[ale] single user lockdown?

Jacob Langseth jlangseth at esisys.com
Wed Dec 9 13:07:54 EST 1998


> 4a. in /etc/inittab edit the line :
> l1:1:wait:/etc/rc.d/rc 1
> so that it reads l1:1:wait:/etc/rc.d/rc 3
> 
> This will prevent single-user mode completely. it will always boot to
> run-level 3. you can still get in with a bios password to activate floppy
> booting and then use a boot floppy such as Toms root/boot or RedHats
> rescue discs.

4a can be bypassed by passing the init parameter to the kernel.
(eg init=/bin/sh)  To avoid this, keep /etc/lilo.conf mode 0600 with
a password= setting, and use the restricted option when describing
all linux labels.  eg lilo.conf:
	password = foo
	[...]
	restricted image = /boot/vmlinux.gz
	    label = linux
	    [...]

This causes lilo to prompt for the password= value before
accepting boot parameters.






More information about the Ale mailing list