funny customers
Per Engelbrecht
per at xterm.dk
Thu Sep 23 00:21:43 PDT 2004
Hi Keith
>>From http://www.daemonnews.org/200108/security-howto.html in the
>>Local
> Security section:
>
> "Lets begin with /etc/ttys. Open it up in your favorite editor and
> find the console line:
>
> console none unknown off secure
This one was postet once before, but this is not the problem / I know
the procedure for activating it. The problem is undoing it on a
"foreign" server where it's activatet.
But thank you for your reply.
respectfully
/per
per at xterm.dk
>
> Change "secure" to "insecure", so the user is asked for the root
> password when going to single user mode. Be warned this will also
> make recovering lost root passwords more difficult, But it will
> prevent someone from gaining root access to your machine locally
> provided they do not have a boot disk."
>
> Regards,
> Keith
>
>
> -----Original Message-----
> From: owner-freebsd-isp at freebsd.org
> [mailto:owner-freebsd-isp at freebsd.org] On Behalf Of Per Engelbrecht
> Sent: Wednesday, September 22, 2004 7:49 AM
> To: freebsd-isp at freebsd.org
> Subject: Re: funny customers
>
> Hi Dennis
>
>>
>> On Wed, Sep 22, 2004 at 11:45:13AM +0200, Per Engelbrecht wrote:
>>> But right now I need a way to bypass (I don't think it's
>>> possible) the single_user mode root login feature.
>>
>> Just an idea (as it doesn't work ;) ...
>>
>> A trick known from linux is to boot the kernel with /bin/sh
>> instead of /sbin/init. You'd do "set init_path=/bin/sh" for that
>> in the
>> loader. This would bypass the usual startup and thus you won't be
>> asked for the password.
>>
>> However, i just tried this and it doesn't work. The sh immediately
>> exists and consequently the kernel panics. Don't know what's the
>> problem there...
>
> Hmm .. I'm not sure why, but in FreeBSD both csh (default root
> shell ... *&#@$!) and sh are linked static and tampering with these
> from the boot-process through /sbin/init (which is the last part of
> the boot-process anyway) is something I wouldn't do.
> Creative thinking though :)
> Thank you Dennis.
>
> respectfully
> /per
> per at xterm.dk
>
>
>>
>> - D.
>
>
> _______________________________________________
> freebsd-isp at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-isp
> To unsubscribe, send any mail to
> "freebsd-isp-unsubscribe at freebsd.org"
>
> _______________________________________________
> freebsd-isp at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-isp
> To unsubscribe, send any mail to
> "freebsd-isp-unsubscribe at freebsd.org"
More information about the freebsd-isp
mailing list