RE: funny customers
From: Per Engelbrecht (per_at_xterm.dk)
Date: 09/23/04
- Previous message: David Atkinson: "Re: Ipfw accept rule"
- In reply to: Keith Baldwin: "RE: funny customers"
- Next in thread: Steve Lalonde: "Re: funny customers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Thu, 23 Sep 2004 09:26:15 +0200 (CEST) To: <freebsd-isp@freebsd.org>
Hi Keith
>>From http://www.daemonnews.org/200108/security-howto.html in the
>>Local
> Security section:
>
> "Lets begin with /etc/ttys. Open it up in your favorite editor and
> find the console line:
>
> console none unknown off secure
This one was postet once before, but this is not the problem / I know
the procedure for activating it. The problem is undoing it on a
"foreign" server where it's activatet.
But thank you for your reply.
respectfully
/per
per@xterm.dk
>
> Change "secure" to "insecure", so the user is asked for the root
> password when going to single user mode. Be warned this will also
> make recovering lost root passwords more difficult, But it will
> prevent someone from gaining root access to your machine locally
> provided they do not have a boot disk."
>
> Regards,
> Keith
>
>
> -----Original Message-----
> From: owner-freebsd-isp@freebsd.org
> [mailto:owner-freebsd-isp@freebsd.org] On Behalf Of Per Engelbrecht
> Sent: Wednesday, September 22, 2004 7:49 AM
> To: freebsd-isp@freebsd.org
> Subject: Re: funny customers
>
> Hi Dennis
>
>>
>> On Wed, Sep 22, 2004 at 11:45:13AM +0200, Per Engelbrecht wrote:
>>> But right now I need a way to bypass (I don't think it's
>>> possible) the single_user mode root login feature.
>>
>> Just an idea (as it doesn't work ;) ...
>>
>> A trick known from linux is to boot the kernel with /bin/sh
>> instead of /sbin/init. You'd do "set init_path=/bin/sh" for that
>> in the
>> loader. This would bypass the usual startup and thus you won't be
>> asked for the password.
>>
>> However, i just tried this and it doesn't work. The sh immediately
>> exists and consequently the kernel panics. Don't know what's the
>> problem there...
>
> Hmm .. I'm not sure why, but in FreeBSD both csh (default root
> shell ... *&#@$!) and sh are linked static and tampering with these
> from the boot-process through /sbin/init (which is the last part of
> the boot-process anyway) is something I wouldn't do.
> Creative thinking though :)
> Thank you Dennis.
>
> respectfully
> /per
> per@xterm.dk
>
>
>>
>> - D.
>
>
> _______________________________________________
> freebsd-isp@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-isp
> To unsubscribe, send any mail to
> "freebsd-isp-unsubscribe@freebsd.org"
>
> _______________________________________________
> freebsd-isp@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-isp
> To unsubscribe, send any mail to
> "freebsd-isp-unsubscribe@freebsd.org"
_______________________________________________
freebsd-isp@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-isp
To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org"
- Previous message: David Atkinson: "Re: Ipfw accept rule"
- In reply to: Keith Baldwin: "RE: funny customers"
- Next in thread: Steve Lalonde: "Re: funny customers"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
