linuxsingle

ifanybody can tell me how to make changes in linux so
that a person cannot move to linux single mode in any
condition . not even from bootable CD

thanks

ankit

____________________________________________________________ ____________
Yahoo! Messenger - Communicate instantly..."Ping"
your friends today! Download Messenger Now
http://uk.messenger.yahoo.com/download/index.html
-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: linuxsingle

At 4/10/2005 05:20 AM +0100, Ankit Jain wrote:
>ifanybody can tell me how to make changes in linux so that a person cannot
>move to linux single mode in any condition . not even from bootable CD

Install Linux on your server, encase it in acrylic, lock it in a really
good safe, weld the seams, encase in concrete, then (and you get your
choice of options here) either (1) drop it into the Mariana Trench, or (2)
hide it in a secret cavern on the dark side of the moon, or (3) drop the
whole thing into the sun. Obviously, the latter two are more expensive but
they are more secure; after all, someone might find the server at the
bottom of the ocean and go to the trouble to extract it from the
hermetically sealed container. As everyone knows, once a black hat has
physical access to the server they can do whatever they like. (You
therefore might want to use a one-time pad cipher to encrypt the contents
of the system, but of course it'll take some time to hand-key all that key
length unless your data to be encrypted is very tiny.)

Practical security must be a compromise between need to access the data
(and backup and recovery) and need to keep unauthorized people from
accessing the data. The way you keep single-user mode from getting
everything is to physically secure the system. How much physical and
software security you need depends on the situation, but completely
eliminating single-user mode (or the effective equivalents of booting from
other media or moving the data storage to another machine) is not the
solution. Locking the hardware away from malicious and/or careless people
is how to handle this part of security.

--
Jeff Woods


-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: linuxsingle

At 05:20 AM 4/10/2005 +0100, Ankit Jain wrote:
>ifanybody can tell me how to make changes in linux so
>that a person cannot move to linux single mode in any
>condition . not even from bootable CD

No. That is, nobody can tell you how to do that, because it cannot be done
in Linux.

If someone has physical access to your host and can reboot it from a CD or
floppy, the version of Linux on the hard disk (and even the bootloader
there) becomes irrelevant to the boot/init process, and it can do nothing
to stop the rescue disk from booting to whatever it wants to boot to.

There are things you can do, in the hardware and the BIOS, to prevent use
of rescue disks. Don't have any removable storage in the first place, or at
least none that is bootable. Make the hard disk the only boot option
(including disallowing USB or network boots, these days), and
password-protect the BIOS. Epoxy over the pins on the mobo that are used to
force a BIOS reset, and superglue the CMOS battery in so it can't be
removed to clear CMOS RAM. Superglue the hard-disk cable(s) to the drive(s)
and the mobo so someone can't swap the boot drive to the second IDE
connector and attach a different boot drive to the primary connector.

Even after all of that, there's probably a workaround for breaking in ...
the point is that securing a host (at least one built from conventional
components) from someone who has physical access to it, and time to do the
work, is either impossible or nearly so.

(This all may seem a bit much, but you did say "in any condition" in your
question, so I'm intentionally considering extreme cases, not only cases
where the cracker has 2 minutes and needs to remain unnoticed in a crowded
room. If that's all you are concerned about, and we can assume the case
itself remains unopened, then the BIOS changes I mention are probably
sufficient, when combined with the Linux details I will discuss below.)

If you limit your request to boot/inits based on the Linux kernel and root
filesystem you install on the host, then you might be able to accomplish
this, or at least what you probably really want ... requiring a user to
know the root password even in single-user mode. Debian systems run a
probram called sulogin in these cases, and it requires one to know the root
password to proceed. Use of it is specified in /etc/inittab, in a line that
reads

# What to do in single-user mode.
~~:S:wait:/sbin/sulogin

Read the man page for sulogin for more on this. You could probably fiddle
with this to make it completely impossible to log in in single-user mode,
by replacing /sbin/sulogin with a program that blocks all access, or maybe
a call to /sbin/halt .

If you do this, you'll also want to password protect lilo (or whatever
bootloader you use), so a cracker can't work around this by passing a
different "init=" line to lilo (the man page for lilo will fill in the
blanks here, if you don't know what I mean).

I doubt I plugged all the holes. It's been a long time since I worried
about securing a system from a user sitting at its console. But these
suggestions will take you in the right direction.

One last possibility I should note: you could use an encrypted filesystem,
one that is accessible only to the Linux kernel on it. I don't know any of
the details about how to do this, though, and I suspect it is far from an
off-the-shelf solution. So if you want to explore it, raise it in a
follow-up and perhaps someone else can help you get started.


