Prevent Silent Mode

zokstar · #1 5th March 2011, 03:53 PM

Hello,

Is it possible to prevent my system into going silent mode if someone had pyshical access?

Relatives keep coming over and changing the admin password, and im guessing they do it via this way right?

domg472 · #2 5th March 2011, 04:08 PM

You mean single user mode?

1. put a lock on your case
2. change bios to only allow loading from specified hard disc.
3. set password on your bios
4. set grub password.
5. configure /etc/init/rcS-sulogin.conf to use "exec /sbin/sulogin" instead of "exec $SINGLE"

zokstar · #3 5th March 2011, 10:53 PM

yes so sorry, single user mode!

I set a grub password but it didnt go very well..

I went into terminal > grub > md5crypt > password. Then i edited /boot/menu.lst with the md5 "encryption key" (followed a guide i found online)

Can you recommend best way of doing it?

If i was to use step 5, what exactly does that do? Disabled single mode?

domg472 · #4 6th March 2011, 04:13 PM

Quote:

Originally Posted by zokstar

yes so sorry, single user mode!

I set a grub password but it didnt go very well..

I went into terminal > grub > md5crypt > password. Then i edited /boot/menu.lst with the md5 "encryption key" (followed a guide i found online)

Can you recommend best way of doing it?

edit /etc/grub..conf instead:

password --md5 "encryption key"

The /sbin/sulogin requires one to enter roots password to enter single user mode.. instead of allowing one to enter single user mode without a password.

sidebrnz · #5 6th March 2011, 03:06 AM

There's another, even sneaker way to stop those malicious little twits from messing with your computer. Do this as root:

mv /usr/bin/passwd /usr/bin/.password

and let them wonder why they can't change your password. Normally, I'd not suggest messing around with system programs like that but strong measures are needed to defend your system from vandalism.

Chilly Willy · #6 6th March 2011, 03:48 AM

If others have access to change the ROOT PASSWORD you have MORE PROBLEMS than just THIS!

Is there some reason why they have [or NEED] such access? - otherwise, I'd be putting a BOOT up someone's BACKSIDE! (securing the machine is your FIRST LINE of defence)

pete_1967 · #7 6th March 2011, 04:00 AM

You can enable password for single user mode by adding following to your /etc/inittab:

Code:

~~:S:wait:/sbin/sulogin

#8 6th March 2011, 04:34 PM

Quote:

Originally Posted by pete_1967

You can enable password for single user mode by adding following to your /etc/inittab:

Code:

~~:S:wait:/sbin/sulogin

After adding this line to my /etc/inittab, I was never prompted for a password when I booted into single user mode.

kurtdriver · #9 6th March 2011, 05:27 AM

Quote:

Originally Posted by zokstar

Relatives keep coming over and changing the admin password, and im guessing they do it via this way right?

Are your relatives geeks? Mine couldn't tell you how much ram they have. Using single mode to change the root password is a little bit geeky.

Why do they change it?

zokstar · #10 6th March 2011, 07:26 AM

well its my brother in law.. He is a geek, and knows he's way around linux pretty good..

Quote:

Originally Posted by pete_1967

You can enable password for single user mode by adding following to your /etc/inittab:

Code:

~~:S:wait:/sbin/sulogin

Thanks, i'll try this method

SiliconSlick · #11 6th March 2011, 02:51 PM

On your grub thingie:

1) you said /boot/menu.lst... I assume you meant /boot/grub/menu.lst (which is /boot/grub/grub.conf).

2) the line to add should have looked something like:

Code:

password --md5  <MD5CRYPTEDPASSWORD>

which should deny editing of the boot line unless a valid password is given. Is that what the tutorial stated?

SS

kurtdriver · #12 6th March 2011, 03:07 PM

Can you simply hide the computer prior to his visits? If he's familiar with Linux, editing grub won't stop him from booting from a CD or USB key.

SiliconSlick · #13 6th March 2011, 03:13 PM

Quote:

Originally Posted by kurtdriver

Can you simply hide the computer prior to his visits? If he's familiar with Linux, editing grub won't stop him from booting from a CD or USB key.

That's why you set/lock the BIOS (and put a lock on the case... so he can't get to the jumper to reset to BIOS defaults) as domg472 suggested.

SS

kurtdriver · #14 6th March 2011, 04:59 PM

Quote:

Originally Posted by SiliconSlick

That's why you set/lock the BIOS (and put a lock on the case... so he can't get to the jumper to reset to BIOS defaults) as domg472 suggested.

SS

Can all cases can easily be locked?

Another option would be to setup up Fedora on another partition, or drive do a little customization, and boot into it prior to his arrival. Give him the root password, (this may require a pretext of some sort).

Does he read Fedora Forum?

domg472 · #15 6th March 2011, 05:24 PM

Quote:

Originally Posted by kurtdriver

Can all cases can easily be locked?

Another option would be to setup up Fedora on another partition, or drive do a little customization, and boot into it prior to his arrival. Give him the root password, (this may require a pretext of some sort).

Does he read Fedora Forum?

security by obscurity is no solution