Prevent linux from being replaced [closed]

This is somewhat related to physical security breach.

Consider a Linux server with all firewall and other security stuffs running in it. However, if someone gets physical access to the server, he could simply wipe out the existing Linux in the machine (formatting the system with an OS CD/DVD or install a new OS in that place).

Such a thing could be prevented by securing the server machine well. However, my question is, could Linux, as a software, prevent such things? For example, I would typically like to have some parameter (set by admin) that would prevent OS replacement. In order to actually replace the OS, admin must unset that parameter.

Edit

As per @David Schwartz's comment, a brief description about the environment:

  • It's not a war-like situation where someone is moving with hammers, saws and other dangerous tools :)
  • The machine could not be physically replaced
  • The machine's chassis could be opened and all such stuff be done -- but that's also less likely

The environment am talking about is when someone accidentally gets into physical proximity of the machine for a short duration, and attempts to wipe out the OS. Yes, a CD/DVD ROM is there.

Further, I'm not concerned with whether there is backup, or if that guy could read my contents. The only thing I'm concerned is that he could potentially interrupt my service.

Final Remarks

Thanks for all the answers (and humours). The objective was to know if such a mechanism exists or could possibly exist. I take the answer as negative. Not sure if this could be a research issue in the future.


Solution 1:

You can modify the BIOS configuration, set boot order to only HDD, secure BIOS with a password (but an attacker can reset it by replacing the BIOS battery), and in Linux you can secure GRUB with a password. But you'll have to enter the password every time you reboot your system (if you have KVM over IP this is possible).

But the truth is that if someone has physical access to your machine they can use a hammer, C4, chainsaw, etc... to destroy your data and computer. Even if you secure it with a BIOS password they can replace the HDD.

In conclusion, if someone has physical access to a machine they can do all they want with it.

Solution 2:

If someone has physical access to your machine then they can do what they want and nothing you can do at the OS level can stop them. The main reason is that they can simply bypass your OS and boot their own from a bootable device.

Solution 3:

First of all, can you ensure that the bad guy doesn't gain phisical access to the computer? If no, Remove CD ROM, set up so that computer boots from primary hard drive, disable USB ports (at the level of BIOS ofcourse), and set BIOS password. But then, the bad guy could still open the case (if you don't secure it) and remove BIOS battery to reset any BIOS password, boot from usb flash and...

After all what's the problem if the bad guy replaces the OS? It doesn't mean he can gain access to resources stored on computer if the disk is encrypted. And you do have backups, do you?

Anyway, here is your answer: Big old key Along with encryption and backups.

Solution 4:

A word of note first: Law #3 of Computer Security: If a bad guy has unrestricted physical access to your computer, it's not your computer anymore.

To help lessen the chances of a casual would-be OS installer, there are a few things you can do with a Linux server both phyiscal security and software security:

  • Lock the server rack, secure the single key
  • Disable USB, CD, PXE, and 'Other HDD' boot options in BIOS
  • Set a secure BIOS access password
  • Set a Grub password to edit, disable recovery and single-user mode
  • Use strong root and user passwords
  • Use AppArmour or SELinux to protect kernel space and filesystem
  • Understand Law #3. Plan for this not being in your control.

Solution 5:

In order to replace the OS one needs access to either 1) the existing OS, 2) the machine boot mechanism or 3) plenty of time with the physical machine. I will surpass #3 since in that case we could say that cannot be alleviated ie if I have plenty of time with a physical machine I could as well cut the chains swap out the machine itself and be done with it.

For #1: Good (password) practices will prevent such access. If the machine is also "properly" configured then the likelihood of anyone getting root access is very slim ("properly" here refers to your own environment/setup since every machine depends on your environment and functionality - from strong passwords to OS configuration).

For #2: Server class machines (not only) have mechanisms to prevent an intruder from gaining access to the machine boot sequence (usually boot password and other boot related prevention mechanisms).