On Tuesday 05 January 2010 11:18:53 Tim wrote: > On Tue, 2010-01-05 at 00:15 -0800, Hosea Phiri wrote: > > I have a client who lost root password for his machine running FC 11. > > I made an attempt to recover password by booting in single mode. I am > > familiar with editing the GRUB boot menu and appending "linux single" > > to make the server boot in sigle mode. > > > > My surprise, the machines boots differently. I noticed one major thing > > that looked different from other versions of Fedora I have used > > before. It does not bring up the Grub menu. It does not even show the > > services startup. It goes straight into login prompt bypassing all > > other stages which I guess run from background. > > That is normal. > > And if you don't want unauthorised people to be able to do the same > thing, you need to take some steps to make it difficult: > > Set the BIOS so it will only boot from the hard drive, ignoring > floppies, CD-ROMs, and drives plugged into USB ports. > > Password protect the BIOS so nobody can change the above options. > > Password protect the GRUB menu, so you cannot change boot options > without typing in a password. And weld the box shut, chain it to the floor, and put two policemen in the room 24/7. ;-) > With those steps someone has to crack your password, or remove the hard > drive from the computer. Or reset the CMOS. Disconnecting the power and CMOS battery typically resets all bios passwords. Also, on modern motherboards there is usually a jumper provided for this purpose. After bios gets accessible, a rescue CD is enough to give full access. If an intruder has physical access to the hardware, nothing can stop him from compromising the machine, in principle. Data (or hard drive) encryption is the only measure which provides sane amount of security for data, if done properly. ;-) Except if you live in USA, where it is illegal to use strong encryption algorithms (or so I hear)... Best, :-) Marko -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
