The bottom line is that it is essentially impossible to COMPLETELY secure any
pc to which you have physical access. It should be possible to do a
reasonably good job, if you are very careful, about securing a computer that
others DO NOT have physical access to, by shutting off the appropriate
servers, firewalling, using secure servers (like ssh instead of telnet), etc.
When all else fails, you can ABSOLTELY prevent unauthorized access over the
network by simply disconnecting the network cable. Tongue in cheek aside,
what is obvious is that the more secure the system, the less accessible it is
to you as well.
If someone has physical access to the system, it cannot be completely
secured. For instance, if I don't know your root password, I can power down
the machine, reboot, and restart in single user mode (eg runlevel=1 command
line argument to lilo or grub). Or, I can pop in a boot floppy (I keep a
tom's rootboot around all the time just in case), boot to my own kernel, log
in as root, mount your root partition...
You could, of course, put in a bios password that I would need to know before
I could boot the system, but then I can just enter setup and change it...or
you could put in a password for entering the bios password too, but then I
can open the case, take out the battery that powers the bios rom, short out
the appropriate connectors to clear the passwords (the manual for my ASUS
CUSL2 motherboard tell me how to do this if I ever forget my bios
passwords)...or if all else fails, just take the HD out of your computer and
stick it into mine and see what's on it...
So bottom line, you cannot ever fully secure a system. OTOH, with careful
attention to security issues you can thwart most casual hackers, and if you
really have stuff on your system that must be protected that well, don't put
it directly on the network, encrypt crucial files (don't forget your
passwords!) and so on.
Neal
On Sunday 18 February 2001 12:57, Bill Piety wrote:
> What a scary thread this is. I never realized it could be so easy to
> take control of someone's Linux box. Or did I miss a key element of the
> discussion? Why even have a password at all?
>
> On 19 Feb 2001 01:30:43 +0800, Franki wrote:
> > actually, just going in and typing "passwd root" and entering a new one
> > should work fine too, it will overwrite the one that is there now,, that
> > I did many times in RH6.2 also.
> >
> >
> > hope this helps.
> >
> >
> > -----Original Message-----
> > From: [EMAIL PROTECTED]
> > [mailto:[EMAIL PROTECTED]]On Behalf Of Stephen Carville
> > Sent: Monday, 19 February 2001 1:28 AM
> > To: Mandrake Expert
> > Subject: Re: [expert] Root Password
> >
> >
> > On Sun, 18 Feb 2001, John J. LeMay Jr. wrote:
> >
> > - ** Reply to message from Kuldeep Shah <[EMAIL PROTECTED]> on Sun,
> > 18 Feb
> > - 2001 15:10:09 +0530
> > -
> > -
> > - > I forgot the password of root
> > -
> > - I haven't tried this, but I think you can delete the password from
> > /etc/shadow
> > - (assuming you are using shadow passwords) and root will need to enter a
> > new
> > - password next time you login with that id.
> >
> > Type 'linux 1' (or 'linux single') at the lilo prompt. This drops you to
> > single user mode with root privileges. From there edit /etc/shadow and
> > delete the password for root. Make sure you delete the whole hash and
> > have nothing between the colons. It should look something like:
> >
> > root::11342:0:99999:7:::
> >
> > Reboot or type 'init 3'. You should now be able to login as root with no
> > password. Change the root password.
> >
> > Set up sudo to make it easier in the future.
> >
> > --
> > --Stephen Carville
> > http://www.heronforge.net/~stephen/gnupgkey.txt
> > ==============================================================
> > Government is like burning witches: After years of burning young women
> > failed to solve any of society's problems, the solution was to burn more
> > young women.
> > ==============================================================
