From owner-freebsd-security Wed May 2 4:33:13 2001 Delivered-To: freebsd-security@freebsd.org Received: from mail.euroweb.hu (mail.euroweb.hu [193.226.220.4]) by hub.freebsd.org (Postfix) with ESMTP id D103C37B423 for ; Wed, 2 May 2001 04:33:09 -0700 (PDT) (envelope-from hu006co@mail.euroweb.hu) Received: (from hu006co@localhost) by mail.euroweb.hu (8.8.5/8.8.5) id NAA24380; Wed, 2 May 2001 13:33:04 +0200 (MET DST) Received: (from zgabor@localhost) by zg.CoDe.hu (8.11.1/8.11.1) id f42BRrA00235; Wed, 2 May 2001 11:27:53 GMT (envelope-from zgabor) Date: Wed, 2 May 2001 11:27:53 +0000 From: Gabor Zahemszky To: freebsd-security@freebsd.org Cc: Casey Jones Subject: Re: Boot Security Message-ID: <20010502112753.A220@zg.CoDe.hu> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from bill@catastrophe.net on Sat, Apr 28, 2001 at 01:08:18PM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org On Sat, Apr 28, 2001 at 01:08:18PM -0500, Casey Jones wrote: > > Hello - > > I was hoping some of you could share your thoughts on how to best > secure the FreeBSD boot process. I've taken the time to harden the > system and verify that console and the like are "insecure", but I > would also like to limit anyone from even getting to the "ok" > prompt. echo 'password="12345678"' >> /boot/loader.conf But it's not too secure, as it's in loader, so we can stop booting in the previous level. ZGabor at CoDe dot HU -- #!/bin/ksh Z='21N16I25C25E30, 40M30E33E25T15U!' ;IFS=' ABCDEFGHIJKLMNOPQRSTUVWXYZ ';set $Z ;for i { [[ $i = ? ]]&&print $i&&break;[[ $i = ??? ]]&&j=$i&&i=${i%?};typeset -i40 i=8#$i;print -n ${i#???};[[ "$j" = ??? ]]&&print -n "${j#??} "&&j=;typeset +i i;};IFS=' 0123456789 ';set $Z;X=;for i { [[ $i = , ]]&&i=2;[[ $i = ?? ]]||typeset -l i;X="$X $i";typeset +l i;};print "$X" To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message