Date: Wed, 16 May 2012 10:06:01 +0100 From: Tom Evans <tevans.uk@googlemail.com> To: mahdieh salamat <mahdieh.salamat@gmail.com> Cc: freebsd-security@freebsd.org Subject: Re: Single user mode Message-ID: <CAFHbX1KGuMEpUUJibYXpzQbGRmdZgtgk1ZUMqYX2Rm9qC0W==g@mail.gmail.com> In-Reply-To: <CAL5m1BtpNomf8qUONOHf2i-jPyRrPK7ZRvH3nsePStZuEQ_UmQ@mail.gmail.com> References: <CAL5m1BsnURTXsZJEkF9sR-3wsVRHkOto-CuCSuJCgH2yivNGPg@mail.gmail.com> <7439f3d4019914591b036aa45cfd75e7@vahid-shokouhi.net> <CAL5m1BtxL_=jGKE=xbKqJxaxnuscid_5LJXwPNpZz8AEmpQuaA@mail.gmail.com> <40e269c44ec592d0ce3e2d85fd8a032d@vahid-shokouhi.net> <CAL5m1Bt2RQ_%2BW5qV9TN4G5VtCAj8VD4UkLCTwQR2OMSyi2iVTA@mail.gmail.com> <c8a82efd162ce1d32a9a05ed6d78557e@vahid-shokouhi.net> <CAL5m1Bsu7M9qZ3xt7U4H9v-jBDWdf-q1M=Y=v5NTy9QPGcLORQ@mail.gmail.com> <CAL5m1BtpNomf8qUONOHf2i-jPyRrPK7ZRvH3nsePStZuEQ_UmQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, May 15, 2012 at 9:40 AM, mahdieh salamat <mahdieh.salamat@gmail.com> wrote: > Thanks all,I have an other question.certainly you see this message in > startup FreeBSD:"Hit [Enter] to boot immediately, or any other key for > command prompt." > after see it if press any key you enter to an other mode and if you type > '?' you can see the lists of commands.I want to remove this mode,It's so > important that a user can't accss to this mode. > Who can help me? > Thanks > If your users have physical access to the machine then it is difficult to prevent them from booting from alternate media - a USB key, a CD - mounting your disks and changing the root password. Actually, I would add a separate root user (toor2), as the root password changing is somewhat detectable. You can fix boot order in the BIOS, but a BIOS can be reset simply by removing the BIOS battery briefly. In addition to that, many BIOS will also offer a boot menu option - which cannot be disabled - allowing the user to choose which device to boot from without entering the BIOS. Cheers Tom
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAFHbX1KGuMEpUUJibYXpzQbGRmdZgtgk1ZUMqYX2Rm9qC0W==g>