At 3/9/99 6:08:00 PM, you wrote:
>
>If you're serious about security, you control physical access to the machine.
>
>If it's only being used for the local monitor/keyboard/mouse, and you have
>multiple users, you need to lock the system unit up *and* reconfigure
>CTL-ALT-DEL to be ignored.
If someone can get to the machine for about an half hour, they
can get anything. You can pull the cover off and remove the
hard drives and boot them up on another machine.
Some things I do:
1. Phsically lock your case to the desk, in such a manner that
the case cover cannot be removed.
2. Remove floppy, or disable it with a keyswitch on the 12 volt power
to it.
3. Put a password on lilo in the global section, and put the
word restricted in each kernel section. This will prompt for
a password when trying to boot into single mode.
4. Make your /boot directory read-only by root. It's
a pain when you need to run lilo to change it back to
read-write by root, but it keeps prying eyes out.
Your lilo password can be read from lilo.conf
also, so remove it after running lilo, or make it read-only
by root. Also your /boot/map file has your passwords
showing in plain text.
-
To get out of this list, please send email to [EMAIL PROTECTED] with
this text in its body: unsubscribe suse-linux-e
Check out the SuSE-FAQ at http://www.suse.com/Support/Doku/FAQ/ and the
archive at http://www.suse.com/Mailinglists/suse-linux-e/index.html
