| How
to prevent other people from changing your root password?
Now that you've seen how simple it is to get access to a Linux system without any passwords, you'd surely be surprised at this flaw. That's what I thought when I came to know about this exploit. Actually, you have to instruct the boot loader (LILO or GRUB) not to permit people from passing arbitrary arguments to the kernel without first authenticating themselves. In short, you have to set a "Boot Loader Password" which will be required when you pass any arguments to the kernel. Now what if you forget that too... brutha, then you need a betta storehouse up there!! This is how you go about it. Make the following changes in /etc/lilo.conf with your favourite text editor. I use emacs. # emacs /etc/lilo.confSearch for the "image=" entry for your kernel. It'll look something like this: image=/boot/vmlinuz-2.4.7-10 label=linux initrd=/boot/initrd-2.4.7-10.img read-only root=/dev/hda1edit it so that it looks like this: image=/boot/vmlinuz-2.4.7-10 label=linux initrd=/boot/initrd-2.4.7-10.img read-only root=/dev/hda1 restricted password=yourpassThe password you provide above, will be the one you have to key in whenever you try to pass any boot time parameter to the kernel. Now run "lilo" so that it can update itself with the new configuration. # liloVoila!! now you can reboot and try out the Brand New Hackers-Can-Eat-Their-Shit boot loader!! Note: It's always a good idea to make
the /etc/lilo.conf file only root readable, so that normal users can't
peek-a-boo at your boot loader password.
Frequently Used Options
Have a Linux Issue?
Linux Home: Linux System Administration Hints and Tips (c) www.gotothings.com All material on this site is Copyright.
|