RE: Is there a kernel patch to stop single user mode?

[Per Krogh Nielsen <geek () prebsi com>]

On Wed, 2003-09-24 at 20:01, Ranjeet Shetye wrote:
> On Wed, 2003-09-24 at 08:41, Tiago de Oliveira Quadra wrote:
<snip>
> > > ----- Original Message -----
> > > From: "John Hebert" <johnhebert () it-group com>
> > > To: <security-basics () securityfocus com>
> > > Cc: <general () brlug net>
> > > Sent: Friday, September 19, 2003 1:13 PM
> > > Subject: Is there a kernel patch to stop single user mode?
> > >
> > >
> > > > Is there a way to stop someone with physical access to the box
from
> > > booting
> > > > into single user mode and changing the root password? I'm not
> > interested
> > > in
> > > > solutions that require setting a boot or poweron password in the
> > BIOS. I'd
> > > > like something that could be done in the Linux kernel, so as to
apply
> > to
> > > > multiple platforms.
> > > >
> > > > Thanks,
> > > > John Hebert

You might want to check out your /etc/inittab file.

And checkout : http://unixhelp.ed.ac.uk/CGI/man-cgi?sulogin+8

> From a debian installation :

----
# What to do in single-user mode.
~~:S:wait:/sbin/sulogin
----

This will enable a login prompt when booting into single user mode.

But it will not prevent anyone from booting from a floppy/cdrom,
mounting you drive and changing the password.

And if I'm not mistaken, man /etc/securetty is a try.

PKN   :-)



---------------------------------------------------------------------------
----------------------------------------------------------------------------