Protect Boot & Single user mode

as a physical security is the main factor in our security perspective

we all need to protect unauthorised access to our Linux box after we protect bios

and we all know that anyone can rest the root password via accessing the single mode

so we have 3 ways 1st thing to disable single user mode entirely  2nd adding a password 3rd encrypt the disk with luks

single use mode configuration located under /etc/sysconfig/init

the last line of the init configuration instructs the user shell for single user mode

sushell  this shell allows access with full root privilege  we can change the shell type to control the single user mode

if we sit it /sbin/nologin no single user mode will be activated on the boot and the machine will continue booting to default run level 😉

we can set it to sulogin to make boot asks for the root password before it continues to give a full root access

 

we can add more password layer for grub configuration via adding password –encrypt HASH from grub-crypt command

one important thing an attacker can manipulate boot start services by pressing (i) in the boot sequence

an attacker can disable any running service example I disabled iptables in the boot 😀

Screen Shot 2015-08-17 at 3.32.33 AM

we can protect from this disaster by disable hotkeys in /etc/sysconfig/init

protect the console from reboot via ctrl-alt-delete

an attacker can press ctrl-alt-delete to your machine to make it reboot

to disable it we need to change the behaviour of this intercept in /etc/init/control-alt-delete.conf

by adding a comment to the exec line to disable reboot

One thought on “Protect Boot & Single user mode

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.