Re: Disabling interactive init on Debian

[Michel Loos <loos@qt1.iq.usp.br>]

Em Ter, 2002-03-05 às 11:57, will trillich escreveu:
> On Sun, Mar 03, 2002 at 09:40:48AM -0800, Xeno Campanoli wrote:
> > In the Trinity OS security recommenation they say to disable the ability
> > to run init interactively by setting
> > 
> > prompt=no
> > 

This is the default in Debian (in lilo.conf) but it is not necessary,
even if the guy in front of the computer types the usual:
linux single
:he will not get root access to your computer without knowing the
passwd. (At least on testing with a 2.4.x kernel).

If he wants access, he can always boot on a floppy or CD and do whatever
he wants to.
You will have to disable (in the BIOS) floppy/CD booting AND put a BIOS
passwd or all this is for nothing.

Michel.


> > in a file called /etc/sysconfig/init, but that file doesn't exist on my
> > Debian Potato, and I don't find one that has "prompt=" in it (well,
> > there is one, but it's a binary called /etc/alternatives/pager, so I
> > don't think that's it).  Any ideas?  TIA.
> 
> 	# /etc/lilo.conf - See: `lilo(8)' and `lilo.conf(5)',
> 	# ---------------       `install-mbr(8)', `/usr/share/doc/lilo/',
> 	#                       and `/usr/share/doc/mbr/'.
> 
> [snip]
> 
> 	# Specifies the number of deciseconds (0.1 seconds) LILO should
> 	# wait before booting the first image.
> 	#
> 	delay=20
> 
> 	# You can put a customized boot message up if you like.  If you use
> 	# `prompt', and this computer may need to reboot unattended, you
> 	# must specify a `timeout', or it will sit there forever waiting
> 	# for a keypress.  `single-key' goes with the `alias' lines in the
> 	# `image' configurations below.  eg: You can press `1' to boot
> 	# `Linux', `2' to boot `LinuxWAS', if you uncomment the `alias'.
> 	#
> 	# message=/boot/bootmess.txt
> 	#	prompt
> 	#	single-key
> 	#	delay=100
> 	#	timeout=100
> 
> 	image=/vmlinuz
> 		label=Linux
> 		read-only
> 	#	restricted
> 	#	alias=1
> 
> 	image=/vmlinuz.was
> 		label=LinuxWAS
> 		read-only
> 		optional
> 	#	restricted
> 	#	alias=2
> 
> see "man lilo.conf" and when you mess with lilo.conf, be sure to
> run "lilo" itself so your new settings will be written to the
> boot sector for your next restart.
> 
> i think.
> 
> -- 
> I use Debian/GNU Linux version 2.2;
> Linux server 2.2.17 #1 Sun Jun 25 09:24:41 EST 2000 i586 unknown
>  
> DEBIAN NEWBIE TIP #44 from Will Trillich <will@serensoft.com>
> :
> Ever think you're reading OUTDATED DOCUMENTATION? Check the
> last-revised-date: if it's more than a few years ago, then
> there's probably something more recent out there. It may
> be under a whole different name, so it'll take perseverance
> and determination on your part. Be alert -- you'll find it!
> 
> Also see http://newbieDoc.sourceForge.net/ ...
> 
> 
> -- 
> To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
> 
>