At our site, our equipment is physically secured behind locked doors. We are using OpenSSH, so if we need to do remote maintenance, we do so with our OpenSSH keys. If we need to do 'hands on' maintenance, we have the physical key to get through the door and into the 'closet'. Usually, that isn't the time we want to look up root passwords, so we've been implementing mingetty's 'auto-boot' option and a root password scrambler that makes it not possible to know what root's PW is at any given time, though we may temporarily set it if needed. Cron auto-scrambles it later.
I'm looking for the most straight-forward way to get the auto-boot2root. Perhaps the way to this is a uClibc version of mingetty with the auto-boot patch. Perhaps the standard getty could be patched for this, or it has such a patch I'm not aware of. Key to this 'boot2root' is having something like 'pwgen' to randomly create and 'chpasswd' to command-line enter a password. I also don't know the interaction this will have with the lrcfg script. 1) If the objective is simple enough, is someone willing to create the .lrp of uClibc compiled mingetty, pwgen and chpasswd programs? Or could someone guide me through hacking the source to compile suitable for Bering uClibc? I'm not a programmer, I know enough to build kernels and read comments in source. 2) Could someone suggest a name for a 'auto-boot2root+scrambled-pw.lrp' package? Or should this be broken into several packages that accomplish only the required parts? Ideally, one should need only edit inittab to get the --autoboot option of mingetty (or a modified getty) and insert a line in bootmisc.sh (or other more appropriate file) to have the console boot to the lrcfg menu with an unknowable password. And perhaps a third step to ensure the password is changed every, say, 15 minutes on the quarter-hour. 3) Could someone suggest how to arrange the boot process so an unknowable password doesn't conflict with lrcfg popping open on bootup? Or, perhaps, tty0 should spew syslog/ ulog messages, tty1 should drop to prompt and tty2 should drop to lrcfg. But I'm not confident of my ability to make that happen. Your suggestions towards this would be most welcome. --Romaq ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
