View Full Version : linux init=/bin/bash
30th November 2004, 06:59 PM
I have a question about booting with arguments linux init=/bin/bash
How can I secure this so people cant get unauthorized root access.
30th November 2004, 07:11 PM
You can password protect your boot loader, examples here:
However, this doesn't entirely secure your system as someone could always pop in a bootable CD or floppy, so the next step is to change your boot order in the computer's BIOS, and to password protect the bios. (perhaps even remove the floppy drive physically)
Worried about someone stealing the hard drive and putting it into another computer???, then you can use encrypted file systems, which are kind of cool.
30th November 2004, 08:27 PM
if somebody has physical access to the machine he owns it anyway :)
30th November 2004, 11:35 PM
Pretty much the truth.
There's only so much you can do with the hardware itself accessible. If someone wants in bad enough, they'll find a way.
1st December 2004, 12:18 AM
I'm not sure I agree entirely, I set up a bootable CD that contained sensitive corporate data on it., Used AES-256 bit encryption setup on a loopback device, it required a VERY long pass-phrase to even boot.
There's no reason that you can't encrypt any partition in the same manner. That way even if the hard drive is stolen, all the culprits end up with is an initrd and a pretty strongly encrypted partition. And if you were really paranoid, you could set up the initrd to "dd if=/dev/random of=/dev/hda2 bs=512 count=1000000000" after a pre-determined number of failed password attempts.
It was a pretty fun project, I learned a lot about security.
The part I agree with is, for just about every system out there, physical access to the hard disk means trivial access to the data on it. But you can make it VERY VERY hard for them to get the data off if you use strong encryption.
12th August 2007, 11:32 PM
lol thats why most of the servers in the data centers are in a metal cage with biometric encrypted access... There are still ways around getting past BootLock
Like kosmosik said, its pretty much impossible to stop somebody who has physical access to your machine...
vBulletin® v3.8.7, Copyright ©2000-2013, vBulletin Solutions, Inc.