[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: building public system -how to disable ctr-alt-backspace etc

On Tue, 2003-05-06 at 08:36, Hans Ekbrand wrote:
> On Tue, May 06, 2003 at 01:36:10PM +0100, Matthew King wrote:
> > On Tue, May 06, 2003 at 01:08:04PM +0100, The voices made Grzesiek Sedek say:
> > > How can I disable virtual terminals (Alt-ctr-Fxx) reset (ctr-alt-del)
> If the box is attached to a network, consider disabling root login
> from console, make su executable for root only, deinstall sudo, turn
> on root logins from ssh and disable keyboard-interaktive login. That
> way, the only (?) way to get a root prompt is to authenticate with the
> proper ssh key. Don't lose your private key...

While I agree with disabling su, why disable sudo?  sudo can get very
fine grained regarding who can do what, and that's what we want.  I'd
also *disable* ssh root login, and make the user sudo everything.

And if you really want to be secure, lock the machine in a strong box,
and put / in an encrypted loopback partition, so if someone does get
to the box, and extracts the drive, it's useless to them.

Of course, booting off a CD-R (with the aforementioned encrypted
loopback partition) and then getting any needed data from the 
central host through a VPN link would be even better.

| Ron Johnson, Jr.        mailto:ron.l.johnson@cox.net          |
| Jefferson, LA  USA      http://members.cox.net/ron.l.johnson  |
|                                                               |
| The purpose of the military isn't to pay your college tuition |
| or give you a little extra income; it's to "kill people and   |
| break things".  Surprisingly, not everyone understands that.  |

Reply to: