boot -s - can i detect intruder
Socketd
db at traceroute.dk
Tue Sep 16 01:12:38 PDT 2003
On Tue, 16 Sep 2003 11:02:05 +0100
"Nikolay Kanchev" <niki at amk-drives.bg> wrote:
> Several people have physical access to my FreeBSD box and I have the
> feeling that somebody try to get access with boot -s options . Can I
> log activity after boot -s option (change user password, install
> software and etc.). I use boot -s and change user password, but after
> reboot i can't find this atcivity in log files.
> The BSD box is shutdown and run again many time at day.
Why not set console in /etc/ttys to insecure? Then you can't login
without a password.
br
socketd
More information about the freebsd-security
mailing list