RE: security scenario

["MacFerrin, Ken" <Ken_MacFerrin () csgsystems com>]

> consider this (I'm trying to make a network more secure) :
> A user enters grub upon bootup and hits "e" to edit the Linux boot 
> procedure and then continues to boot into single user mode, and he 
> then chagnes the root password to whatever he suits.... the user who 
> did this is eventually tracked down and taken care of.
>
> Now, how would I prevent this from happening in future instances?

Although not foolproof, a collection of the previous suggestions would require someone to spend a bit of effort to 
access the system:

1. Physically lock down the box, there are accessories made for this. 
http://www.google.com/search?hl=en&ie=UTF-8&oe=UTF-8&q=computer+locks

2. Depending on budget, install a tamper alarm (uses light sensors, etc)

3. Password protect the bios

4. Disable booting from anything but the hdd in bios (or disable external drives all together).

5. Password grub.

6. Set grub to require root pass for single user mode.

...and/or, from a social engineering point of view

1. Have management inform users that security violations will get them fired.  Someone would have a rough time claiming 
that they "didn't know".

2. Have HR implement and explain a signed policy upon hiring having users agree they will be held financially liable 
for any intentional security violations or accessing systems without permission.