From owner-freebsd-security Mon Dec 2 16:08:52 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id QAA23071 for security-outgoing; Mon, 2 Dec 1996 16:08:52 -0800 (PST) Received: from gateway.telecom.ksu.edu (smtp@gateway.telecom.ksu.edu [129.130.63.239]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id QAA23062 for ; Mon, 2 Dec 1996 16:08:49 -0800 (PST) Received: from sioux.telecom.ksu.edu(129.130.60.32) by pawnee.telecom.ksu.edu via smap (V1.3) id sma025354; Mon Dec 2 18:07:50 1996 From: joed@telecom.ksu.edu (Joe Diehl) Message-Id: <199612030007.SAA22848@telecom.ksu.edu> Subject: Securing the freebsd boot process To: freebsd-security@freebsd.org Date: Mon, 2 Dec 1996 18:07:49 -0600 (CST) X-Mailer: ELM [version 2.4 PL24] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Greetings, This has probably been discussed a few times in the passed, but I wasn't around then, so... Is there anyway to increase the security of a FreeBSD machine at boot time? The two points of concern are booting into single user mode without a password, and hitting Ctrl-C repeatedly while /etc/rc is executing. Naturally, either of the two will drop the machine to a root shell. At present I have simply required a password at boot time in the bios setup; however, this prevents the machine from coming back up on it's own should I reboot the box remotely. Please CC: any replies to me as I'm not subscribed to freebsd-security at the present time. Thanks --- Joe Diehl KSU Dept. of Telecommunications