From owner-freebsd-questions@FreeBSD.ORG Sat Jul 26 17:53:18 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 91462106564A for ; Sat, 26 Jul 2008 17:53:18 +0000 (UTC) (envelope-from chuckr@telenix.org) Received: from mail7.sea5.speakeasy.net (mail7.sea5.speakeasy.net [69.17.117.9]) by mx1.freebsd.org (Postfix) with ESMTP id 74D248FC16 for ; Sat, 26 Jul 2008 17:53:18 +0000 (UTC) (envelope-from chuckr@telenix.org) Received: (qmail 29810 invoked from network); 26 Jul 2008 17:53:17 -0000 Received: from april.chuckr.org (HELO april.telenix.org) (chuckr@[66.92.151.30]) (envelope-sender ) by mail7.sea5.speakeasy.net (qmail-ldap-1.03) with AES256-SHA encrypted SMTP for ; 26 Jul 2008 17:53:17 -0000 Message-ID: <488B6497.80004@telenix.org> Date: Sat, 26 Jul 2008 13:53:27 -0400 From: Chuck Robey User-Agent: Thunderbird 2.0.0.6 (X11/20071107) MIME-Version: 1.0 To: DSA - JCR References: <3176.84.18.27.248.1217093483.squirrel@mail.dsa.es> In-Reply-To: <3176.84.18.27.248.1217093483.squirrel@mail.dsa.es> X-Enigmail-Version: 0.95.5 OpenPGP: id=F3DCA0E9; url=http://pgp.mit.edu Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit Cc: freebsd-questions@freebsd.org Subject: Re: Root boot/mount Password? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 26 Jul 2008 17:53:18 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 DSA - JCR wrote: > Hi all > > FreeBSD 6.2 > > I would like to put a password when booting/mounting mi Freebsd box. > is it possible? How? > > What I want is that if the system is rebooted or shutdown, somebody must > enter a password to boot and/or mounting "/" > > is for protecting the system from unauthorized users A couple of items here. The first is a long known rule of security, which is, if an attacker has physical access to the console, then the game is up, you can't protect it any more. This has *somewhat* been modified in the last few years, because it's a become a fairly common option in BIOSes to allow for a boot password. This too can be bypassed, pretty quickly and thoroughly, by doing a CMOS memory clear, but it IS a step in the right direction. Honestly, though, a good security strategy is to respect that rule about an attacker with physical access to the console: protect yourself physically. Yes, you can set that boot password in the BIOS (active before any OS, including FreeBSD, starts up) but don't be silly and rely on that ... protect yourself. > > > Thanks in advance > > Juan Coruņa > Desarrollo de Software Atlantico > > > > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (FreeBSD) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkiLZJYACgkQz62J6PPcoOkWkgCePG+GpCdE3XJ+g1IzXjZ9QzzT jm8An2MpTyWMnTnTvfLMCmqNhTC2GXaj =YdcO -----END PGP SIGNATURE-----