This is an user contributed article.
Linux computer console is a physical device to operate a computer / server. Here are few steps which, if taken, make it more difficult for an attacker to quickly modify a system from its console.
If you forgot your root password, you can simply reset it. The general procedure for resetting password is as follows (if you are a Linux user, see how to reset Linux root password):
a) At boot> prompt force openbsd to boot into a single user mode
b) Next mount file system in read-write mode
c) Run passwd command
d) Sync file system
e) Reboot and login normally.
Procedure to reset root password
At boot> prompt type boot -s to boot into single user mode:
boot> boot -s
Next you will see a message as follows:
Enter pathname of shell or RETURN for sh:
Just hit [Enter] key to load sh shell.
Next mount / and /usr file system in read-write mode:
# mount -uw /
# mount /usr
Finally set or change the password for root user, enter:
Press CTRL+D to boot into multiuser mode or just reboot server:
With FreeBSD version 5.4 and above the booting procedure is slightly changed. The older version of FreeBSD uses the boot -s option at Ok prompt. However, with FreeBSD version FreeBSD 5.4+ you don’t have to type any commands. Here is the procedure to boot FreeBSD into a single user mode to reset root password.
You may delete a file called /etc/shadow. If you try to boot into a single user mode, system will ask for the maintenance root password. Now imagine this, you do not have a backup of /etc/shadow file. How do you fix such problem in a production environment where time is a critical factor? I will explain how to recover a deleted /etc/shadow file in five easy steps.
You can set a password for the GRUB bootloader. This prevents users from entering single user mode or changing settings at boot time.
When your system is rebooted, grub presents the boot option menu. From this menu one can easily login into a single user mode without the password which might result into compromise system security.
For example, anyone can access the data or change the settings. However you can setup a password for grub with password option. This option forces grub to ask for a password before making any changes or entering into single user mode. You need to type p followed by password.
A question from my email bag:
How do changing run levels affect us or our users?