From owner-freebsd-security Mon Dec 2 17:09:01 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id RAA26172 for security-outgoing; Mon, 2 Dec 1996 17:09:01 -0800 (PST) Received: from panda.hilink.com.au (panda.hilink.com.au [203.2.144.5]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id RAA26163 for ; Mon, 2 Dec 1996 17:08:51 -0800 (PST) Received: (from danny@localhost) by panda.hilink.com.au (8.7.6/8.7.3) id MAA18024; Tue, 3 Dec 1996 12:08:14 +1100 (EST) Date: Tue, 3 Dec 1996 12:08:14 +1100 (EST) From: "Daniel O'Callaghan" To: Joe Diehl cc: freebsd-security@freebsd.org Subject: Re: Securing the freebsd boot process In-Reply-To: <199612030007.SAA22848@telecom.ksu.edu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Mon, 2 Dec 1996, Joe Diehl wrote: > Is there anyway to increase the security of a FreeBSD machine at boot > time? The two points of concern are booting into single user mode > without a password, This is solved partially by removing the 'secure' keyword from 'console' in /etc/ttys. That will force init to require the root password before starting a shell, if the system is booted in single-user mode. 'kill -HUP 1' after editing /etc/ttys. > and hitting Ctrl-C repeatedly while /etc/rc is > executing. Naturally, either of the two will drop the machine to a > root shell. Not sure about this. Perhaps someone else can explain the 'trap' section of sh(1) more clearly than sh.1 does (see the 'trap' statements at the start of /etc/rc) Danny