funny customers

[Per Engelbrecht]

Hi Alex

>
>> I'm administering a mid-size serverhosting site and have a problem
>> with customers enabling root passwd in single-user mode.
>> It's the same customers that set up fake payment sites, do serious
>> hacking  (i.e. not good, productive hacking) mailspamming and so
>> on.
>
>> In order to collect information for a criminal case (yes, in some
>> cases we go all the way) I need a way to get into these boxes
>> (mostly
>> FreeBSD's) but I can't think of a way to disable the prompt for
>> root passwd in single-user mode.
> to disable root password checking on single user mode entrance
> in /etc/ttys:
> change line:
>> console none                            unknown off insecure
> to
>> console none                            unknown off secure

I know how to enable it, that's not the problem.
The problem is the opposit - how do I disable it after I bruce-force the
customer off the net and want access to the box ?

At first I thought of setting 'chflags' on the /etc/ttys file, but
customers can change securelevel as they please = won't help.

But right now I need a way to bypass (I don't think it's possible) the
single_user mode root login feature.

respectfully
/per
per at xterm.dk




>
>
> if using serial line for access in single user mode, try to change
> line
>>ttyd0   "/usr/libexec/getty std.9600"   dialup  on insecure
> to
>>ttyd0   "/usr/libexec/getty std.9600"   dialup  on secure
>
>
>
> --
> Best regards,
> Alex D. Griazin
> Apollo Phone network engineer
> e-mail:  alex at apollophone.ru
> ICQ UIN: 22898964
> Phone:   +7 (812) 140-5-999