On Thursday 27 May 2004 21:22, Robert Walker wrote: > Thursday, May 27, 2004, 8:31:22 PM, you wrote: > > On Thursday 27 May 2004 20:14, Robert Walker wrote: > >> Hello all, > >> > >> I was trying to increase the security of my Linux box (famous last > >> words). I am running Mandrake 9.2 set for console login (run level 3). > >> > >> I was reading an article about stopping root logins for > >> Red Hat Linux (v8.0)... Decided to follow the suggestions. This turned > >> out to be a really bad move :-) > >> > >> Anyhow I am now in the situation where I have ended up with: > >> /etc/securetty which is blank (dumb) > >> /etc/ssh/sshd_config which disallows root logins (good) > >> > >> I have KDE, X and tightvnc installed but I am not currently using them. > >> > >> I can't 'su' root to execute a command/change to root or login as root > >> either with a remote secure shell or a local shell!! I just get the > >> message: > >> "This account is currently not available." > >> So I can't even copy the old securetty~ file back... > >> > >> Do I need to reinstall everything again (would not be fun given the > >> amount of hassle I had setting it all up - especially the driver for the > >> PCI ADSL modem and kernel customisations) and start from scratch?? > >> Is there any other way of getting root access apart from <login> and > >> <su>?? > >> > >> Is there anyway to boot from a CD to get root access back?? Or some > >> other solution (possibly mounting the hard disk on another box with > >> Linux installed)?? > > > > I am not sure how to get your system back to how it should be, but for > > future reference if you want to disable root login, instead of following > > a RedHat Guide just Open Mandrake Control Centre>Security>Levels and > > Checks > > > > Selecting High (or is it Higher) security level will disable root login. > > Or alternatively regardless of your security level you can customise your > > existing level by selecting the 'System options' tab. > > > > The 'Direct Root Login' option will enable/disable root login for you. > > > > Hope you manage to recover the system without a reinstall. You might be > > able to set a new root password if you go into run level 1. Try booting > > into 'failsafe' from your lilo menu. > > > > derek > > Hi Derek, > > Cheers for the quick response. No I'm buggered... Run level 1/failsafe > gives all the same problems. The root account is disabled because it > can not be accessed/logged into from any tty device. > > Can I mount the physical hard disk on a different Linux box and change > the securetty file? How would I do this? Would it just show up in the > mounts if I plug it into an IDE port or do I need to do else to mount > it (e.g. alter fstab on the other machine)? I.e. hate Slackware > because its harder to find the relevant configuration files for stuff... > > Its all a bit bizare because the machine is stable as an internet > gateway its not urgent (it still works without root access). But I did > want to setup a place holding webserver on it today (hah hah thats not > going happen now :-).
You could try booting from your CD1 . Hit F1 at the first prompt where it says "more options". At the prompt type 'rescue' you will go into a shell where you can mount the existing partitions. Trouble is I am not sure what to do once you get there. If you have it, Knoppix or some other livecd distro might be able to help you. derek -- www.jennings.homelinux.net http://twiki.mdklinuxfaq.org
____________________________________________________ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com ____________________________________________________
