The only secure computer is one that's unplugged, locked in a
safe, and buried 20 feet under the ground in a secret location...
and i'm not even too sure about that one"--- A HACKER..
Remember: security is not a solution, it is a way of life... - SECURITY
ADMINS
ttyp123..
LILO SECURITY :-
==============
Hello all !!
well had nothing better to do today so i though of starting this security
section in which everyone could participate.This text is for the extremely lazy ppl
out there who dont wanna read the HOWTO's { if u read them and understand them then
probably u wouldn't need to join this mailing list after all.}This is regarding how u
can use the lilo prompt to prevent unauthorised users from getting into ur system by
giving boot options like
boot: linux single { taking into consideration that
u have multiple os'es installed.u probably wouldn't need lilo if u had only linux
installed on ur system and that they have physical access to ur systems }
the above option drops u to single user mode and gives complete interactive shell
without the need of u to supply a password.{ root access huh?? wonder what u wanna do
now.. ;).. backdoors ?? }
well it's the responsibility for a system admin to take care of this problem too. well
i know i shouldn't write this coz if u didn't know this much i wonder if someone would
keep u as a system admin.. well so this stuff is for the home user i guess. OK so here
i start.. well ok ok u all home users u must be asking me what is the need of security
at the boot prompt?? we have our bioses password protected.. ;-).. well well.. dear
dear user .. have u ever tried to open up ur cabinet and take a peep inside. probably
not. well there lies the hack to disabling ur bioses password. { heh dont start
meddling with the jumpers now .. probably dont touch anything if u dont know what u r
doing.. well there is a easy method to disable ur bios password there .. which will
not be revealed here :-). coz we r talking about the os security here right?? not
bioses .. and u probably cant do anything about it except lock the room where ur
computer sits.. } well the other option is use lilo to password protect ur system.
now u would ask me how?? well that's what i am here for arent i?? here is what ur
standard lilo.conf file looks like.
boot=/dev/hda
map=/boot/map
install=/boot/boot.b
prompt
timeout=100
default=linux
image=/boot/vmlinuz-2.2.5
label=linux
root=/dev/hda1
read-only
well ok here is something which u can add.
add these set of lines to the /etc/lilo.conf file ..
restricted
password=xyz { enter whatever password u like.. the length, the complexity doesn't
matter here.. as such but try and not keep it guessable.. and a highly determined
person can try all the combinations } so now ur lilo.conf would look something like
this
boot=/dev/hda
map=/boot/map
install=/boot/boot.b
prompt
timeout=100
default=linux
restricted
password=some_password
image=/boot/vmlinuz-2.2.13
label=linux
root=/dev/hda1
read-only
{ u dont need to worry about all the options as this file may not look exactly the
same in all the systems.. this is a sample output there will be other images too like
windows if u r using dual boot which u probably r }
now ur next logical step would be run lilo.
#/sbin/lilo { this would implement the changes we made in the lilo.conf file remember
that any changes u make in lilo.conf file, u must run /sbin/lilo every time after that
for the changes to take effect this is something like rebooting ur system everytime u
install some important component or do some important changes in windows eg.. u add
new drivers for a hardware ... remember it is very essential } wonder what ur next
step is?? rebooting ur system now?? heh see this is what i mean by overlooking stuff..
it's alright we all make mistakes.. ;-). the next probable step would be something
like this..
#chmod go-rwx /etc/lilo.conf { if u dont do this then the above stuff u did was waste
... a piece of shit... anyway.. u probably know what this means... ;-) }
To summerize this what we did was restricted the users to provide for a
password if they give any options at the boot prompt.for example if someone gave
linux single at the boot prompt (S)he would be required to provide the password.
Heh yeah before i forget there is one more thing that u gotta do .. guess .... ???
well well go and put ur bootable cdrom or the boot floppy in ur bank's safe deposit
vault... ;-).. ok next time i we will discuss some other aspects of security... bye..
###The only secure computer is one that's unplugged, locked in a
###safe, and buried 20 feet under the ground in a secret location...
###and i'm not even too sure about that one"--- A HACKER..
###Remember: security is not a solution, it is a way of life... - SECURITY ADMINS
| | | |
------- -------
------- ------- = = ||===|| = || ===|| ===))
| | | | \\ // || || || //
==))
=== === \\ // ||===|| || //=== ===))
// ||
=// //
