[809] in linux-security and linux-alert archive
Re: [linux-security] Admin note (recent traffic surge).
daemon@ATHENA.MIT.EDU (N D Ghaznavi)
Sun Jun 16 15:30:54 1996
Date: Thu, 13 Jun 1996 13:21:38 -0400 (EDT)
From: N D Ghaznavi <ndg@Ghaznavi.com>
To: Woody Weaver <woody@altair.stmarys-ca.edu>
cc: linux-security@tarsier.cv.nrao.edu
In-Reply-To: <m0uTbSu-0005KYC@altair.stmarys-ca.edu>
On Tue, 11 Jun 1996, Woody Weaver wrote:
> My solution, of course, is just to have a separate boot media handy;
> given that I'm running linux on a PC, its easy to boot off of floppy
> and mount the main file system on a convenient mount point -- physical
> security beats software security. But some linux boxes may be in
> inconvient locations, or be hardware modified as to be unable to boot
> from floppy.
A slightly more robust alternative is to have a small partition with a
mini linux system on it. That way if you lose root access on the main
system you boot into the minisystem using LILO (it's *not* the default
kernel image), login as root using the root password, mount the main
partition and fix whatever it is you need to (eg, blank out the root
passwd entry in /etc/passwd), and then reboot into the main system.
Yeah, it requires physical access, but that's a measure of security too.
Don't be fooled into complacency though, 'cause someone could edit your
lilo.conf, run lilo and reboot into this system remotely too. I.e. make
sure it's a good root password on the backup mini system.
I've been using this setup for quite some time now, with no complaints.
It's also saved me considerable grief a couple of times (i.e. boot disks
hassles etc etc you know the drill...).
[Mod: Quoting trimmed. --Jeff.]