Hi,

I have a question about booting with arguments linux init=/bin/bash

How can I secure this so people cant get unauthorized root access.

thx

You can password protect your boot loader, examples here:
http://linsec.ca/bin/view/Main/BootLock

However, this doesn't entirely secure your system as someone could always pop in a bootable CD or floppy, so the next step is to change your boot order in the computer's BIOS, and to password protect the bios. (perhaps even remove the floppy drive physically)

Worried about someone stealing the hard drive and putting it into another computer???, then you can use encrypted file systems, which are kind of cool.

if somebody has physical access to the machine he owns it anyway :)

Pretty much the truth.

There's only so much you can do with the hardware itself accessible. If someone wants in bad enough, they'll find a way.

I'm not sure I agree entirely, I set up a bootable CD that contained sensitive corporate data on it., Used AES-256 bit encryption setup on a loopback device, it required a VERY long pass-phrase to even boot.

There's no reason that you can't encrypt any partition in the same manner. That way even if the hard drive is stolen, all the culprits end up with is an initrd and a pretty strongly encrypted partition. And if you were really paranoid, you could set up the initrd to "dd if=/dev/random of=/dev/hda2 bs=512 count=1000000000" after a pre-determined number of failed password attempts.

It was a pretty fun project, I learned a lot about security.

The part I agree with is, for just about every system out there, physical access to the hard disk means trivial access to the data on it. But you can make it VERY VERY hard for them to get the data off if you use strong encryption.

lol thats why most of the servers in the data centers are in a metal cage with biometric encrypted access... There are still ways around getting past BootLock

Like kosmosik said, its pretty much impossible to stop somebody who has physical access to your machine...