Solved

prevent reset password on centos

Posted on 2013-01-20
4
715 Views
Last Modified: 2013-02-05
how am i disable anyone from reset my centos root password if he was able to reboot and lan access to my pc.
0
Comment
Question by:john80988
4 Comments
 

Expert Comment

by:zmeh
ID: 38798291
You can protect single user mode in boot loader level.
It's from wiki.centos.org
For directions on protecting grub, see BIOS and Boot Loader Security. To require root's password for single user mode, you can use:

echo "# Require the root pw when booting into single user mode" >> /etc/inittab
echo "~~:S:wait:/sbin/sulogin" >> /etc/inittab
echo "Don't allow any nut to kill the server"
perl -npe 's/ca::ctrlaltdel:\/sbin\/shutdown/#ca::ctrlaltdel:\/sbin\/shutdown/' -i /etc/inittab

You must secure booting from other devices like dvd/usb in BIOS, and secure BIOS editing by password. That's all I can think of.
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 38798296
I assume that you have GRUB (boot loader) installed.

This boot loader can be password secured in a way that users which do not know this password are prevented from access to Single User Mode and also from booting into an insecure OS (dual boot).

Chapter 47.1.2.2 of the RedHat Deployment Guide:

https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/5/html/Deployment_Guide/ch-sec-network.html#ch-wstation

has detailed info on this. In chapter 47.1.2.1 there are instructions how to secure the BIOS so that booting from external media is prevented.

wmp
0
 
LVL 11

Accepted Solution

by:
Giladn earned 500 total points
ID: 38798328
In addition to the above, make sure you cover all angels..
 

make sure you notice there's no physical access to your server with usb\cd etc
otherwise nothing you do will be useful , in addition, if you want to prevent access from   external devices to your file system you might want to encrypt it..

also, make sure the user has not created a backdoor (via reverse_tcp etc) or an elevated privileged user that he logs in with and resets your password with.

Hope this helps,

G
0
 
LVL 9

Expert Comment

by:crazedsanity
ID: 38801416
Make sure there is no physical access to the machine: if there is, you'll have to go with some fairly extreme measures to keep someone from tampering with the system.  Assuming that you're the only one with physical access to the machine (or at least this other person has no access to it):

Remove all capability of remotely logging into the system by stopping some services.  Use
netstat -at

Open in new window

to determine what ports are open (look for things like "*:ssh" for services that are listening for connections).  Hopefully you don't have anything like telnet or simple (insecure) FTP running.  Be sure to check the SSH configuration (usually in /etc/ssh/sshd_config) to make sure nobody can login directly as root... if you do this currently, stop, instead look at "sudo".
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Join & Write a Comment

Suggested Solutions

Linux users are sometimes dumbfounded by the severe lack of documentation on a topic. Sometimes, the documentation is copious, but other times, you end up with some obscure "it varies depending on your distribution" over and over when searching for …
Hello EE, Today we will learn how to send all your network traffic through Tor which is useful to get around censorship and being tracked all together to a certain degree. This article assumes you will be using Linux, have a minimal knowledge of …
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now