In an ideal world of course you would: 1) Use only server cases with padlocks and fasten those with steel cable to rings set into the walls or floor. 2) Password the BIOS 3) Set the server to not boot from CDROM by default 4) Encrypt the hard drives via a loopback device 5) Maybe abandon using the SUSE kernal and use something ultra secure like LIDS :) But seriously, you have to draw the line somewhere!! If anyone is *REALLY* determined they can 1) Cut the padlock 2) Pop the case and clear the BIOS password via jumpers 3) Change the BIOS back to booting from CDROM and pop in a boot disk 4) Not sure how they'd deal with the encrypted disks! Maybe get a job as a cleaner and install a keystroke logger on the keyboard a few weeks beforehand...? So all of a sudden leaving the root password in a sealed envelope that's stored in a locked filing cabinent doesn't sound so bad after all!!!!
-----Original Message----- From: miguel gmail [mailto:miguel.listas@gmail.com] Sent: Friday, 11 March 2005 11:23 p.m. Cc: SuSE Securitylist Subject: Re: [suse-security] Problem with second user with uid 0?
Though in the fsck case there is an alternative I have just thought of, but the solution may be WORSE than the problem! If you want people to be able to do a fsck in an emergency, then you could always leave a "Rescue CD" with your boss... Then if anyone needs to actually do a fsck on a crashed server they can use the rescue disk to boot up and fsck the filesystem in question, and then reboot the server.
The drawback to this is that you have to leave the server bootable from CD :(, which is in itself a security hole. On a positive note though, people don't just have the root password "on tap" and are hopefully less inclined to obtain the rescue disk and boot up as root "just for the hell of it".
It's always good to have rescue disks handy anyway, just incase the root/boot file system gets corrupted/damaged. Like I experienced last week during a routine outage...
But, in this case, you can leave the boot cd to your boss, and protect either the BIOS and the Bootloader with a password that only you and / or boss know. If somebody needs to run a fsck, he will need to enter the BIOS pwd and the booloader password.
-- Saludos, miguel
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here