-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: linuxsingle

On Sun, Apr 10, 2005 at 05:20:36AM +0100, Ankit Jain wrote:
> ifanybody can tell me how to make changes in linux so
> that a person cannot move to linux single mode in any
> condition . not even from bootable CD
>
> thanks
>
> ankit
>

To disable single mode, you basicly have to patch /sbin/init. (This is actually
easier than it sounds, if u can get your hands on init source code.) You might
be able to get away by disabling runlevel 1 in /etc/inittab (or making it
the same as runlevel 3).

There is no way to stop a bootable CD. This is above the init level, above
the kernel level, and above the bootloader (lilo/grub) level. You can try to
disable this option from the BIOS, but even that is easy to work around.

--
Infinite complexity begets infinite beauty.
Infinite precision begets infinite perfection.
-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: linuxsingle

> On Sun, Apr 10, 2005 at 05:20:36AM +0100, Ankit Jain wrote:
> ifanybody can tell me how to make changes in linux so
> that a person cannot move to linux single mode in any
> condition . not even from bootable CD

Depending on your PC you can:

1. Set the BIOS to boot only to HD.
2. Set a BIOS password to make sure no one changes your boot preferences.

With those taken care of you can:

3. Set a password on your bootloader.

No one should be able to boot from CD or change the bootloader options
without the BIOS and/or bootloader passwords. Please keep in mind that
there are plenty of ways to circumvent these measures if anyone has
physical access to the machine (reset your bios, replace your drives,
etc.). Linux is no more or less susceptible to these issues than other
platforms.

Actually, in many ways Linux on good PC hardware is safer than other
Unix platforms. On many platforms you can boot an arbitrary kernel on
an arbitrary device if you have access to the physical console. Many
of those platforms have no BIOS restrictions or bootloader security.
Some of those platforms may have the init path hardcoded or may have
single user prompt for a password, but these are really of minimal
security if you can boot an arbitary kernel on an arbitrary device,
especially if that device is the network!

thornton
-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: linuxsingle

Ankit Jain wrote:
> ifanybody can tell me how to make changes in linux so
> that a person cannot move to linux single mode in any
> condition . not even from bootable CD
>
> thanks
>
> ankit

Dear Ankit:

It is no longer a 'Linux' issue if you cannot protect
your computer/workstation/server from physical access.
This is a hardware issue, especially a motherboard issue.
Many motherboards can be booted from harddisk, floppy,
CD-ROM, USB, Network,...

IMHO, this is not a linux issue.

HTH, Chuck


-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: linuxsingle

--=-qPFiLKh50+Xi1q2o7rkC
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Sun, 2005-04-10 at 05:20 +0100, Ankit Jain wrote:
> ifanybody can tell me how to make changes in linux so
> that a person cannot move to linux single mode in any
> condition . not even from bootable CD

Encrypt the hard drive including the root file system. There are
several How-To's out there on encrypted root file systems and encrypted
swap (DON'T FORGET TO ENCRYPT YOUR SWAP!) Burn a bootable CD-Rom with
your boot system. Store the key to your file systems on a USB key which
you remove after booting. [Alternative, on systems which can boot from
USB, burn it all to the USB key.] Now, nobody can simply reboot your PC
for any reason without having that USB key. At least, if they boot it
off a bootable CD, they still can't read the hard drive. Then you just
have to make sure they can't log into the running system or switch to S
from a running system.

You still need to worry about stuff like hardware keyloggers and other
nasty hardware stuff that people MIGHT install if they think you're
being cheeky with all this stuff. You might tempt someone to show you
up. :-)

> thanks

> ankit

Mike

> ____________________________________________________________ ____________
> Yahoo! Messenger - Communicate instantly..."Ping"=20
> your friends today! Download Messenger Now=20
> http://uk.messenger.yahoo.com/download/index.html
> -
> To unsubscribe from this list: send the line "unsubscribe linux-admin" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
--=20
Michael H. Warfield | (770) 985-6132 | mhw@WittsEnd.com =20
/\/\|=3Dmhw=3D|\/\/ | (678) 463-0932 | http://www.wittsend.com/=
mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!

--=-qPFiLKh50+Xi1q2o7rkC
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iQCVAwUAQl3YxOHJS0bfHdRxAQL9PAP/QWhimwfKuqEuoOKFsQ+Sua1FcH3+ Rknw
HmXnQBO6VTneCZNIxoWl+ZSj4aeH8bfgzfS1OwsXVUUyhgXD96qwdn79b4pB /b/i
YZitB9o0oLBPxoRzGRDuhQMUTTmLTbidQczalOtY2YrP9X3dsXCso+1ayuUw pCIM
fjLmQhwuLmY=
=bdCQ
-----END PGP SIGNATURE-----

--=-qPFiLKh50+Xi1q2o7rkC--

-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: linuxsingle

.... ciao:

on "4-13-2005" "Michael H. Warfield" writ:

: Burn a bootable CD-Rom with your boot system.

it is a 'real' mistake to "assume" cd-r media a forever storage
solution. a search for 'sunlight' at "theregister.com" offered among
other answers, the following:

"CD-Rs deliver degrading experience

Back to tape?Monday 1st September 2003 20:32 GMT"

the jist of it, suggest that cd-r media not a carefree solution ...


