[Ilugc] Security in Ubuntu
- From: kapil@xxxxxxxxxxx (Kapil Hari Paranjape)
- Date: Wed May 14 06:43:04 2008
Hello,
On Tue, 13 May 2008, Kumar Appaiah wrote:
I think this method of password recovery works on several
distributions; wherein you can boot into single user mode and recover
your password.
There are two different things you are mixing here:
1. Single user mode obtained by boot option "single"
In this case the user *is* prompted for a password
for the default installation of most systems (for example
Debian).
2. Shell mode obtained by the boot option "init=/bin/sh".
In this case the regular "init" is not run.
However, I would also be interested in knowing a way to switch this off.
Conjunction of the following:
A. Use a BIOS password to disable booting except from your
regular boot device.
B. Use a grub password to prevent the selection of any boot
option except the standard one.
C. Use disk encryption "cryptsetup" to prevent someone from
accessing your hard disk physically.
(A) and (B) can also be replaced by
D. Always use a CD/USB to boot the system. This way the system
cannot be hard rebooted without your presence. For soft reboot
use "kexec" which does not require the BIOS/grub.
Regards,
Kapil.
--
Other related posts:
