Securing and Optimizing Linux:RedHat Edition | All about OS

Shell logging

Категория: Securing and Optimizing

• Adding: timeout=00
This option controls how long (in seconds) LILO waits for user input before booting to the default selection. One of the requirements of C2 security is that this interval be set to 0 unless the system dual boots something else.
• Adding: restricted
This option asks for a password only, if parameters are specified on the command line (e.g. linux single). The option “restricted” can only be used together with the “password” option. Make sure you use this one on each image.
• Adding: password=<password>
This option asks the user for a password when trying to load the Linux system in “single mode”. Passwords are always case-sensitive, also make sure the “/etc/lilo.conf file is no longer world readable, or any user will be able to read the password. Here is an example of our protected LILO with the “lilo.conf file.
Stepi
Edit the lilo.conf file (vi /etc/lilo.conf) and add or change the tree options above as show:
boot=/dev/sda
map=/boot/map
install=/boot/boot.b
prompt
timeout=00 <r change this line to 00.
Default=linux
restricted <- add this line.
password=<password> <r add this line and put your password.
image=/boot/vmlinuz-2.2.12-20
label=linux
initrd=/boot/initrd-2.2.12-10.img
root=/dev/sda6
read-only
Step 2
Because the configuration file “/etc/lilo.conf now contains unencrypted passwords, it should only
be readable for the super-user “root”.
[root@deep /]# chmod 600 /etc/lilo.conf (will be no longer world readable).
Step 3
Now we must update our configuration file “/etc/lilo.conf for the change to take effect.
[root@deep /]# /sbin/lilo -v (to update the lilo.conf file).
Step 4
One more security measure you can take to secure the “lilo.conf file is to set it immutable, using the chattr command.
• To set the file immutable simply, use the command:
[root@deep /]# chattr +i /etc/lilo.conf
And this will prevent any changes (accidental or otherwise) to the “lilo.conf file. If you wish to modify the “lilo.conf file you will need to unset the immutable flag:
• To unset the immutable flag, use the command:
[root@deep /]# chattr -i /etc/lilo.conf

Страниц: 1 2

« Resource limits
Disable the Control-Alt-Delete keyboard shutdown command »