From owner-freebsd-security Mon Dec 2 20:22:37 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id UAA06402 for security-outgoing; Mon, 2 Dec 1996 20:22:37 -0800 (PST) Received: from teamos2.org (client-3.io.org [198.133.36.47]) by freefall.freebsd.org (8.7.5/8.7.3) with ESMTP id UAA06397 for ; Mon, 2 Dec 1996 20:22:34 -0800 (PST) Received: from localhost (james@localhost) by teamos2.org (8.8.3/8.8.3) with SMTP id XAA10909; Mon, 2 Dec 1996 23:21:45 -0500 (EST) Date: Mon, 2 Dec 1996 23:21:42 -0500 (EST) From: James FitzGibbon X-Sender: james@teamos2.org To: Joe Diehl cc: freebsd-security@freebsd.org Subject: Re: Securing the freebsd boot process In-Reply-To: <199612030007.SAA22848@telecom.ksu.edu> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Mon, 2 Dec 1996, Joe Diehl wrote: > This has probably been discussed a few times in the passed, but I wasn't > around then, so... > > Is there anyway to increase the security of a FreeBSD machine at boot > time? The two points of concern are booting into single user mode > without a password, and hitting Ctrl-C repeatedly while /etc/rc is > executing. Naturally, either of the two will drop the machine to a > root shell. I'm not sure about the /etc/rc issue, but changing /etc/ttys so that 'console' is insecure instead of the default 'secure' will require that the root password be entered for single user mode. -- j. ---------------------------------------------------------------------------- | James FitzGibbon james@nexis.net | | Integrator, The Nexis Group Voice/Fax : 416 410-0100 | ----------------------------------------------------------------------------