From owner-freebsd-isp@FreeBSD.ORG Thu Sep 23 07:21:43 2004 Return-Path: Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6155316A4CE for ; Thu, 23 Sep 2004 07:21:43 +0000 (GMT) Received: from mailbox.wingercom.dk (mail.julie.gl [81.19.240.4]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1365443D48 for ; Thu, 23 Sep 2004 07:21:43 +0000 (GMT) (envelope-from per@xterm.dk) Received: from mailbox.wingercom.dk (localhost.wingercom.dk [127.0.0.1]) by mailbox.wingercom.dk (Postfix) with SMTP id 8CBAD931FC for ; Thu, 23 Sep 2004 09:26:15 +0200 (CEST) Received: from 62.242.151.142 (SquirrelMail authenticated user per) by mailbox.wingercom.dk with HTTP; Thu, 23 Sep 2004 09:26:15 +0200 (CEST) Message-ID: <57012.62.242.151.142.1095924375.squirrel@mailbox.wingercom.dk> Date: Thu, 23 Sep 2004 09:26:15 +0200 (CEST) From: "Per Engelbrecht" To: In-Reply-To: <029901c4a0b8$17069330$f501a8c0@southog2bwobmh> References: <029901c4a0b8$17069330$f501a8c0@southog2bwobmh> X-Mailer: SquirrelMail (version 1.2.5) MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit Subject: RE: funny customers X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Sep 2004 07:21:43 -0000 Hi Keith >>From http://www.daemonnews.org/200108/security-howto.html in the >>Local > Security section: > > "Lets begin with /etc/ttys. Open it up in your favorite editor and > find the console line: > > console none unknown off secure This one was postet once before, but this is not the problem / I know the procedure for activating it. The problem is undoing it on a "foreign" server where it's activatet. But thank you for your reply. respectfully /per per@xterm.dk > > Change "secure" to "insecure", so the user is asked for the root > password when going to single user mode. Be warned this will also > make recovering lost root passwords more difficult, But it will > prevent someone from gaining root access to your machine locally > provided they do not have a boot disk." > > Regards, > Keith > > > -----Original Message----- > From: owner-freebsd-isp@freebsd.org > [mailto:owner-freebsd-isp@freebsd.org] On Behalf Of Per Engelbrecht > Sent: Wednesday, September 22, 2004 7:49 AM > To: freebsd-isp@freebsd.org > Subject: Re: funny customers > > Hi Dennis > >> >> On Wed, Sep 22, 2004 at 11:45:13AM +0200, Per Engelbrecht wrote: >>> But right now I need a way to bypass (I don't think it's >>> possible) the single_user mode root login feature. >> >> Just an idea (as it doesn't work ;) ... >> >> A trick known from linux is to boot the kernel with /bin/sh >> instead of /sbin/init. You'd do "set init_path=/bin/sh" for that >> in the >> loader. This would bypass the usual startup and thus you won't be >> asked for the password. >> >> However, i just tried this and it doesn't work. The sh immediately >> exists and consequently the kernel panics. Don't know what's the >> problem there... > > Hmm .. I'm not sure why, but in FreeBSD both csh (default root > shell ... *&#@$!) and sh are linked static and tampering with these > from the boot-process through /sbin/init (which is the last part of > the boot-process anyway) is something I wouldn't do. > Creative thinking though :) > Thank you Dennis. > > respectfully > /per > per@xterm.dk > > >> >> - D. > > > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to > "freebsd-isp-unsubscribe@freebsd.org" > > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to > "freebsd-isp-unsubscribe@freebsd.org"