On Friday September 5, 2003 Clemens von Musil <news@xxxxxxxxxxxx> wrote: > Hello all! > > Since I am quite new into Linux, I perhaps have a stupid question... > > I played with /etc/pam.d/system-auth last week and evidently disabled > all authentication methods... su didn't work and system login was > impossible. > > I booted from the RedHat CD and found myself loged in as root without > any given password and could repair the system.auth file. > My question are: > > - How is this possible? > - How works the described "CD-login" login? > - And ... is anyone, armed with a RedHat CD, able to open any Linux > system? Clemens, This is why physical security for hardware is important. Even if the local console is disabled, one can gain root access to most systems by cycling power and appending " init 1" (or just " 1") to a 'kernel ...' line in the GRUB startup menu. Red Hat CD #1 is designed to support a "Rescue" function that allows you to boot a system and repair damaged files and filesystems. This is obviously a double-edged sword. There are a number of steps a sysadmin may take to harden a server against this type of attack. Controlled access to the server room should be mandatory. In extreme cases, you might consider making the server room a "no lone zone" where two or more people must be present. Requiring boot passwords in the BIOS and in GRUB will also help. Area surveillance cameras won't prevent physical access, but they may help you establish the time and identity of someone close enough to a server to put a CD in it -- or rule out physical access if there is any doubt how a server was penetrated. --Doc Savage Fairview Heights, IL -- Shrike-list mailing list Shrike-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/shrike-list
