Re: funny customers

From: Per Engelbrecht (per_at_xterm.dk)
Date: 09/22/04

Next message: Steve Lalonde: "Re: funny customers"

Previous message: Per Engelbrecht: "funny customers"
Maybe in reply to: Per Engelbrecht: "funny customers"
Next in thread: Dennis Koegel: "Re: funny customers"
Reply: Dennis Koegel: "Re: funny customers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Wed, 22 Sep 2004 11:45:13 +0200 (CEST)
To: <freebsd-isp@freebsd.org>

Hi Alex

>
>> I'm administering a mid-size serverhosting site and have a problem
>> with customers enabling root passwd in single-user mode.
>> It's the same customers that set up fake payment sites, do serious
>> hacking (i.e. not good, productive hacking) mailspamming and so
>> on.
>
>> In order to collect information for a criminal case (yes, in some
>> cases we go all the way) I need a way to get into these boxes
>> (mostly
>> FreeBSD's) but I can't think of a way to disable the prompt for
>> root passwd in single-user mode.
> to disable root password checking on single user mode entrance
> in /etc/ttys:
> change line:
>> console none unknown off insecure
> to
>> console none unknown off secure

I know how to enable it, that's not the problem.
The problem is the opposit - how do I disable it after I bruce-force the
customer off the net and want access to the box ?

At first I thought of setting 'chflags' on the /etc/ttys file, but
customers can change securelevel as they please = won't help.

But right now I need a way to bypass (I don't think it's possible) the
single_user mode root login feature.

respectfully
/per
per@xterm.dk

>
>
> if using serial line for access in single user mode, try to change
> line
>>ttyd0 "/usr/libexec/getty std.9600" dialup on insecure
> to
>>ttyd0 "/usr/libexec/getty std.9600" dialup on secure
>
>
>
> --
> Best regards,
> Alex D. Griazin
> Apollo Phone network engineer
> e-mail: alex@apollophone.ru
> ICQ UIN: 22898964
> Phone: +7 (812) 140-5-999

_______________________________________________
freebsd-isp@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"

Next message: Steve Lalonde: "Re: funny customers"

Previous message: Per Engelbrecht: "funny customers"
Maybe in reply to: Per Engelbrecht: "funny customers"
Next in thread: Dennis Koegel: "Re: funny customers"
Reply: Dennis Koegel: "Re: funny customers"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]