On Tuesday 30 August 2005 02:37, Jerry Feldman wrote:
On Mon, 29 Aug 2005 13:58:15 +1000
Basil Chupin <blchupin@tpg.com.au> wrote:
Further to all preceding comments from various people, I have just had a look at the security for SuSE and found that not only can one encrypt partitions/files but also one can prevent that "simple" access at boot time to alter the password.
Am I simply being naive and misreading things but hasn't (at least) SuSE plugged up this security hole by making it possible to put in an encrypted password into GRUB so that one cannot not only boot the system without the password but cannot even gain access to the BOOT: prompt when the bootloader, Grub, menu is displayed where it was possible to type init3 and then reset the root password as described elsewhere?
Also, as an additional security measure, any system (if dual booting for example) can be prevented from booting if the correct password is not given and this achieved wiith the LOCK parameter at the end of the statement booting that particular OS?
Alright, I guess that the above may possibly take care of security at boot time but should the HDs be stolen then their contents could be examined and the password manually deleted so that the system then could be booted in the normal way. I'm right in thinking this?
I agree with the last statement. But, GRUB security can easily be defeated by using bootable media.
True, but so can most security! The problem with using bootable media is gaining physical access to machine, So I guess it depends on the enviroment... -- -- Chadley Wilson Production Line Superintendant Pinnacle Micro Manufacturers of Proline Computers ==================================== Exercise freedom, Use LINUX =====================================