On Fri, Jul 12, 2002 at 08:34:19PM -0400, Jeff Gutierrez wrote: > Quick question: Even since I learned about the procedure you mentioned > about, I've always wondered if there's a way to setup a Linux box so > the root password can't be changed via the route you mentioned. Is > there?
There's only so much you can do to prevent the "obvious". Some things I do: 1. Since I use LILO, I specify a password, and mark the "allowable" images as restricted. What this does is the standard images in their default "incarnations" are allowed, but anything other than that needs the password. 2. I disable booting from a floppy disk and set a password for changing the BIOS. Obviously if someone had full physical access to the box, neither of this would have merit. BIOS/CMOS settings are easy to reset, and the hard drive may be mounted using another system and is wide open for access. More levels of security may be added, like perhaps some sort of encrypted filesystem, but really if a crack team wanted to get your data, I'm sure they'd find a way. The above settings, together with adequate physical security (eg: server room locked) should do enough to ward off curious amateurs. :) --> Jijo -- Federico Sevilla III : <http://jijo.free.net.ph/> Network Administrator : The Leather Collection, Inc. GnuPG Key ID : 0x93B746BE _ Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph To leave: send "unsubscribe" in the body to [EMAIL PROTECTED] To subscribe to the Linux Newbies' List: send "subscribe" in the body to [EMAIL PROTECTED]
