Friday, October 12, 2007

'Insecure by Default'? Well, Yes and No...

Azerblog mentions that Linux distros are insecure by default, specifically that you can boot into single user mode by editing the GRUB kernel line to get to a root shell. Actually, this doesn't work without the existing root password on Fedora, Debian, and Ubuntu (not sure about other Unices or Linux distros). Just before entering single-user mode, you will get a console message "Give root password for maintenance (or type control-D for normal startup)". To actually get a minimal root shell without a password, you need to add init=/bin/bash to the 'kernel' line in the GRUB edit shell. You could also boot from a live CD, or just take out the hard drive and mount it in another computer (all good methods of recovering a lost root password, BTW).

I guess the moral is that if a determined cracker gets physical access to your server, they can pretty much do what they want. I suppose to make things very difficult, you could 1) enable the system's BIOS password, 2) enable the GRUB password, and 3) use encrypted swap and filesystems. All of these would be a real pain if you don't have remote console on a CoLo'd or hosted server, since you would need someone physically present every time the server rebooted or lost power. I imagine that's why many of these security measures are not enabled by default.

No comments: