Comments on: Tips To Protect Linux Servers Physical Console Access

By: The lul

The lul — Sun, 25 Dec 2011 20:58:04 +0000

Encrypting the hard drive is quite necessary and also keeping backup on a remove server. Deja Dup does a great job for that !

By: Chris

Chris — Sat, 16 Apr 2011 03:14:57 +0000

Nice post. It’s good with the fullblown descriptions.

By: Chalu

Chalu — Tue, 15 Feb 2011 22:05:20 +0000

Hi Guys..! can anyone guide me how to disable editing by using “e” while booting. means while booting we can able to enter into single user mode by pressing ESC key at spalsh image and selecting ” kernel /vmlinuz-2.6……” and by pressing “e” key we can able edit. so can any one guide me how to disable this editing..

Thanks in advance
Chalu

By: The Gripmaster

The Gripmaster — Wed, 08 Dec 2010 05:20:36 +0000

Disable CDROM/DVDROM boot completely in the BIOS and protect your BIOS with a password.

By: Harsha

Harsha — Mon, 09 Aug 2010 14:39:00 +0000

Thank u Vivek. This info is really cool.

By: Ashwani

Ashwani — Thu, 23 Apr 2009 10:23:29 +0000

Thanks for very nice info

but can u pls explain me what is ~~ this? as u said its id but i really dont about this id dear vivek pls tell us about this

Thanks

By: entplex

entplex — Tue, 21 Apr 2009 22:28:37 +0000

@Akshay: as far as preventing people from being able to boot to other media, the only thing you can do is use the bios settings to give the hard drive priority and in the case of some bios’, you can disable booting to other media all together. Obviously in order for this to have any effect, you need to implement a bios password (as was mentioned in this article).

By: cracker

cracker — Tue, 07 Apr 2009 14:44:07 +0000

why u post this anyway …..
then the world of gnu/ linux will be secure
:(

By: Vivek Gite

Vivek Gite — Mon, 30 Mar 2009 11:46:34 +0000

Type the following to disable it:

echo 'kernel.sysrq=0' >> /etc/sysctl.conf
sysctl -p

See this link for more info.

By: geoff_f

geoff_f — Mon, 30 Mar 2009 10:49:19 +0000

You can disable Ctrl-Alt-Del, but what about Alt-SysRq rseiub?

By: manju

manju — Mon, 23 Mar 2009 14:20:52 +0000

Thanks vivek

By: Vivek Gite

Vivek Gite — Mon, 23 Mar 2009 12:53:16 +0000

Syntax is as follows:

id:runlevels:action:process

id - a unique sequence of 1-4 characters which identifies an entry in inittab
S - the runlevels for which the specified action should be taken. Here S indicates single user mode.
wait - The process will be started once when the specified runlevel is entered and init will wait for its termination.
process - run /sbin/sulogin program when entered in S runlevel.

By: manju

manju — Mon, 23 Mar 2009 12:25:42 +0000

can any body explains the arguments in the line “~~:S:wait:/sbin/sulogin”, that means why we put ~~ and what is “S” stands for etc…

By: blackice

blackice — Sun, 22 Mar 2009 08:55:02 +0000

Really nice tips and highly professional how to , Enable Authentication for Single-User Mode was a good tip :) ..

By: JFM

JFM — Fri, 20 Mar 2009 11:39:42 +0000

To SPM

In a passwordless Grub open the kernel line and add init=/bin/sh and boot.; That is all. Now you are root.

By: SPM

SPM — Thu, 19 Mar 2009 17:57:01 +0000

You forgot providing a case padlock. If the case isn’t physically secure, everything else is for nought.

All an attacker needs is a screwdriver to open the case and reset the BIOS, boot a disaster recovery Linux distro off a CD or USB, mount the filesystem and voila – you can bypass all the other measures.

I an not too sure about the usefulness of the grub password. If you can bypass the BIOS, you can bypass grub, and if you have a bios password to protect against altering bios to allow booting off CD or USB, do you need a grub password?

By: Akshay

Akshay — Sat, 14 Mar 2009 09:44:57 +0000

Thanks for that tip..i only want to know how to stop booting into another medium..isnt there anything that can be done..

By: Ulver

Ulver — Fri, 13 Mar 2009 13:01:12 +0000

interesting tips, specially advices related to interactive boot on rhel o similiar and single user booting autentication

Thanks for share those tips !

By: mhernandez

mhernandez — Thu, 12 Mar 2009 21:24:07 +0000

Nice tip list: as you say, there’s not much you can do if the physical security is violated but as they say it’s always better being safe than sorry.

Thanks!