[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Recover Root Password on FC 11 and Missing GRUB Screen



On Tuesday 05 January 2010 11:18:53 Tim wrote:
> On Tue, 2010-01-05 at 00:15 -0800, Hosea Phiri wrote:
> > I have a client who lost root password for his machine running FC 11.
> > I made an attempt to recover password by booting in single mode. I am
> > familiar with editing the GRUB boot menu and appending "linux single"
> > to make the server boot in sigle mode.
> >
> > My surprise, the machines boots differently. I noticed one major thing
> > that looked different from other versions of Fedora I have used
> > before. It does not bring up the Grub menu. It does not even show the
> > services startup. It goes straight into login prompt bypassing all
> > other stages which I guess run from background.
> 
> That is normal.
> 
> And if you don't want unauthorised people to be able to do the same
> thing, you need to take some steps to make it difficult:
> 
> Set the BIOS so it will only boot from the hard drive, ignoring
> floppies, CD-ROMs, and drives plugged into USB ports.
> 
> Password protect the BIOS so nobody can change the above options.
> 
> Password protect the GRUB menu, so you cannot change boot options
> without typing in a password.

And weld the box shut, chain it to the floor, and put two policemen in the room 
24/7. ;-)

> With those steps someone has to crack your password, or remove the hard
> drive from the computer.

Or reset the CMOS. Disconnecting the power and CMOS battery typically resets 
all bios passwords. Also, on modern motherboards there is usually a jumper 
provided for this purpose. After bios gets accessible, a rescue CD is enough 
to give full access.

If an intruder has physical access to the hardware, nothing can stop him from 
compromising the machine, in principle. Data (or hard drive) encryption is the 
only measure which provides sane amount of security for data, if done 
properly. ;-) Except if you live in USA, where it is illegal to use strong 
encryption algorithms (or so I hear)...

Best, :-)
Marko


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]