Date: Thu, 6 Aug 2009 11:35:22 -0700 From: Nerius Landys <nlandys@gmail.com> To: freebsd-questions@freebsd.org Subject: Physically securing FreeBSD workstations & /boot/boot2 Message-ID: <560f92640908061135j41f35bfevcd1476ce9ead38a4@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hi. I am attempting to secure some workstations in such a way that a user would not be able gain full control of the computer (only user access). However, they are able to see and touch the physical workstation. Things I'm trying to avoid, to list a couple of examples: 1. Go to BIOS settings and configure it to boot from CD first, then stick in a CD. To prevent this I've put BIOS to only boot from hard drive and I've password-locked the BIOS. 2. Go to loader menu and load (boot kernel) with some custom parameters or something. I've secured the loader menu by password-protecting it (/boot/loader.conf has password) and /boot/loader.conf is not world-readable. And I'm sure there are other things, I just forgot them. So my question is: Is this [securing of the workstation] worthwhile, or should I just forget about this kind of security? I want to make it so that the only way to gain full control of the computer is by physically opening up the box. I noticed that boot2 brings up a menu like this one when I press space during the initial boot blocks: >> FreeBSD/i386 BOOT Default: 0:ad(0,a)/boot/loader boot: I guess it would be possible to stick in a floppy disk or something and boot from there? So my question is, is this a threat to my plan, and if so, how can I disable this prompt?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?560f92640908061135j41f35bfevcd1476ce9ead38a4>