Re: securing lilo
Sandip P Deshmukh said:
> while installing debian 3.0, it suggested that i should secure lilo.
>
> i went throught the documentation and could not make out how to secure
> lilo.
>
> could someone throw more light and may be give step by step instructions?
>
how bout some darkness :) securing lilo won't do all that much. if
your that worried about console-level compromise you need to physically
secure the machine(so the chassis cannot be opened, so no drives can
be accessed), as well as disable the ctrl+alt+del feature in inittab.
If a user wants to get into a system, and is even slightly famillar with
linux, lilo is very easy to bypass using a boot floppy or CD. And bios
passwords can be erased by clearing the CMOS(opening the case). I
personally consider this a strength of linux, systems that the root
password gets lost or forgotten I can easily get in the back door
with linux init=/bin/bash , don't even need a boot disk. if lilo was
protected I could do the same, or go one further and boot the rescue
disk and mount the partitions directly to access the data(I made
a home-made rescue CD which has full support for all kinds of hardware
I used at my company as well as networking, NFS(client/server), PCMCIA,
SSH(server/client) support, DHCP, DNS(client/server), so I could put the
CD in and backup the data if the system became unbootable for some reason.
after all that, if your still interested in looking into this
feature, I ran a quick search and came up with this:
http://howto.lycos.com/lycos/step/1,,9+47+26143+25285+2161,00.html
it mentions redhat, but lilo is lilo, same on every distribution I've
ever used.
nate
Reply to: