On Mon, 29 Aug 2005 13:58:15 +1000 Basil Chupin <blchupin@tpg.com.au> wrote:
Further to all preceding comments from various people, I have just had a look at the security for SuSE and found that not only can one encrypt partitions/files but also one can prevent that "simple" access at boot time to alter the password.
Am I simply being naive and misreading things but hasn't (at least) SuSE plugged up this security hole by making it possible to put in an encrypted password into GRUB so that one cannot not only boot the system without the password but cannot even gain access to the BOOT: prompt when the bootloader, Grub, menu is displayed where it was possible to type init3 and then reset the root password as described elsewhere?
Also, as an additional security measure, any system (if dual booting for example) can be prevented from booting if the correct password is not given and this achieved wiith the LOCK parameter at the end of the statement booting that particular OS?
Alright, I guess that the above may possibly take care of security at boot time but should the HDs be stolen then their contents could be examined and the password manually deleted so that the system then could be booted in the normal way. I'm right in thinking this? I agree with the last statement. But, GRUB security can easily be defeated by using bootable media.
-- Jerry Feldman <gaf@blu.org> Boston Linux and Unix user group http://www.blu.org PGP key id:C5061EA9 PGP Key fingerprint:053C 73EC 3AC1 5C44 3E14 9245 FB00 3ED5 C506 1EA9