On 07/29/2011 11:16 PM, Jeremiah Jahn wrote:
On the servers you REALLY care about you can use luks and encrypted USB
keys that have to be in the system in order for it to decrypt the root
partition on boot. But most folks don't really need to go to that
extreme. Your best to decide how valuable the data you have actually is,
and how often you want to have to come into the office at 3am on a
Saturday night just to reboot something, much less wake the other guy up
to open his safe to get the key. :)
2011/7/29 Dag Wieers <d...@wieers.com <mailto:d...@wieers.com>>
On Fri, 29 Jul 2011, Marek Andreánsky wrote:
Why is securing /etc/inittab helping? I've read that by
adding init=/bin/bash to grub you can get into the machine and
change the
shadow file anyway, which gives you root. I'd say that Red Hat
presumes that
the server is in a secure location and it is therefore highly
improbable
that anyone could just simply sit down to it and reboot it
without anyone
ever noticing.
Well, one of the additional security measures when securing a Linux
system is adding a password to your BIOS and to your bootloader. So
that changing the kernel commandline or booting another device by
someone unauthorized is hard or impossible.
You could consider someone having physical access to your system, to
be able to walk away with the harddisk anyway (encrypted filesystem
not taken into account), but at least that's not something you can
do without being noticed.
Coming originally from secret squirrel land, one of the cardinal
security rules for us was simply "If the attacker has physical access,
you don't have security".
If we are talking about serious security environments then all
hypotheticals must be taken seriously, and even overwrought schemes such
as TPM do not prevent compromise in this case (neither does encryption
in many cases, depending on the attacker's intention -- its not always
just binary data on a disk that a smart attacker is after).
Physical acces to a system is where coded security gives way in absolute
terms to physical security measures. But again, that is if we're talking
about serious security environments and almost none of our use cases
probably represent that -- so we're left simply balancing usability vs
security like normal people.
-Iwao