|[Home] [Credit Search] [Category Browser] [Staff Roll Call]||The LINUX.COM Article Archive|
|Originally Published: Tuesday, 18 April 2000||Author: Kapil Sharma|
|Published to: enchance_articles_security/Advanced Security Articles||Page: 1/1 - [Std View]|
LILO Security Tips
LILO Security is one topic that some Linux Security Expert's have a shady background with. Here is a short article that discusses several techniques to minimize the risk of passing LILO arguments at boot time and booting the system in single user mode to get the root shell.
LILO: There are several techniques to minimize the risk of passing LILO arguments at boot time and booting the system in single user mode to get the root shell. delay=X This controls how long (in tenths of seconds) LILO waits for user input before booting to the default selection. It should be set to 0 unless the system dual boots something else.
prompt This forces the user to enter something, LILO will not boot the system automatically. This will not reboot the server without a human attendant. But, If you add a timeout option then the system will continue booting after the timeout is reached. restricted This option will ask for password if boot time options (such as "linux single") are passed to the boot loader.
This requires user to input a password if used in conjunction with restricted option. The lilo.conf file must not be world readable, otherwise any user will be able to read the password.
Here is an example of a good secure lilo.conf:
boot=/dev/hda map=/boot/map install=/boot/boot.b prompt timeout=100 default=linux image=/boot/vmlinuz-2.2.12-20 label=linux root=/dev/hda1 read-only restricted password=kpAsSb0rv_f
The above configuration will function as follows:
1. Boots the system using the /boot/vmlinuz-2.2.12 kernel, stored on the first portion (right after the MBR) of the first IDE harddrive of the system.
2. The prompt keyword would normally stop unattended rebooting. It should be set in the image, so it can boot ?linux? with no problem. This will be useful for remote booting. But it would ask for a password if you entered ?linux single?.
3. Timeout option will give you 10 seconds to type the password ("kpAsSb0rv_f"), if you want to go into ?linux single?.
Some of the minor security steps that should be taken along with lilo security:
1: BIOS should be password protected and should only boot from C:
2: The lilo.conf file should be set to immutable, using the ?chattr? command. To set the file immutable simply type the following command on the console:
chattr +i /etc/lilo.conf
This will any changes (accidental or otherwise) to the lilo.conf file. If you wish to modify the lilo.conf file you will need to unset the immutable flag by issuing the following command on the console:
chattr -i /etc/lilo.conf
[Note: only the root user has access to the immutable flag.]
Conclusion: By applying the several techniques above you can minimize the risk of passing LILO arguments at boot time, and prevent the most damaging one argument "image-name single" which boots Linux into single user mode without asking for any password.
Kapil Sharma is a Linux and Internet security consultant. He has been working on various Linux systems for more than 2 years.