> > My new saying is "Got Console Got Root!"..... > I've seen a A LOT of scripts that give you a root shell after a minute or > two...
Well, if you have console access to a box, you usually can root it very quickly. Failing that, you can usually just down the box, which is almost as bad. Lintel boxes are especially bad with the old LILO "boot single" option. And even if not, it's usually a rather trivial matter to set up a mini- distro on removable boot media (CD or floppy) and config the BIOS to use that. After all, physical access to the console usually grants you access to the Big Red Switch and the power cord. My home Lintel boxes have LILO passwords, but I've not gotten paranoid enough to set up BIOS passwords. They do bypass removable media on boot, but w/o a BIOS password, that's not going to stop someone for long. I figure if someone has physical access to my home system, I have bigger problems than data integrity at this point. =) Were I to colo, I'd definitely have those set, and replace key screws with locks (from CyberGuys, http://tinyurl.com/zz3). I would expect the colo facility to be responsibility for power integrity and physical access control, and pick up from there. (and no, the case lock won't stop a drill, but the paranoia has to stop somewhere.) tim -- Sysadmin Rule #14: If it's not on fire, it's a software issue. _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
