maharamDan:
If he had access to the console, it's little wonder he got in.
Linux, as a unix-like operating system, is designed with the idea that only the system operator will have physical access to the keyboard plugged into the server. All other users will access the machine through system services, like ssh, telnet and the like.
Because of this design, by default Linux, unlike Win32, does not intercept CTRL-ALT-DELETE. If you go to a standard Linux installation and hit CTRL-ALT-DELETE, the machine will begin shutting down and rebooting. Once the boot loader prompt comes up, it is very easy to boot Linux into single-user mode, which gives the person standing at the console complete access to the system -- without needing to know the root user's login, because the system will not ask for it.
So as a first line of defense for securing Linux, NEVER EVER EVER LET ANY HOSTILE OR POSSIBLY HOSTILE AGENCY ACCESS THE CONSOLE.
The first order of business is, therefor, to physically secure the machine. In short, put it behind a locked door.
Barring that, or perhaps into addition to that, there are a couple of steps you can take to secure the console.
First is to reconfigure Linux so that it does not reboot when you hit CTRL-ALT-DELETE. All it takes is an edit to /etc/inittab. Check out this link for more information:
Second is to add a boot loader password. Since he stated he got in through grub, that must be the boot loader you are using. See
for information on changing or setting the grub password.
Want the best answers?
Ask the best questions!
TANSTAAFL!!