[ale] single user lockdown?
Jacob Langseth
jlangseth at esisys.com
Wed Dec 9 13:07:54 EST 1998
> 4a. in /etc/inittab edit the line :
> l1:1:wait:/etc/rc.d/rc 1
> so that it reads l1:1:wait:/etc/rc.d/rc 3
>
> This will prevent single-user mode completely. it will always boot to
> run-level 3. you can still get in with a bios password to activate floppy
> booting and then use a boot floppy such as Toms root/boot or RedHats
> rescue discs.
4a can be bypassed by passing the init parameter to the kernel.
(eg init=/bin/sh) To avoid this, keep /etc/lilo.conf mode 0600 with
a password= setting, and use the restricted option when describing
all linux labels. eg lilo.conf:
password = foo
[...]
restricted image = /boot/vmlinux.gz
label = linux
[...]
This causes lilo to prompt for the password= value before
accepting boot parameters.
More information about the Ale
mailing list