Re: Preventing single user mode
Well I have seen some interesting answers and even some helpful ones
:-)
As for physically cutting off access to the floppy, if I wanted to do
that, I would just send out the server without the floppy in it. If it
gets to the point where we have clients having to boot off of a
floppy, we usually replace the server and fix it when it comes back.
So I could secure the floppy by removing it.
I am more concerned with the possibility of booting into single-user
mode off of a straight boot process. As we don't ship out servers with
boot disks (even thought it is fairly easy to get your hands on one
via the net), I am looking at the booting off of a floppy approach.
When a box becomes locked to the point that we cannot get in without
resorting the single user mode, I can always pull the drive and put it
into another box in order to get at the log files.
I guess my concerns are more with the casual hacker, not with the
person who would rip opened the case and start hacking away from the
hardware side of it (like I would).
Philippe Troin mentioned something about a password option,
>Lilo has a password option (which you probably want to use with the restricted option too). RTFM.
but I have been unable to find anything about this. Where might I find
the difinative source of Lilo documentation?
Thanks
Timm
On Wed, 22 Oct 1997 19:14:41 +0100 (BST), David Wright
<D.Wright@open.ac.uk> wrote:
>On Tue, 21 Oct 1997, Timm Gleason wrote:
>
>> Does anyone out there know of a way to prevent a Debian box from being
>> able to boot into single user mode? We have removed any sort of delay=
>> settings from the lilo.conf, and this makes it extremely difficult to
>> get into that mode, but does not prevent it.
>>
>> Any help?
>
>How do you break into a perfectly secured area when the key just sheared
>off in the lock? How do you rescue a Debian box that can't boot into
>single-user mode?
>
>But to answer the question, I guess you'd need to (a) secure the floppy
>drive through the CMOS and (b) hack lilo (the source is there).
>
>But even if you somehow remove the jumper pin that clears the CMOS
>password, you can clear the CMOS entirely by temporarily removing its
>power source, so I guess you have to cut the tracks to the floppy cable.
>How far do you want to go?
>
>> Timm Gleason
>> Hardware Engineer
>
>Hey, you should find this easy!
>
>Just out of interest though, how straightforward is it to reset the CMOS
>password on laptops that say this is a factory operation? (i.e. is this
>just a con?)
>
>--
>David Wright, Open University, Earth Science Department, Milton Keynes MK7 6AA
>U.K. email: d.wright@open.ac.uk tel: +44 1908 653 739 fax: +44 1908 655 151
>
>
**************************************************************************
"Programming today is a race between software engineers striving to build
bigger and better idiot-proof programs, and the Universe trying to produce
bigger and better idiots. So far, the Universe is winning." - Rich Cook
**************************************************************************
Timm Gleason -- timm@bess.net -- timm@n2h2.com -- http://n2h2.com/
N2H2, Creators of Bess -- 1301 Fifth Avenue, Suite 1501--Seattle, WA 98101
**************************************************************************
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: