Chapter 4. Workstation Security
29
For a DOS system, the stanza should begin something like the following:
title DOS
lock
Warning
You must have a password line in the main section of the /boot/grub/grub.conf file for this to work
properly. Otherwise an attacker will be able to access the editor interface and remove the lock line.
If you wish to have a different password for a particular kernel or operating system, add a lock line
to the stanza followed by a password line.
Each stanza you protect with a unique password should begin with lines similar to the following
example:
title DOS
lock
password md5 password hash
Finally, remember that the
/boot/grub/grub.conf
file is world readable by default. It is a good
idea to change this, as it has no affect on the functionality of GRUB, by typing the following command
as root:
chmod 600
/boot/grub/grub.conf
4.2.2.2. Password Protecting LILO
LILO is a much simpler boot loader than GRUB and does not offer a command interface, so you
need not worry about an attacker gaining interactive access to the system before the kernel is loaded.
However, there is still a danger in booting in single user mode or booting to an insecure operating
system.
You can configure LILO to ask for a password before booting every operating system or kernel on the
system by adding a password directive in the globally. To do this, open a terminal, log in as root, and
edit
/etc/lilo.conf
. Before the first
image
stanza, add a password directive similar to this:
password=password
In the above directive, replace the word password with your password.
Important
Anytime you edit /etc/lilo.conf, you must run the /sbin/lilo v v command for the changes
to take affect. If you have configured a password and anyone other than root can read the file, LILO
will install, but will alert you that the permissions on the configuration file are wrong.
If you do not want a global password, you can apply the password directive to a stanza listed in
/etc/lilo.conf
for any kernel or operating system to which you wish to restrict access. To do this,
add the password directive immediately below the
image
line. When finished, the stanza will begin
similar to the following:
footer
Our partners:
PHP: Hypertext Preprocessor Best Web Hosting
Java Web Hosting
Inexpensive Web Hosting
Jsp Web Hosting
Cheapest Web Hosting
Jsp Hosting
Cheap Hosting
Visionwebhosting.net Business web hosting division of Web
Design Plus. All rights reserved