Date: Wed, 22 Sep 2004 11:45:13 +0200 (CEST) From: "Per Engelbrecht" <per@xterm.dk> To: <freebsd-isp@freebsd.org> Subject: Re: funny customers Message-ID: <51375.62.242.151.142.1095846313.squirrel@mailbox.wingercom.dk> In-Reply-To: <546931695.20040922124354@apollophone.ru> References: <546931695.20040922124354@apollophone.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Alex > >> I'm administering a mid-size serverhosting site and have a problem >> with customers enabling root passwd in single-user mode. >> It's the same customers that set up fake payment sites, do serious >> hacking (i.e. not good, productive hacking) mailspamming and so >> on. > >> In order to collect information for a criminal case (yes, in some >> cases we go all the way) I need a way to get into these boxes >> (mostly >> FreeBSD's) but I can't think of a way to disable the prompt for >> root passwd in single-user mode. > to disable root password checking on single user mode entrance > in /etc/ttys: > change line: >> console none unknown off insecure > to >> console none unknown off secure I know how to enable it, that's not the problem. The problem is the opposit - how do I disable it after I bruce-force the customer off the net and want access to the box ? At first I thought of setting 'chflags' on the /etc/ttys file, but customers can change securelevel as they please = won't help. But right now I need a way to bypass (I don't think it's possible) the single_user mode root login feature. respectfully /per per@xterm.dk > > > if using serial line for access in single user mode, try to change > line >>ttyd0 "/usr/libexec/getty std.9600" dialup on insecure > to >>ttyd0 "/usr/libexec/getty std.9600" dialup on secure > > > > -- > Best regards, > Alex D. Griazin > Apollo Phone network engineer > e-mail: alex@apollophone.ru > ICQ UIN: 22898964 > Phone: +7 (812) 140-5-999
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?51375.62.242.151.142.1095846313.squirrel>