[809] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

Re: [linux-security] Admin note (recent traffic surge).

daemon@ATHENA.MIT.EDU (N D Ghaznavi)
Sun Jun 16 15:30:54 1996

Date: Thu, 13 Jun 1996 13:21:38 -0400 (EDT)
From: N D Ghaznavi <ndg@Ghaznavi.com>
To: Woody Weaver <woody@altair.stmarys-ca.edu>
cc: linux-security@tarsier.cv.nrao.edu
In-Reply-To: <m0uTbSu-0005KYC@altair.stmarys-ca.edu>

On Tue, 11 Jun 1996, Woody Weaver wrote:

> My solution, of course, is just to have a separate boot media handy;
> given that I'm running linux on a PC, its easy to boot off of floppy
> and mount the main file system on a convenient mount point -- physical
> security beats software security.  But some linux boxes may be in
> inconvient locations, or be hardware modified as to be unable to boot
> from floppy.

A slightly more robust alternative is to have a small partition with a 
mini linux system on it.  That way if you lose root access on the main 
system you boot into the minisystem using LILO (it's *not* the default 
kernel image), login as root using the root password, mount the main 
partition and fix whatever it is you need to (eg, blank out the root 
passwd entry in /etc/passwd), and then reboot into the main system.

Yeah, it requires physical access, but that's a measure of security too.  
Don't be fooled into complacency though, 'cause someone could edit your 
lilo.conf, run lilo and reboot into this system remotely too.  I.e. make 
sure it's a good root password on the backup mini system.

I've been using this setup for quite some time now, with no complaints.  
It's also saved me considerable grief a couple of times (i.e. boot disks 
hassles etc etc you know the drill...).

[Mod: Quoting trimmed.  --Jeff.]

home help back first fref pref prev next nref lref last post