Ranjeet Shetye (Sep 24)
- RE: Is there a kernel patch to stop single user mode? Per Krogh Nielsen (Sep 24)
- RE: Is there a kernel patch to stop single user mode? Ranjeet Shetye (Sep 24)