If he password protected LILO you have pretty much had it. Your best bet would be to try legal ways of forcing him to disclose the password.

On 13 Sep 2001 10:02:03 +0200, Gabriele Biondo wrote:

...

Dear sirs month ago i read that there is a way to gain the root privileges' over a linux box - with a little trick. Now, i do not remember that trick, but one of our sysadmins left the company and he doesn't want to give back that password. Is there anyone that knows that little trick? Is there anyone that knows how to configure lilo to protect from that

...

That would be great, it would save me the time to search among lotsa

Is this true? I've never tried this, but can't you boot from a dos disk and issue : fdisk /mbr which will remove lilo. You'll then just need to boot a rescue system and remove the boot password from /etc/shadow. Paul. Low cost domain and web hosting. www.allsecuredomain.com ----- Original Message ----- From: "StarTux" To: Sent: Thursday, September 13, 2001 9:09 AM Subject: Re: [SLE] Hacking linux trick? articles.

...

Thanks in advance

Yours truly

Gabriele Biondo

--

If he password protected LILO you have pretty much had it. Your best bet would be to try legal ways of forcing him to disclose the password.

Matt

-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq and the archives at http://lists.suse.com

On Thursday 13 September 2001 16:36, James Ogley wrote:

If you have physical access to the machine, and can boot from a floppy, get yourself a copy of Tom's Root Boot (www.toms.net/rb/home.html) - every Sys Admin should have one of these to hand anyway.

Amen to that.

Boot with this, and mount the root partition of the box (eg as /mnt)

vi /mnt/etc/shadow

<snip> I've used this method a couple of times when I've forgotten my own password (serves me right for trying to be secure and using too long/complicated passwords). If you can get physical access to a Linux box then it is at maximum a couple of minutes work to by pass root access. How does NT / Windows 2000 compare in this respect? Is it just as easy to walk up with a bootable floppy and change the password? It would be nice to know that if nothing else Linux is no less secure than Windows in this respect. Jethro

On Thursday 13 September 2001 09:09 am, Jethro Cramp wrote:

On Thursday 13 September 2001 16:36, James Ogley wrote:

...

If you have physical access to the machine, and can boot from a floppy, get yourself a copy of Tom's Root Boot (www.toms.net/rb/home.html) - every Sys Admin should have one of these to hand anyway.

Amen to that.

...

Boot with this, and mount the root partition of the box (eg as /mnt)

vi /mnt/etc/shadow

<snip>

I've used this method a couple of times when I've forgotten my own password (serves me right for trying to be secure and using too long/complicated passwords). If you can get physical access to a Linux box then it is at maximum a couple of minutes work to by pass root access.

How does NT / Windows 2000 compare in this respect? Is it just as easy to walk up with a bootable floppy and change the password?

It would be nice to know that if nothing else Linux is no less secure than Windows in this respect.

Jethro

The main reason that I am using SuSE 7.2 Pro is because of the crypto filesystem. I have the /home, /usr and /mnt/storage directories encrypted with twofish. It's true that you can gain root if you have physical access to my machine, but the data... well... you won't have access to that. So in effect, if you have physical access to my machine, what you really have access to is 25% of a SuSE 7.2 installation. Good for you. Better for me ;^) Have a great day! -Steven -- -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- Steven Hatfield http://www.knightswood.net Registered Linux User #220336 ICQ: 7314105 Useless Machine Data: Running SuSE Linux 7.2 Professional and KDE2.2 11:37am up 2 days, 15:17, 1 user, load average: 0.18, 0.11, 0.05 -+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+- Random Quote: C, n.: A programming language that is sort of like Pascal except more like assembly except that it isn't very much like either one, or anything else. It is either the best language available to the art today, or it isn't. -- Ray Simard

Hi, I did once, following the instructions in the 'Loopback-Encrypted-Filesystem' Howto. More information on how to set this up at http://www.kerneli.org. I suspect the SuSE 7.2 default kernel package already contains the required modules. Tim On Fri, Sep 14, 2001 at 05:00:46AM -0400, Karol Pietrzak wrote:

I noticed this option when installing 7.2, but I have yet to attempt to set it up. I don't have a partition to encrypt, but I would like to encrypt a file (i.e. loopback device). What encryption algorithms are available / used? How would I set this up manually, or using YaST? Anyone try this? -- noodlez: Karol Pietrzak

On Thursday 13 September 2001 7:32 pm, StarTux wrote:

Whilst we are on this, doesn't SuSE 7.2 come with the possibility of encrypting the filesystem?

Would this stop these boot floppy etc workarounds?

