boot -s - can i detect intruder

Nikolay Kanchev niki at amk-drives.bg
Tue Sep 16 01:39:03 PDT 2003


----- Original Message ----- 
From: "Socketd" <db at traceroute.dk>
To: <freebsd-security at freebsd.org>
Sent: Tuesday, September 16, 2003 9:14 AM
Subject: Re: boot -s - can i detect intruder


> On Tue, 16 Sep 2003 11:02:05 +0100
> "Nikolay Kanchev" <niki at amk-drives.bg> wrote:
>
> > Several people have physical access to my FreeBSD box and I have the
> > feeling that somebody try to get access with boot -s options . Can I
> > log activity after boot -s option (change user password, install
> > software and etc.). I use boot -s and change user password, but after
> > reboot i can't find this atcivity in log files.
> > The BSD box is shutdown and run again many time at day.
>
> Why not set console in /etc/ttys to insecure? Then you can't login
> without a password.
>
> br
> socketd

I will set this but first I want to try catch the intruder. If I understand
when someone try to use boot -s and what is doing in box I can get him.

---------------
G. Hasse wrote
---------------
Why is the box shutdown??? Are you doing kernel development or
advanced devicedriver development? Why are you many persons
on sutch a system in that case? And if you are doing kernel
development all must have root access anyway?

There is *no* reason to shut down the system in ordinary
maintainance!

GH
-----------------------

The box is a test box for training and people that work with box can reboot
it. But this people not know that this is only test box, I tell them that
this is small server for LAN becaus I want to test this mans.



More information about the freebsd-security mailing list