Re: to allow root logins or not?
On Sat, Apr 21, 2007 at 12:21:52PM -0400, Greg Folkert wrote:
> On Sat, 2007-04-21 at 17:18 +0300, Linas ??virblis wrote:
> > Douglas Allan Tutty wrote:
> >
> > > If something happens during boot and you want to boot single, /home
> > > isn't mounted and only root is allowed to log in. If there is no root
> > > user, how does this happen?
> >
> > This one is a nasty surprise. You will be given a root prompt _without_
> > being asked for password. This looks more like a bug, rather than a
> > feature, to me.
>
> Physical security. If they have the console, they have the machine. IMO.
>
> *They* can bring in bootable media. Change the root password from there
> or add another stealth user with UID 0... then you *ARE* screwed.
>
To make it harder:
secure the bios. You _could_ even have the bios need a password
to boot the hard drive. Some bioses allow you to bring up a
boot menu that bypasses the boot priority unless you require a
password for everything.
secure the boot loader so that anything except the default boot
requires a password.
OTOH, they can just pop the battery off the MB, and there's probably a
way to make the initrd barf out to a shell.
You can make things more difficult for an attacker; they tend to also
make things more difficult for you. It all depends on the specific
threats you are guarding against.
Remember, even safes/vaults are listed by how many _minutes_ it takes
to pick the lock. So in general, yes, it comes down to physical
security, but just because you've addressed the physical security
doesn't mean that you shouldn't secure the rest of the system to slow
down someone who does manage to break in. Security in depth.
So have a root password. A very long complex root password. Give it to
nobody. Lock it in a safe, in a safe, at a remote location. Set
everything up so nobody needs to use it. But its there if all else
fails.
Doug.
Reply to: