HostedDB - Dedicated UNIX Servers

Securing-Optimizing-RH-Linux-1_2_54
Comments and suggestions concerning this book should be mailed to gmourani@videotron.ca © Copyright 1999-2000 Gerhard Mourani and Open Network Architecture ® 54 This option asks for a password only, if parameters are specified on the command line (e.g. linux single). The option “restricted” can only be used together with the “password” option. Make sure you use this one on each  image. · Adding: password=<password> This option asks the user for a password when trying to load the Linux system in “single mode”. Passwords are always case-sensitive, also make sure the “/etc/lilo.conf” file is no longer world readable, or any user will be able to read the password. Here is an example of our protected LILO with the “lilo.conf” file. Step 1 Edit the lilo.conf file (vi /etc/lilo.conf) and add or change the tree options above as show: boot=/dev/sda map=/boot/map install=/boot/boot.b prompt timeout=00 change this line to 00. Default=linux restricted add this line. password=<password> add this line and put your password. image=/boot/vmlinuz-2.2.12-20 label=linux initrd=/boot/initrd-2.2.12-10.img root=/dev/sda6 read-only Step 2 Because the configuration file “/etc/lilo.conf” now, contains unencrypted passwords, it should only be readable for the super-user “root”. [root@deep /]# chmod 600 /etc/lilo.conf (will be no longer world readable). Step 3 Now we must update our configuration file “/etc/lilo.conf” for the change to take effect. [root@deep /]# /sbin/lilo -v (to update the lilo.conf file). Step 4 One more security measure you can take to secure the “lilo.conf” file is to set it immutable, using the chattr command. · To set the file immutable simply, use the command: [root@deep /]# chattr +i /etc/lilo.conf And this will prevent any changes (accidental or otherwise) to the “lilo.conf” file. If you wish to modify the “lilo.conf” file you will need to unset the immutable flag: · To unset the immutable flag, use the command: [root@deep /]# chattr -i /etc/lilo.conf 28. Disable the Control-Alt-Delete keyboard shutdown command