On Friday, July 24, 2015 12:38:42 AM Marco wrote:

Hello.

The level of risk you are facing is as always related to the technical skills of your "enemy". For most adversary a bios/UEFI password and then an encrypted LVM is probably a sufficient shielding.

However for some really technical versed guys this will be just a nice try if the disk can be removed/manipulated, and the next step is i.e. to put the system in a correctly installed safe for PCs, whenever possible, or at least installed in a robust, locked, cabinet with some form of alarm. Video surveillance of the system is also an effective discouraging/detective option, however it is not necessarily legal in some countries if anyone is working on the device (privacy laws, etc etc)

If you can first enhance the physical security of the system (install access control, etc etc) and then increase the level of logical security.

Marco

Mostly agree. However, the OP was only concerned about someone gaining access to the operating system and switching root password. The easy way to restrain access to the disk is full encrypted. Security is an onion with plenty layers and occasionally is some kind of myth. After all you need to trust someone is not that skillful to break it down. Your worst enemy could be that one assumed to protect you. :-) Regards, -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org