--
.... i'm a man, but i can change,
if i have to , i guess ...

-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: linuxsingle

--=-8DbiPWO7JOGTgu7dXM3S
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

On Thu, 2005-04-14 at 07:25 -0700, terry white wrote:
> ... ciao:

> on "4-13-2005" "Michael H. Warfield" writ:

> : Burn a bootable CD-Rom with your boot system.

> it is a 'real' mistake to "assume" cd-r media a forever storage
> solution. a search for 'sunlight' at "theregister.com" offered among
> other answers, the following:

> "CD-Rs deliver degrading experience

> Back to tape?Monday 1st September 2003 20:32 GMT"

> the jist of it, suggest that cd-r media not a carefree solution ...

Didn't claim that it was. Neither are flash drives (limited rewrite
cycles, thousands, but still limited) or regular hard drives (just got
done recovering after several 250 Gig SATA drives developed flaws and
went dain bramaged on me).

It wouldn't be a bad idea to keep a backup of that boot system but it
should be so generic that it should be possible to reproduce. But the
"key" is the key! Loose that, and you are toast. So, yes, you should
have a backup of the USB key or where ever you store that key (you can
also use an entered passphrase) and then protect those backups,
especially of the keys.

Mike
--=20
Michael H. Warfield | (770) 985-6132 | mhw@WittsEnd.com =20
/\/\|=3Dmhw=3D|\/\/ | (678) 463-0932 | http://www.wittsend.com/=
mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!

--=-8DbiPWO7JOGTgu7dXM3S
Content-Type: application/pgp-signature; name=signature.asc
Content-Description: This is a digitally signed message part

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (GNU/Linux)

iQCVAwUAQl5/gOHJS0bfHdRxAQLgnQQAhuhTDn08CjGMrkPxAr5j1PIqypFH DSED
sWyPbyMDsvj/dntIT1gByfd5tuLZUGtrFE40yENegqr+6Jm3E/XV5n1BG9XN lE9h
F4buZ1+0Plj39926FBTilGhnxuHSQJnsUMTA3+KpVjotbeL28Oqedkj/Hxa8 LRcU
+In+zEho0qs=
=Se4i
-----END PGP SIGNATURE-----

--=-8DbiPWO7JOGTgu7dXM3S--

-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: linuxsingle

.... ciao:

on "4-14-2005" "Michael H. Warfield" writ:

: On Thu, 2005-04-14 at 07:25 -0700, terry white wrote:
: > "CD-Rs deliver degrading experience

: Didn't claim that it was. Neither are flash drives ---

the number of things you did not "claim" is limited only, by the
reader's knowledge set. so, that is not a consideration here.

what is, is "knowing" cd-r media has a finite shelf life after
being written. i "did not" assume the entire readership aware
of that limitation, so thought its mention a good idea ...


--
.... i'm a man, but i can change,
if i have to , i guess ...

-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html

Re: linuxsingle

--aM3YZ0Iwxop3KEKx
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

terry white wrote:
> on "4-14-2005" "Michael H. Warfield" writ:
>=20
> : On Thu, 2005-04-14 at 07:25 -0700, terry white wrote:
> : > "CD-Rs deliver degrading experience
>=20
> : Didn't claim that it was. Neither are flash drives ---
>=20
> the number of things you did not "claim" is limited only, by the
> reader's knowledge set. so, that is not a consideration here.

I was going to mention the use of hard encryption as well (loop-aes,
not the kernel stuff; maybe a most recent kernel with dm-crypt).
Still, the implemented encryption schemes completely lack the ability
to check for tampering. That might backfire, but the chances for that
are pretty slim; nevertheless, that possibility exists.=20

So instead of safe-guarding the machine at all times (by whatever
means), I guess encryption is the best shot.


> what is, is "knowing" cd-r media has a finite shelf life after
> being written. i "did not" assume the entire readership aware
> of that limitation, so thought its mention a good idea ...

True to mention, not only for very sensitive data like encryption
keys. Having had some nightmares because of faulty backup media, let
me stress that one just can't be paranoid enough when it comes to
backups.

--=20
Bastard Administrator in $hell


--aM3YZ0Iwxop3KEKx
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFCYYzXLMyTO8Kj/uQRAoY7AJ4nfU1sUkNdtvU9C6+EF60FP92AkgCf Rqch
vhq0HlrEzgIA6GsRQAaDGe8=
=9xlo
-----END PGP SIGNATURE-----

--aM3YZ0Iwxop3KEKx--
-
To unsubscribe from this list: send the line "unsubscribe linux-admin" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html