If they can mount the CF, then your system is already compromised.
On 8/31/10 6:22 PM, Chris Abnett wrote: > I think I like those ideas for sure... > > But thyat still doesn't stop someone from mounting the CF, and CHrooting it, > and writing a new passwd file, where they could log in as a user they > created and then su root? > > -Christopher > > -----Original Message----- > From: Philip Prindeville [mailto:[email protected]] > Sent: Tuesday, August 31, 2010 9:19 PM > To: [email protected] > Subject: Re: [Astlinux-users] run passwd file in /tmp? > > Passwords are stored as MD5 hashes, which are a lot harder to crack. > > Also, you should be turning off root logins ("PermitRootLogin no" in your > /mnt/kd/sshd_config.tmpl), and forcing people to 'su' or 'sudo'. > > And of course, "PasswordAuthentication no" will stop people from logging in > via password (you'll need to have a pre-installed public key instead). > > Start with these things, and you'll already be pretty well covered. > > > > On 8/31/10 4:20 PM, Chris Abnett wrote: >> I am wanting to have astlinux run my passwd file on the RAM disk.. so that > if someone were to try and root hack the box, they could not mount the disk > in another machine and chroot to it, or simply write a new /etc/passwd file > over the top of mine. >> A script at bootup would handle creating the new file that astlinux will > use to log users in . >> Is there a way to accomplish this? >> >> My intent is for someone to not be able to crack the root passcode of a > running system. they can do what they want with the drive and a non running > system. but when they would try to boot it up to run it would fail out. >> -Christopher >> >> > ------------------------------------------------------------------------------ This SF.net Dev2Dev email is sponsored by: Show off your parallel programming skills. Enter the Intel(R) Threading Challenge 2010. http://p.sf.net/sfu/intel-thread-sfd _______________________________________________ Astlinux-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/astlinux-users Donations to support AstLinux are graciously accepted via PayPal to [email protected].
