linux root password security

security linux centos redhat

Solution 1:

While @ShaneMadden really hits on the core problem here, that given physical access all bets are off. Your next best bet would be to require password logins for single user mode. You can enable this by adding the following line to your /etc/inittab file.

~~:S:wait:/sbin/sulogin

Afterwards, whenever one enters into single user mode, the user is prompted for the root password instead of simply being dropped into a root shell.

Just keep in mind that this would simply be a protection within your security plan.

Solution 2:

Physical access to your system is control over your system. Prevent single-user mode, and they can boot to a different OS, or pull the drive and mount it on another system, and change your password on the filesystem.

Encryption is the only way to prevent access to your data when someone can physically touch the machine. And even then, it's not bulletproof.

Solution 3:

You can password protect grub so that people can't boot as a single user:

http://www.centos.org/docs/5/html/5.2/Deployment_Guide/s3-bootloader-grub.html

However, If you are in an environment when people can access your machine without restrictions, then you have a problem with onsite security that you need to address. Short of encrypting your drive, your data will always have that risk of being physically compromised.

Related

Ubuntu Server upgrade over SSH hang
Issues with nginx autoindex
how to deny "sudo su"
How to configure sudoers to always keep LD_LIBRARY_PATH envrionment variable?
Postfix forwarding to GMail address
open port on ubuntu in azure
STunnel Not Reading Configuration File
Command line tools for ping HTTP? [closed]
How is DHCP request message broadcasted?
Converting a Hyper-V VM with a vhdx drive to a VMWARE format
AH01630: client denied by server configuration Apache
How to I make a domain resolve to different IP's when resolved from internal network and external network?