From owner-freebsd-questions@FreeBSD.ORG Wed Nov 22 16:44:48 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id A260916A585 for ; Wed, 22 Nov 2006 16:44:48 +0000 (UTC) (envelope-from jerrymc@gizmo.acns.msu.edu) Received: from gizmo.acns.msu.edu (gizmo.acns.msu.edu [35.8.1.43]) by mx1.FreeBSD.org (Postfix) with ESMTP id CDFA9440FD for ; Wed, 22 Nov 2006 16:34:41 +0000 (GMT) (envelope-from jerrymc@gizmo.acns.msu.edu) Received: from gizmo.acns.msu.edu (localhost [127.0.0.1]) by gizmo.acns.msu.edu (8.13.6/8.13.6) with ESMTP id kAMGXHNw051090; Wed, 22 Nov 2006 11:33:17 -0500 (EST) (envelope-from jerrymc@gizmo.acns.msu.edu) Received: (from jerrymc@localhost) by gizmo.acns.msu.edu (8.13.6/8.13.6/Submit) id kAMGXH8F051089; Wed, 22 Nov 2006 11:33:17 -0500 (EST) (envelope-from jerrymc) Date: Wed, 22 Nov 2006 11:33:17 -0500 From: Jerry McAllister To: VeeJay Message-ID: <20061122163317.GC50939@gizmo.acns.msu.edu> References: <2cd0a0da0611211941iae07787q3f433fb2c8ab1f22@mail.gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <2cd0a0da0611211941iae07787q3f433fb2c8ab1f22@mail.gmail.com> User-Agent: Mutt/1.4.2.2i Cc: freebsd-questions@freebsd.org Subject: Re: Password Security X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Nov 2006 16:44:48 -0000 On Wed, Nov 22, 2006 at 04:41:37AM +0100, VeeJay wrote: > Hi > > I need to secure my data and server. Any advice will be highly appreciated. > > I am going to place my FreeBSD server at a shared place? > > I am just afraid that any unauthorized person might boot machine in single > user mode and steal the data? > How can I make my Server secure that if if boots in single user mode, it > still demands the password and without password one cannot do anything? > or make it possible that booting in Single user mode, doesn't provide any > shell? Lock it in a box. Anyone who can put their hands physically can get in to the machine with a little tinkering even if you disable lots of software. I think you can get rid of the single user option in the boot, but anyone with a CD can defeat that if they want to. It would make things harder for yourself in managing the system, but it would slow a person down from casual interference. Also, many machines have BIOS level boot passwords that can be turned on. Using that would slow a person down, but be annoying for youself, especially in times such as power failures - the system would not come back up automatically without someone entering the BIOS password. Plus, if a person is determined enough, they can defeat that as well by removing the battery backup for the MB or the flash memory. But, it would stop casual tinkering. ////jerry > > Thanks in advance > > -- > > BR / vj > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org"