Solved

prevent reset password on centos

Posted on 2013-01-20
4
727 Views
Last Modified: 2013-02-05
how am i disable anyone from reset my centos root password if he was able to reboot and lan access to my pc.
0
Comment
Question by:john80988
4 Comments
 

Expert Comment

by:zmeh
ID: 38798291
You can protect single user mode in boot loader level.
It's from wiki.centos.org
For directions on protecting grub, see BIOS and Boot Loader Security. To require root's password for single user mode, you can use:

echo "# Require the root pw when booting into single user mode" >> /etc/inittab
echo "~~:S:wait:/sbin/sulogin" >> /etc/inittab
echo "Don't allow any nut to kill the server"
perl -npe 's/ca::ctrlaltdel:\/sbin\/shutdown/#ca::ctrlaltdel:\/sbin\/shutdown/' -i /etc/inittab

You must secure booting from other devices like dvd/usb in BIOS, and secure BIOS editing by password. That's all I can think of.
0
 
LVL 68

Expert Comment

by:woolmilkporc
ID: 38798296
I assume that you have GRUB (boot loader) installed.

This boot loader can be password secured in a way that users which do not know this password are prevented from access to Single User Mode and also from booting into an insecure OS (dual boot).

Chapter 47.1.2.2 of the RedHat Deployment Guide:

https://access.redhat.com/knowledge/docs/en-US/Red_Hat_Enterprise_Linux/5/html/Deployment_Guide/ch-sec-network.html#ch-wstation

has detailed info on this. In chapter 47.1.2.1 there are instructions how to secure the BIOS so that booting from external media is prevented.

wmp
0
 
LVL 11

Accepted Solution

by:
Giladn earned 500 total points
ID: 38798328
In addition to the above, make sure you cover all angels..
 

make sure you notice there's no physical access to your server with usb\cd etc
otherwise nothing you do will be useful , in addition, if you want to prevent access from   external devices to your file system you might want to encrypt it..

also, make sure the user has not created a backdoor (via reverse_tcp etc) or an elevated privileged user that he logs in with and resets your password with.

Hope this helps,

G
0
 
LVL 9

Expert Comment

by:crazedsanity
ID: 38801416
Make sure there is no physical access to the machine: if there is, you'll have to go with some fairly extreme measures to keep someone from tampering with the system.  Assuming that you're the only one with physical access to the machine (or at least this other person has no access to it):

Remove all capability of remotely logging into the system by stopping some services.  Use
netstat -at

Open in new window

to determine what ports are open (look for things like "*:ssh" for services that are listening for connections).  Hopefully you don't have anything like telnet or simple (insecure) FTP running.  Be sure to check the SSH configuration (usually in /etc/ssh/sshd_config) to make sure nobody can login directly as root... if you do this currently, stop, instead look at "sudo".
0

Featured Post

Free Tool: Postgres Monitoring System

A PHP and Perl based system to collect and display usage statistics from PostgreSQL databases.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
lunix and unix command 21 120
what do I need to host my own web sites? 13 67
Disabling security updates Ubuntu 3 46
database connection error mysql stops 7 32
BIND is the most widely used Name Server. A Name Server is the one that translates a site name to it's IP address. There is a new bug in BIND (https://kb.isc.org/article/AA-01272), affecting all versions of BIND 9 from BIND 9.1.0 (inclusive) thro…
It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question