On Tue, May 15, 2012 at 9:40 AM, mahdieh salamat <[email protected]> wrote: > Thanks all,I have an other question.certainly you see this message in > startup FreeBSD:"Hit [Enter] to boot immediately, or any other key for > command prompt." > after see it if press any key you enter to an other mode and if you type > '?' you can see the lists of commands.I want to remove this mode,It's so > important that a user can't accss to this mode. > Who can help me? > Thanks >
If your users have physical access to the machine then it is difficult to prevent them from booting from alternate media - a USB key, a CD - mounting your disks and changing the root password. Actually, I would add a separate root user (toor2), as the root password changing is somewhat detectable. You can fix boot order in the BIOS, but a BIOS can be reset simply by removing the BIOS battery briefly. In addition to that, many BIOS will also offer a boot menu option - which cannot be disabled - allowing the user to choose which device to boot from without entering the BIOS. Cheers Tom _______________________________________________ [email protected] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "[email protected]"