Yes. I have encrypted /home only so I can use a boot floppy/rescue disk to boot. However, I haven't worked out how to mount an LVM partition yet, e.g. /usr, which has /usr/bin/passwd. M

On Thu, Sep 13, 2001 at 10:02:03AM +0200, Gabriele Biondo wrote:

...

month ago i read that there is a way to gain the root privileges' over a linux box - with a little trick. Now, i do not remember that trick, but one of our sysadmins left the

company

...

and he doesn't want to give back that password. Is there anyone that knows that little trick? Is there anyone that knows how to configure lilo to protect from that

The way I see it, if you've got physical access to the server - security is irrelevant. The only way to protect yourself is to sever all network connections, power off the server and stick in a locked safe - I'd argue that its not worth having a server in this situation! :-) Paul Miles Low cost domain and web hosting www.allsecuredomain.com ----- Original Message ----- From: "Chris Reeves" To: "SuSE List" Sent: Thursday, September 13, 2001 9:44 AM Subject: Re: [SLE] Hacking linux trick?

Depending upon how well the system has been secured, there are a number of ways of gaining root privileges. However, we are left in kind of a moral dilemma as to whether or not you have a genuine problem - you could just

as

well be wanting to learn how to crack linux systems in general...

Can you convince us that you're genuine...?

Bye, Chris -- http://www.tuxedo.org/~esr/faqs/smart-questions.html __ _ -o)/ / (_)__ __ ____ __ Chris Reeves /\\ /__/ / _ \/ // /\ \/ / ICQ# 22219005 _\_v __/_/_//_/\_,_/ /_/\_\

-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq and the archives at http://lists.suse.com

I had the very same thought. Since you talk of "sysdmins" I take it you are talking about a non-personal system. In that case if you need to administer the system, and need root, and don;t know how to fix your problem. you have no business being a user with root priveleges anyway.

On Thu, Sep 13, 2001 at 09:44:36AM +0100, Chris Reeves wrote:

...

On Thu, Sep 13, 2001 at 10:02:03AM +0200, Gabriele Biondo wrote:

...

month ago i read that there is a way to gain the root privileges' over

a

...

linux box - with a little trick. Now, i do not remember that trick, but one of our sysadmins left the company and he doesn't want to give back that password. Is there anyone that knows that little trick? Is there anyone that knows how to configure lilo to protect from that

Did I mention that I am currently seeking employment??? :-) Paul Miles All Secure Networks Visit www.allsecuredomain.com for low cost web hosting and domain registration ----- Original Message ----- From: "Cliff Sarginson" To: "SuSE List" Cc: "Chris Reeves" Sent: Thursday, September 13, 2001 4:24 PM Subject: Re: [SLE] Hacking linux trick?

...

Depending upon how well the system has been secured, there are a number

of

...

ways of gaining root privileges. However, we are left in kind of a moral dilemma as to whether or not you have a genuine problem - you could just as well be wanting to learn how to crack linux systems in general...

Can you convince us that you're genuine...?

Bye, Chris

I had the very same thought. Since you talk of "sysdmins" I take it you are talking about a non-personal system. In that case if you need to administer the system, and need root, and don;t know how to fix your problem. you have no business being a user with root priveleges anyway.

-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq and the archives at http://lists.suse.com

On Thursday 13 September 2001 22.56, Martin Webster wrote:

1. Password enable your BIOS.

This will only slow down an intruder, but won't stop him (they are usually guys, aren't they :) if he has access to the hardware. Most chips have CMOS reset jumpers, and if they don't, removing the battery for a couple of minutes will do the trick. The only way to really secure your data (and if the reports on the FBI investigation of the spying sergeant are true, even this won't be enough) is to encrypt the data, using things like 7.2's encrypted file system, although I don't know how strong that encryption is. The problem, unfortunately, is that a) an encrypted file system will be slower the stronger the encryption is, and on servers this will be unacceptable. This could be helped with hardware accelerated en/decryption, but b) an admin's leaving with the password would be that much more devastating. The solution to the leaving sysadmin is to never have a system where just one person has the password, but the sysadmin who wants to mess up the system can just change the pwd. I don't think there are any good solutions. A real BOFH cannot be stopped.

On September 13, 2001 05:56 pm, Martin Webster wrote:

On Thursday 13 September 2001 8:02 am, Gabriele Biondo wrote:

...

Dear sirs month ago i read that there is a way to gain the root privileges' over a linux box - with a little trick. Now, i do not remember that trick, but one of our sysadmins left the company and he doesn't want to give back that password. Is there anyone that knows that little trick? Is there anyone that knows how to configure lilo to protect from that trick?

That would be great, it would save me the time to search among lotsa articles.

SuSE has a Rescue System on CD 1, in which you can boot and log in as root without a password. Thus:

1. Boot the machine. 2. Type: linux init=/bin/sh rw 4. Type: mount /usr 5. Change your root password using: passwd 6. Type: sync; sync; sync 7. Type: umount /usr 8. Remount the root filesystem (readonly this time): mount -o remount,ro / 9. Finally, type: exec /sbin/init 6

Unfortunately, I can't do this on my system since I'm using LVM and mount /usr won't work. Any ideas?

I learned how to do this a while ago on my Alpha box. Knowing that I'll never remember the process, I stuck it in my Wiki: http://tick.funktronics.ca/arthur/MountingLVMDuringRescue -- James Oakley Engineering - SolutionInc Ltd. joakley@solutioninc.com http://www.solutioninc.com