23 Aug
2002
23 Aug
'02
6:55 a.m.
plz enlighten me about disabling linux single feature of lilo in most redhat systems
thanx
harsh
23 Aug
23 Aug
8:16 a.m.
Hi Harsh,
To prevent any unauthorised user from booting Linux into single user
mode you could add the following lines to /etc/lilo.conf:
restricted
requires a password to be used if boot time options (such as "linux single")
are passed to the boot loader. Make sure you use this one on each image
(otherwise the server will need a password to boot, which is fine if you're
never planning to remotely reboot it).
password=
requires user to input a password, used in conjunction with restricted, also
make sure lilo.conf is no longer world readable, or any user will be able to
read the password.
Here is an example of lilo.conf taken from Kurt Seifried's Linux
Administrator's Security Guide:
boot=/dev/hda
map=/boot/map
install=/boot/boot.b
prompt
timeout=100
default=linux
image=/boot/vmlinuz-2.2.5
label=linux
root=/dev/hda1
read-only
restricted
password=s0m3_pAsSw0rD_h3r3
This boots the system using the /boot/vmlinuz-2.2.5 kernel, stored on the
first portion (right after the MBR) of the first IDE harddrive of the
system, the prompt keyword would normally stop unattended rebooting, however
it is set in the image, so it can boot "linux" no problem, but it would ask
for a password if you entered "linux single", so if you want to go into
"linux single" you have 10 seconds to type it in, at which point you would
be prompted for the password ("s0m3_pAsSw0rD_h3r3").
One minor security measure you can take to secure the lilo.conf file is to
set it immutable, using the "chattr" command. To set the file immutable
simply:
chattr +i /sbin/lilo.conf
and this will prevent any changes (accidental or otherwise) to the lilo.conf
file. If you wish to modify the lilo.conf file you will need to unset the
immutable flag:
chattr -i /sbin/lilo.conf
only the root user has access to the immutable flag.
For further information and clarifiction read the Linux Administrator's
Security Guide(LASG) by Kurt Seifried.
The LASG is available at: http://www.securityportal.com/lasg/
Bye,
Kapil Karekar
----- Original Message -----
From: Harsh R Busa
To: linuxers(a)mm.ilug-bom.org.in
Sent: Friday, August 23, 2002 1:45 AM
Subject: [ILUG-BOM] disabling linux single
plz enlighten me about disabling linux single feature of lilo in most redhat
systems
thanx
harsh
28 Aug
28 Aug
4:41 a.m.
New subject: [OT][Commercial]outsourced projs......ctc asap
Dear Luggers,
Trevor here. I need a team of professionals who can
execute s/w projs wherein.......
--> Server s/w code is c/c++ with MySQL++ API
interfacing and the MySQL Database; Also windows
clients connect to this server in VB/VC.
Exp of 3-4 years in the Above platforms for the team
is necessary. Bombay based teams are preferred.
Prev teams who have got in touch can avoid gettin in
touch again.
Trevor Warren
=====
( >- GNU/LINUX, It's all about CHOICE -< )
/~\ __ http://www.qmailtheeasyway.com __ /~\
| \) / mailto: trevor.w(a)media.mit.edu \ (/ |
|_|_ \ Research Asst, MediaLab / _|_|
\___________________________________/
__________________________________________________
Do You Yahoo!?
Yahoo! Finance - Get real-time stock quotes
http://finance.yahoo.com
3 Feb
3 Feb
7:20 a.m.
On Thu, Aug 23, 2012 at 02:31:26AM +0530, Kapil Karekar wrote:
^^^^
[snip]
This message is from the future :-)
--
Abhir Joshi
http://education.vsnl.com/abhir/
Complex system: One with real problems and imaginary profits.
23 Aug
23 Aug
3:46 p.m.
On Fri, 23 Aug 2002, Harsh R Busa wrote:
plz enlighten me about disabling linux single feature
of lilo in most
redhat systems
man lilo, and look for the restricted option. Also look for sulogin.
--
die_if_kernel("Kernel gets FloatingPenguinUnit disabled trap", regs);
2.2.16 /usr/src/linux/arch/sparc/kernel/traps.c
7429
days inactive
7593
days old
4 comments
5 participants
participants (5)
-
Abhir Joshi -
Harsh R Busa -
Kapil Karekar -
Philip S Tellis -
Trevor Warren