Single user mode
Tom Evans
tevans.uk at googlemail.com
Wed May 16 09:06:02 UTC 2012
On Tue, May 15, 2012 at 9:40 AM, mahdieh salamat
<mahdieh.salamat at gmail.com> wrote:
> Thanks all,I have an other question.certainly you see this message in
> startup FreeBSD:"Hit [Enter] to boot immediately, or any other key for
> command prompt."
> after see it if press any key you enter to an other mode and if you type
> '?' you can see the lists of commands.I want to remove this mode,It's so
> important that a user can't accss to this mode.
> Who can help me?
> Thanks
>
If your users have physical access to the machine then it is difficult
to prevent them from booting from alternate media - a USB key, a CD -
mounting your disks and changing the root password. Actually, I would
add a separate root user (toor2), as the root password changing is
somewhat detectable.
You can fix boot order in the BIOS, but a BIOS can be reset simply by
removing the BIOS battery briefly. In addition to that, many BIOS will
also offer a boot menu option - which cannot be disabled - allowing
the user to choose which device to boot from without entering the
BIOS.
Cheers
Tom
More information about the freebsd-security
mailing list