Re: building public system -how to disable ctr-alt-backspace etc
On Tue, 2003-05-06 at 08:36, Hans Ekbrand wrote:
> On Tue, May 06, 2003 at 01:36:10PM +0100, Matthew King wrote:
> > On Tue, May 06, 2003 at 01:08:04PM +0100, The voices made Grzesiek Sedek say:
> > > How can I disable virtual terminals (Alt-ctr-Fxx) reset (ctr-alt-del)
[snip]
> If the box is attached to a network, consider disabling root login
> from console, make su executable for root only, deinstall sudo, turn
> on root logins from ssh and disable keyboard-interaktive login. That
> way, the only (?) way to get a root prompt is to authenticate with the
> proper ssh key. Don't lose your private key...
While I agree with disabling su, why disable sudo? sudo can get very
fine grained regarding who can do what, and that's what we want. I'd
also *disable* ssh root login, and make the user sudo everything.
And if you really want to be secure, lock the machine in a strong box,
and put / in an encrypted loopback partition, so if someone does get
to the box, and extracts the drive, it's useless to them.
Of course, booting off a CD-R (with the aforementioned encrypted
loopback partition) and then getting any needed data from the
central host through a VPN link would be even better.
--
+---------------------------------------------------------------+
| Ron Johnson, Jr. mailto:ron.l.johnson@cox.net |
| Jefferson, LA USA http://members.cox.net/ron.l.johnson |
| |
| The purpose of the military isn't to pay your college tuition |
| or give you a little extra income; it's to "kill people and |
| break things". Surprisingly, not everyone understands that. |
+---------------------------------------------------------------+
Reply to: