[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] single user lockdown?

Subject: [ale] single user lockdown?
From: jlangseth at esisys.com (Jacob Langseth)
Date: Wed, 9 Dec 1998 13:07:54 -0500

> 4a. in /etc/inittab edit the line :
> l1:1:wait:/etc/rc.d/rc 1
> so that it reads l1:1:wait:/etc/rc.d/rc 3
> 
> This will prevent single-user mode completely. it will always boot to
> run-level 3. you can still get in with a bios password to activate floppy
> booting and then use a boot floppy such as Toms root/boot or RedHats
> rescue discs.

4a can be bypassed by passing the init parameter to the kernel.
(eg init=/bin/sh)  To avoid this, keep /etc/lilo.conf mode 0600 with
a password= setting, and use the restricted option when describing
all linux labels.  eg lilo.conf:
	password = foo
	[...]
	restricted image = /boot/vmlinux.gz
	    label = linux
	    [...]

This causes lilo to prompt for the password= value before
accepting boot parameters.

Prev by Date: [ale] single user lockdown?
Next by Date: [ale] single user lockdown?
Previous by thread: [ale] single user lockdown?
Next by thread: [ale] single user lockdown?
Index(es):
- Date
- Thread