[ale] single user lockdown?

Jim Kinney jkinney at teller.physics.emory.edu
Wed Dec 9 11:51:19 EST 1998


I'm assuming you want to keep people from rebooting the machine and then
getting in and causing problems. 

1. Lock the door to prevent console access. 
2. Password lock the bios configuration to prevent floppy booting.
3. Keylock the case to prevent bios password defeating from mainboard
jumper.
4a. in /etc/inittab edit the line :
l1:1:wait:/etc/rc.d/rc 1
so that it reads l1:1:wait:/etc/rc.d/rc 3

This will prevent single-user mode completely. it will always boot to
run-level 3. you can still get in with a bios password to activate floppy
booting and then use a boot floppy such as Toms root/boot or RedHats
rescue discs.

4b. Edit /etc/rc.d/rc1.d to exclude the S00single link. 

Single user mode is inherently unlocked as its intended use is to fix a
problem that root can't log in through. On my public machines, I have used
4a above with good success.


James Kinney M.S.Physics		jkinney at emory.edu
Educational Technology Specialist	404-727-4734
Department of Physics Emory University	http://teller.physics.emory.edu

On Wed, 9 Dec 1998, Nomad the Wanderer wrote:

>   What would be the BEST way to lock up the single user login for Linux?
> Right not a "linux 1" brings the machine up and drops you in a bash 
> prompt.  Not good.  Any ideas?
> 
> Robert
> ---------------------------------------------------------------------------
> Robert L. Harris                |   Windows --
> Senior System Administrator II  |        Proof Micro$oft has
>   at Great West Life.           \_            a room full of monkeys.
> 
> http://www.orci.com/~nomad
> 
> DISCLAIMER:
>       These are MY OPINIONS ALONE.  I speak for no-one else.
> 
> FYI:
>  perl -e 'print $i=pack(c5,(41*2),sqrt(7056),(unpack(c,H)-2),oct(115),10);'
> 






More information about the Ale mailing list