Date: Thu, 7 Feb 2002 02:48:04 +1100 From: Greg Lane <gregory.lane@anu.edu.au> To: Weldon S Godfrey 3 <weldon@excelsus.com> Cc: Brett Glass <brett@lariat.org>, Victor Grey <victor@customdynamic.net>, freebsd-security@FreeBSD.ORG Subject: Re: Is this evidence of a break-in attempt? Message-ID: <20020207024804.A28463@nucl03.anu.edu.au> In-Reply-To: <Pine.BSF.4.44.0202060816280.56746-100000@joule.excelsus.com>; from weldon@excelsus.com on Wed, Feb 06, 2002 at 08:19:15AM -0500 References: <4.3.2.7.2.20020205125336.02758450@localhost> <Pine.BSF.4.44.0202060816280.56746-100000@joule.excelsus.com>
next in thread | previous in thread | raw e-mail | index | archive | help
> I recommend that any box placed into a colo or a location that the > security isn't under your direct control to mark your console as > "insecure" in /etc/ttys so that root password will be asked when someone > boots into single user mode. > > Weldon It will slow someone down, but as you no doubt know, if a box is not under your direct control and someone has a clue then that doesn't help much. All it takes is the fixit floppy. Mount / and /usr, edit the passwd file, pwd_mkdb, instant root. We've had to do this to an embarrassingly large number of boxes where we've forgotten the root passwords. Bios passwords, disabled floppy drives and other tricks might slow you down, but in the end, physical access to the box and the game is pretty much already over... Greg To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020207024804.A28463>