Password Security
Michal Mertl
mime at traveller.cz
Thu Nov 23 07:20:38 PST 2006
VeeJay wrote:
> On 11/23/06, Olivier Nicole <on at cs.ait.ac.th> wrote:
> >
> > > And how can one into the System by booting from a CD if it still
> > > requires the Password even in Single User mode?
> >
> > Booting from CD, floppy or hard disk is slected at BIOS level.
> >
> > Booting in single or multi user mode is at Operating system level.
> >
> > Booting is in the following order:
> >
> > 1) BIOS select what medium to boot from
> >
> > 2) the operating system boot from the selected medium
> >
> > So when it comes to the Single user password, itis already at stage 2)
> > it has passed the stage 1 (booting from hard disk ofr CD) without
> > password.
> >
> > Olivier
> >
>
> So, it means, that I should take the following steps
>
> 1. Password on BIOS
> 2. Change the order of booting i.e. When system is installed and working
> once, then I just the change the Booting FIRST from HardDisk.
> 3. Put the password on Single User mode.
>
> So, what more? Do you people think that I have got somehow security barrier
> for unauthorized access?
Not much. Default FreeBSD install has two more places where one can
influence booting with console access - boot blocks and loader.
To disable the access to OK prompt of boot blocks create
file /boot.config with '-n'.
To disable access to loader put autoboot_delay="-1" and
beastie_disable=YES into /boot/loader.conf. You can also instead put
password=... into it and the loader will then require password to allow
access to it.
Michal
More information about the freebsd-questions
mailing list