Chris, Astlinux does not currently include sudo.
Secondly, unless you encrypt the file system, there is really no way to prevent the type of access you are trying to prevent. If they have physical access to the device, encryption is your only real protection. Darrick On 08/31/2010 08:22 PM, Chris Abnett wrote: > I think I like those ideas for sure... > > But thyat still doesn't stop someone from mounting the CF, and CHrooting it, > and writing a new passwd file, where they could log in as a user they > created and then su root? > > -Christopher > > -----Original Message----- > From: Philip Prindeville [mailto:[email protected]] > Sent: Tuesday, August 31, 2010 9:19 PM > To: [email protected] > Subject: Re: [Astlinux-users] run passwd file in /tmp? > > Passwords are stored as MD5 hashes, which are a lot harder to crack. > > Also, you should be turning off root logins ("PermitRootLogin no" in your > /mnt/kd/sshd_config.tmpl), and forcing people to 'su' or 'sudo'. > > And of course, "PasswordAuthentication no" will stop people from logging in > via password (you'll need to have a pre-installed public key instead). > > Start with these things, and you'll already be pretty well covered. > > > > On 8/31/10 4:20 PM, Chris Abnett wrote: >> >> I am wanting to have astlinux run my passwd file on the RAM disk.. so that > if someone were to try and root hack the box, they could not mount the disk > in another machine and chroot to it, or simply write a new /etc/passwd file > over the top of mine. >> >> A script at bootup would handle creating the new file that astlinux will > use to log users in . >> >> Is there a way to accomplish this? >> >> My intent is for someone to not be able to crack the root passcode of a > running system. they can do what they want with the drive and a non running > system. but when they would try to boot it up to run it would fail out. >> >> -Christopher >> >> > > > ---------------------------------------------------------------------------- > -- > This SF.net Dev2Dev email is sponsored by: > > Show off your parallel programming skills. > Enter the Intel(R) Threading Challenge 2010. > http://p.sf.net/sfu/intel-thread-sfd > _______________________________________________ > Astlinux-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > [email protected]. > > > > ------------------------------------------------------------------------------ > This SF.net Dev2Dev email is sponsored by: > > Show off your parallel programming skills. > Enter the Intel(R) Threading Challenge 2010. > http://p.sf.net/sfu/intel-thread-sfd > _______________________________________________ > Astlinux-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/astlinux-users > > Donations to support AstLinux are graciously accepted via PayPal to > [email protected]. -- Darrick Hartman DJH Solutions, LLC http://www.djhsolutions.com ------------------------------------------------------------------------------ This SF.net Dev2Dev email is sponsored by: Show off your parallel programming skills. Enter the Intel(R) Threading Challenge 2010. http://p.sf.net/sfu/intel-thread-sfd _______________________________________________ Astlinux-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to [email protected].
