Security Basics mailing list archives
RE: Is there a kernel patch to stop single user mode?
From: "Tiago de Oliveira Quadra" <tquadra () landesigners com br>
Date: Wed, 24 Sep 2003 12:41:18 -0300
And disable USB, SERIAL and LPT ports on the BIOS?
And put a password in BIOS?
And lock the server on a secure RACK?
What else?
As Dave Gillett said:
- "... is a matter of physical security, not OS security."
-----Original Message-----
From: Mike MacNeill [mailto:mmacneil () crosscountry com]
Sent: sexta-feira, 19 de setembro de 2003 19:10
To: Carlos Eduardo Pinheiro; John Hebert
Cc: security-basics () securityfocus com
Subject: Re: Is there a kernel patch to stop single user mode?
Don't forget to remove the floppy or cdrom drive as well. Both could be
used to boot from and then mount the drive, edit lilo.conf, rmeove the
password etc etc...
From: "Carlos Eduardo Pinheiro" <cabeca () gmx net> Date: Fri, 19 Sep 2003 18:12:12 -0300 To: "John Hebert" <johnhebert () it-group com> Cc: <security-basics () securityfocus com> Subject: Re: Is there a kernel patch to stop single user mode? Set up a password on lilo.conf and use the option "restricted", it
will ask
for the password just if a kernel parameter was specified at the
command
line. i think it will solve your problem no? Regards, Carlos Eduardo Pinheiro - cabeca () gmx net - ICQ#: 134439332 ----- Original Message ----- From: "John Hebert" <johnhebert () it-group com> To: <security-basics () securityfocus com> Cc: <general () brlug net> Sent: Friday, September 19, 2003 1:13 PM Subject: Is there a kernel patch to stop single user mode?Is there a way to stop someone with physical access to the box frombootinginto single user mode and changing the root password? I'm not
interested
insolutions that require setting a boot or poweron password in the
BIOS. I'd
like something that could be done in the Linux kernel, so as to apply
to
multiple platforms. Thanks, John Hebert
------------------------------------------------------------------------ --
-Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm
------------------------------------------------------------------------ --
--
------------------------------------------------------------------------ ---
------------------------------------------------------------------------ ----
------------------------------------------------------------------------ --- ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Is there a kernel patch to stop single user mode? John Hebert (Sep 19)
- Re: Is there a kernel patch to stop single user mode? Chris Ess (Sep 19)
- RE: Is there a kernel patch to stop single user mode? David Gillett (Sep 19)
- Re: Is there a kernel patch to stop single user mode? Matt Howard (Sep 19)
- Re: Is there a kernel patch to stop single user mode? Carlos Eduardo Pinheiro (Sep 19)
- Re: Is there a kernel patch to stop single user mode? Mike MacNeill (Sep 19)
- Re: Is there a kernel patch to stop single user mode? Ansgar -59cobalt- Wiechers (Sep 22)
- <Possible follow-ups>
- RE: Is there a kernel patch to stop single user mode? Tiago de Oliveira Quadra (Sep 24)
- RE: Is there a kernel patch to stop single user mode? Ranjeet Shetye (Sep 24)
- RE: Is there a kernel patch to stop single user mode? Per Krogh Nielsen (Sep 24)
- RE: Is there a kernel patch to stop single user mode? Ranjeet Shetye (Sep 24)