Insecure boxes at computer lab?

[rick420]

Im sitting in my schools computer lab waiting for my cisco class to start. I look to the right and what do I see? 4 Red Hat boxes!!

So of course I wanna hop off my Win2k box and get on that redhat box, so i ask the lab assistant, " whats the login name / pass?" He says I need to be in the Unix class to have a login/pass

So i hop on google and look up password recovery, I dont remember exactly what I searched for, but a page came up that said how to recover red-hat root pass. I booted it up, chose text mode, and typed " linux 1 " and up came a root prompt and I entered "passwd haha" and then somethign like "initlevel 5" and up it started and logged in under root/haha!!

Is this just an insecure box, or can you always do that to a local linux box? And what exactly was it I typed in, I forgot and cant find that damn page on google anymore.

when you wrote 'linux 1' at the LILO prompt, you went into single user mode. In this mode, you are root and you are not prompted for a password, so this is why you can change passwords and add new users without even knowing the real root password. IIRC, it's possible to block single user mode by putting a password, but I'm not too sure of that (I'll check it out though).

And yes, in a sense that box is insecure, but to internal, physical attacks.

[TaeShadow]

Is this just an insecure box, or can you always do that to a local linux box?

The fact is that there is really no way to secure a system once the attacker has physical access. If you think passwords will provide anything beyond a minor annoyance, you are just fooling yourself. Systems can be theoretically be secure from remote attacks, however.

The fact is that there is really no way to secure a system once the attacker has physical access. *If you think passwords will provide anything beyond a minor annoyance, you are just fooling yourself. *Systems can be theoretically be secure from remote attacks, however.

It all depends on the users though. 98% of the people where I work are stopped by a simple Warning message box. So passwords would definitely keep them out, no question. The other 2% though, the 2% that knows computers well enough is more of a problem

[Ashcrow]

You can set up the bootloader to not allow passing options without a password. Obviosuly, this can still be foiled via ripping out the HD and mounting on your own box.

Try passing init=/bin/bash :-P.

[Compunuts]

Of course, that's why most admins security nightmare is internal attacks ..... There is no system that can be really secured if someone has physical access to them. That's why most production floors use boxes that have no CD nor Floppy. And then have it passworded to your boot loader and system BIOS.

[airhead]

What say a computer is set up to boot straight into linux (No prompt) and it has no boot disk. How then do you log in in single user mode?

Okay, okay. Its my computer Haven't used it in weeks and can't remember the password. ;D

What say a computer is set up to boot straight into linux (No prompt) and it has no boot disk. How then do you log in in single user mode?

Okay, okay. Its my computer Haven't used it in weeks and can't remember the password. * ;D

Before LILO appears, you hold down the shift key

[airhead]

Cheers GnuVince

[kenshi]

If people are that worried about physical tampering, they should have the computer locked in a cabinet or closet. There's still the possibility of someone beating the cabinet apart with a sledge hammer or taking an axe to the closet door, but get real.