From owner-freebsd-isp@FreeBSD.ORG Wed Sep 22 09:40:43 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7D7E216A4CE for ; Wed, 22 Sep 2004 09:40:43 +0000 (GMT) Received: from mailbox.wingercom.dk (mailbox.easyspeedy.dk [81.19.240.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2EB0A43D2D for ; Wed, 22 Sep 2004 09:40:43 +0000 (GMT) (envelope-from per@xterm.dk) Received: from mailbox.wingercom.dk (localhost.wingercom.dk [127.0.0.1]) by mailbox.wingercom.dk (Postfix) with SMTP id CEF6493258 for ; Wed, 22 Sep 2004 11:45:13 +0200 (CEST) Received: from 62.242.151.142 (SquirrelMail authenticated user per) by mailbox.wingercom.dk with HTTP; Wed, 22 Sep 2004 11:45:13 +0200 (CEST) Message-ID: <51375.62.242.151.142.1095846313.squirrel@mailbox.wingercom.dk> Date: Wed, 22 Sep 2004 11:45:13 +0200 (CEST) From: "Per Engelbrecht" To: In-Reply-To: <546931695.20040922124354@apollophone.ru> References: <546931695.20040922124354@apollophone.ru> X-Mailer: SquirrelMail (version 1.2.5) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Subject: Re: funny customers X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 22 Sep 2004 09:40:43 -0000 Hi Alex > >> I'm administering a mid-size serverhosting site and have a problem >> with customers enabling root passwd in single-user mode. >> It's the same customers that set up fake payment sites, do serious >> hacking (i.e. not good, productive hacking) mailspamming and so >> on. > >> In order to collect information for a criminal case (yes, in some >> cases we go all the way) I need a way to get into these boxes >> (mostly >> FreeBSD's) but I can't think of a way to disable the prompt for >> root passwd in single-user mode. > to disable root password checking on single user mode entrance > in /etc/ttys: > change line: >> console none unknown off insecure > to >> console none unknown off secure I know how to enable it, that's not the problem. The problem is the opposit - how do I disable it after I bruce-force the customer off the net and want access to the box ? At first I thought of setting 'chflags' on the /etc/ttys file, but customers can change securelevel as they please = won't help. But right now I need a way to bypass (I don't think it's possible) the single_user mode root login feature. respectfully /per per@xterm.dk > > > if using serial line for access in single user mode, try to change > line >>ttyd0 "/usr/libexec/getty std.9600" dialup on insecure > to >>ttyd0 "/usr/libexec/getty std.9600" dialup on secure > > > > -- > Best regards, > Alex D. Griazin > Apollo Phone network engineer > e-mail: alex@apollophone.ru > ICQ UIN: 22898964 > Phone: +7 (812) 140-5-999