ifanybody can tell me how to make changes in linux so that a person cannot move to linux single mode in any condition . not even from bootable CD
Install Linux on your server, encase it in acrylic, lock it in a really good safe, weld the seams, encase in concrete, then (and you get your choice of options here) either (1) drop it into the Mariana Trench, or (2) hide it in a secret cavern on the dark side of the moon, or (3) drop the whole thing into the sun. Obviously, the latter two are more expensive but they are more secure; after all, someone might find the server at the bottom of the ocean and go to the trouble to extract it from the hermetically sealed container. As everyone knows, once a black hat has physical access to the server they can do whatever they like. (You therefore might want to use a one-time pad cipher to encrypt the contents of the system, but of course it'll take some time to hand-key all that key length unless your data to be encrypted is very tiny.)
Practical security must be a compromise between need to access the data (and backup and recovery) and need to keep unauthorized people from accessing the data. The way you keep single-user mode from getting everything is to physically secure the system. How much physical and software security you need depends on the situation, but completely eliminating single-user mode (or the effective equivalents of booting from other media or moving the data storage to another machine) is not the solution. Locking the hardware away from malicious and/or careless people is how to handle this part of security.
--
Jeff Woods <kazrak+kernel@xxxxxxxxxxx>
- : send the line "unsubscribe linux-admin" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
