Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Is this true 2
- Thread starter Caluser
- Start date
danielhozac
Programmer
Or you could set a BIOS password if your BIOS supports this. //Daniel
- Thread starter
- #5
Same thing with GRUB, except its done a little differently. Basically, all you are doing is booting into single user mode and changing the root password.
Caluser..."Just what I thought so in reality linux security is really not that much different than any other OS if you know what you're doing." --> No, Linux security is a lot better than M$ security, for example. Regardless of what kind of server you are running, you must keep your servers locked up in a secure location.
If you don't want to lock your server up, then you can use a BIOS password and a GRUB password.
ChrisP
Caluser..."Just what I thought so in reality linux security is really not that much different than any other OS if you know what you're doing." --> No, Linux security is a lot better than M$ security, for example. Regardless of what kind of server you are running, you must keep your servers locked up in a secure location.
If you don't want to lock your server up, then you can use a BIOS password and a GRUB password.
ChrisP
![[smurf]](/data/assets/smilies/smurf.gif "[smurf] [smurf]")
-
1
- #9
There is an additional step that can be taken for situations where physical security is not enough: encrypted filesystems. If the whole filesystem is encrypted, or at least the partitions with your sensitive data, then someone would not be able to do something more than throw the thing down a flight of stairs.
AFAIK many new laptops, especially by IBM, support this kind of feature, with a special onboard tamper-proof encryption chip. This means that one can not gain access to the data without the encryption key, period. The only thing they could do is destroy the hardware, losing your data.
Here are some helpful links, courtesy of Google:
As you can see, "Loopback" is the most common, and simple method, but probably not as secure as some of the more encompassing crypto systems. -------------------------------------------
Big Brother: "War is Peace" -- Big Business: "Trust is Suspicion"
(
AFAIK many new laptops, especially by IBM, support this kind of feature, with a special onboard tamper-proof encryption chip. This means that one can not gain access to the data without the encryption key, period. The only thing they could do is destroy the hardware, losing your data.
Here are some helpful links, courtesy of Google:
As you can see, "Loopback" is the most common, and simple method, but probably not as secure as some of the more encompassing crypto systems. -------------------------------------------
Big Brother: "War is Peace" -- Big Business: "Trust is Suspicion"
(
-
1
- #10
From my default lilo.conf file.
Code:
# You can set a password here, and uncomment the `restricted' lines
# in the image definitions below to make it so that a password must
# be typed to boot anything but a default configuration. If a
# command line is given, other than one specified by an `append'
# statement in `lilo.conf', the password will be required, but a
# standard default boot will not require one.
#
# This will, for instance, prevent anyone with access to the
# console from booting with something like `Linux init=/bin/sh',
# and thus becoming `root' without proper authorization.
#
# Note that if you really need this type of security, you will
# likely also want to use `install-mbr' to reconfigure the MBR
# program, as well as set up your BIOS to disallow booting from
# removable disk or CD-ROM, then put a password on getting into the
# BIOS configuration as well. Please RTFM `install-mbr(8)'.- Status
Similar threads