LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   Root Password (https://www.linuxquestions.org/questions/linux-security-4/root-password-584/)

markma 01-12-2001 10:55 AM
Greetings Guru's and Guresses,

I have noticed to my dismay, that if I reboot a Red Hat Linux 6.2 box, I can bring the box up in single user mode to a root prompt without any password, and even change it!

How can I prevent this?

Mark

trickykid 01-12-2001 11:00 AM
well....
 
one of the few security risks involving linux and physical access. well one thing would be is to have a bios password, or you can make a password for lilo. but anyone who has access to root once in can see or change that password in the lilo.conf file.

just add this to the lilo.conf file for a password for lilo:

password=anything here you want for password

but remember, this is not encrypted but will keep anyone out that does not have access to root like with su or does not know linux at all.

hope this helps in anyway....

Drew

markma 01-12-2001 12:37 PM
Thanks
 
Not comforting, but helpful!

Mark

jeremy 01-14-2001 12:30 PM
What I usually do is add a password, run /sbin/lilo, then remove the password from the lilo.conf file. Since changes do not take effect until you run lilo again you are still password protected, but no one can see it. Now someone with su can just change the password, but every bit helps ;)


All times are GMT -5. The time now is 09:36 AM.