Return to BSD News archive
Path: euryale.cc.adfa.oz.au!newshost.carno.net.au!harbinger.cc.monash.edu.au!nntp.coast.net!fu-berlin.de!informatik.tu-muenchen.de!Germany.EU.net!Dortmund.Germany.EU.net!interface-business.de!usenet From: j@ida.interface-business.de (J Wunsch) Newsgroups: comp.unix.bsd.bsdi.misc Subject: Re: Making booting secure Date: 4 Oct 1996 09:52:02 GMT Organization: interface business GmbH, Dresden Lines: 18 Message-ID: <532mo2$iv3@innocence.interface-business.de> References: <52peqv$85h@lynx.unm.edu> Reply-To: joerg_wunsch@interface-business.de (Joerg Wunsch) NNTP-Posting-Host: ida.interface-business.de X-Newsreader: knews 0.9.6 X-Phone: +49-351-31809-14 X-Fax: +49-351-3361187 X-PGP-Fingerprint: DC 47 E6 E4 FF A6 E9 8F 93 21 E0 7D F9 12 D6 4E colinj@math.math.unm.edu (Colin Eric Johnson) wrote: > I'm upgrading about 30 machines to 2.1 and I need to make the boot > process as secure as possible. They all sit in a "public" lab so any > user who saw fit could power one off, restart the machine and then > interrupt the init process to get a single user shell. Flag your console in /etc/ttys as `insecure'. It will ask for a root password then when booting single-user. Of course, people could still `borrow' the hard disk over the weekend... or boot a floppy, to get it single-user. A physically insecure machine isn't secure, even if it's logically secure. -- J"org Wunsch Unix support engineer joerg_wunsch@interface-business.de http://www.interface-business.de/~j