Date: Thu, 23 Sep 2004 09:26:15 +0200 (CEST) From: "Per Engelbrecht" <per@xterm.dk> To: <freebsd-isp@freebsd.org> Subject: RE: funny customers Message-ID: <57012.62.242.151.142.1095924375.squirrel@mailbox.wingercom.dk> In-Reply-To: <029901c4a0b8$17069330$f501a8c0@southog2bwobmh> References: <029901c4a0b8$17069330$f501a8c0@southog2bwobmh>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Keith >>From http://www.daemonnews.org/200108/security-howto.html in the >>Local > Security section: > > "Lets begin with /etc/ttys. Open it up in your favorite editor and > find the console line: > > console none unknown off secure This one was postet once before, but this is not the problem / I know the procedure for activating it. The problem is undoing it on a "foreign" server where it's activatet. But thank you for your reply. respectfully /per per@xterm.dk > > Change "secure" to "insecure", so the user is asked for the root > password when going to single user mode. Be warned this will also > make recovering lost root passwords more difficult, But it will > prevent someone from gaining root access to your machine locally > provided they do not have a boot disk." > > Regards, > Keith > > > -----Original Message----- > From: owner-freebsd-isp@freebsd.org > [mailto:owner-freebsd-isp@freebsd.org] On Behalf Of Per Engelbrecht > Sent: Wednesday, September 22, 2004 7:49 AM > To: freebsd-isp@freebsd.org > Subject: Re: funny customers > > Hi Dennis > >> >> On Wed, Sep 22, 2004 at 11:45:13AM +0200, Per Engelbrecht wrote: >>> But right now I need a way to bypass (I don't think it's >>> possible) the single_user mode root login feature. >> >> Just an idea (as it doesn't work ;) ... >> >> A trick known from linux is to boot the kernel with /bin/sh >> instead of /sbin/init. You'd do "set init_path=/bin/sh" for that >> in the >> loader. This would bypass the usual startup and thus you won't be >> asked for the password. >> >> However, i just tried this and it doesn't work. The sh immediately >> exists and consequently the kernel panics. Don't know what's the >> problem there... > > Hmm .. I'm not sure why, but in FreeBSD both csh (default root > shell ... *&#@$!) and sh are linked static and tampering with these > from the boot-process through /sbin/init (which is the last part of > the boot-process anyway) is something I wouldn't do. > Creative thinking though :) > Thank you Dennis. > > respectfully > /per > per@xterm.dk > > >> >> - D. > > > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to > "freebsd-isp-unsubscribe@freebsd.org" > > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to > "freebsd-isp-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?57012.62.242.151.142.1095924375.squirrel>