SLUG Mailing List Archives - [SLUG] Re: Proceedure for preventing 'linux single' at lilo promp t

To: slug@xxxxxxxxxxx
Subject: [SLUG] Re: Proceedure for preventing 'linux single' at lilo promp t
From: Angus Lees <gusl@xxxxxxxxxxxxxxx>
Date: Fri Sep 15 13:44:18 2000
User-agent: Mutt/1.0.1i

On Fri, Sep 15, 2000 at 01:21:59PM +1000, Stephen Mills wrote:
> 1) be reminded that if a person has physical access to your linux machine,
> they can usually have full access to all information within a few mins with
> a boot floppy
> 
> 2) you can set a password on the lilo prompt to prevent them from booting an
> image without the proper password, but rule 1 still applies, check out
> /usr/doc/lilo-* for more info
> 
> 3) put your server under lock and key if its a problem

or in a lab-like environment:

 set to only boot from harddrive

 password protect the bios

 password protect lilo

 padlock the case closed (or put the case in a lockable steel cage)
 (*make sure people can't just poke the 5.25 cover off, and reach in
 anyway*)

 make sure that the machine boots to sulogin on single user
 (ie: failed fsck)

and then you should be reasonably safe. floppy / cdrom can be accessed
using the normal permissions (don't allow suid or devices on those
media tho..)

-- 
 - Gus

Follow-Ups:
- Moving OT a bit [was] Re: [SLUG] Re: Proceedure for preventing 'linux single' at lilo promp t
  - From: Howard Lowndes

References:
- RE: [SLUG] Proceedure for preventing 'linux single' at lilo promp t
  - From: Stephen Mills

Messages sorted by: [ date | thread ]
Prev by Date: RE: [SLUG] MTU and flamebait
Next by Date: Re: [SLUG] MTU and flamebait
Previous by thread: Re: [SLUG] Proceedure for preventing 'linux single' at lilo promp t
Next by thread: Moving OT a bit [was] Re: [SLUG] Re: Proceedure for preventing 'linux single' at lilo promp t