How to Prevent someone else from reseting your root password ?

If you are an even slightly security-consious sysadmin, the previous sections must have set off alarms while you were reading them. Is it really that easy to hack Linux? Yes and No. It all it comes down to the following: Physical Access is Root Access. Meaning, if you give someone physical access to a system, then you are giving them a very good chance of getting root access on your box. This is true for Windows, Linux, or any other OS out there.

But... you say that you need to give some people physical access to the server? There are some precautions you can take to slow down attackers and stop the noob's. In this section I will talk about various ways you can make your computer more secure against these types of attacks. So lets get started.

Protecting GRUB and LILO

First, edit the /etc/inittab file and insert the following line, right after the "initdefault" line: ~~:S:wait:/sbin/sulogin. This will require a password to boot into single-user mode by making init run 'sulogin' before dropping the machine to a root shell. 'sulogin' requires the user to input the root password before continuing.

Unfortunately, the above step won't protect us against people who know what they are doing and pass init=/bin/bash to the kernel at the LILO prompt. To prevent unauthorized access I would suggest that you password protect LILO/GRUB by following these steps:

How to Protect LILO:

• Open a shell prompt and log in as root
• Open /etc/lilo.conf in your favorite text editor
• Add the following line before the first image stanza: password= , where is your password.
• Run /sbin/lilo -v to let the changes take effect
• Type chmod 600 /etc/lilo.conf to give only root access to read and edit the file since all passwords are in plain text
• Relax a bit, as your system is a little bit more secure

How to password-protect GRUB

• Open a shell prompt and log in as root
• Type /sbin/grub-md5-crypt and press enter
• Enter the password you chose for GRUB when prompted. This will return an MD5 hash of your password
• Open /boot/grub/grub.conf in your favorite text editor
• Add password --md5 below the timeout in the main section (Replace with the hash you got in the previous step)
• Save and exit
• The next time you reboot, the GRUB menu will not let you access the editor or command interface without first pressing [p] followed by the GRUB password.

protecting the BIOS

There are two primary reasons for password-protecting the BIOS of a computer:

• Prevent Changes To BIOS Settings: if an intruder has access to the BIOS, they can set it to boot off of a diskette or CD-ROM.
• Prevent Booting the System: Some BIOSes allow you to password protect the boot process itself. When activated, an attacker would be forced to enter a password for the BIOS to launch the boot loader.

Because the methods for setting a BIOS password vary between computer manufacturers, you should consult the manual for your computer. If you forget the BIOS password, it can often be reset either with jumpers on the motherboard or by disconnecting the CMOS battery. However, you should check the manual for your computer or motherboard before attempting this procedure.

How to Reset forgotten Root passwords?

There are various methods available for resetting a root password.

• Boot into single-user mode (easiest, least risky)
• Boot using a boot disk and edit the password file
• Mount the drive on another computer and edit the password file

I will also go over some steps to prevent some other person from doing this and hacking your machine.

Reseting passwords by booting into single-user mode

This is the easiest and the fastest method to reset passwords. The steps are a little different depending on if you are using GRUB or LILO as a bootmanager.

Booting into single-user mode from LILO

Follow these steps to reset the password when using LILO:

• Reboot the system. When you see the LILO: prompt (see Fig. 1 below), type in linux single and press 'Enter'. This will log you in as root in single-user mode. If your system re quires you to enter your root password to log in, then try linux init=/bin/bash instead.
• Once the system finishes booting, you will be logged in as root in single-user mode. Use passwd and choose a new password for root.
• Type reboot to reboot the system and then you can login with the new password you just selected.

If you have a new version of LILO which gives you a menu selection of the various kernels available press Tab to get the LILO: prompt and then proceed as shown above.

Booting into single user mode from GRUB

Follow these steps to reset the password when using GRUB:

• Reboot the system, and when you are at the selection prompt (See Fig. 2 below), highlight the line for Linux and press 'e'. You may only have 2 seconds to do this, so be quick.
• This will take you to another screen where you should select the entry that begins with 'kernel' and press 'e' again.
• Append ' single' to the end of that line (without the quotes). Make sure that there is a space between what's there and 'single'. If your system requires you to enter your root password to log into single-user mode, then append init=/bin/bash after 'single'. Hit 'Enter' to save the changes.
• Press 'b' to boot into Single User Mode.
• Once the system finishes booting, you will be logged in as root. Use passwd and choose a new password for root.
• Type reboot to reboot the system, and you can login with the new password you just selected.

passwords by using a boot disk and editing the password file

This method is a little bit more complicated than the previous one and has a very high chance of success (assuming your filesystem is not encrypted and you didn't forget the password to decrypt it if it is). As before, get permission before you do this.

To start, you need a Linux boot disk or a rescue disk. (If you didn't create one when prompted during the installation then let this be a lesson for you.) You can use your installation CD as a rescue disk; most distros have an option to allow you to boot into rescue mode. With my Redhat Linux CD, I have to enter linux rescue to start the rescue mode. But this might be a bit different in each distro. You can also use a live linux CD like Knoppix or Gnoppix for system recovery. (Click here for a list of all the live Linux CD's). In this tutorial I will use Knoppix as my rescue CD but the process is almost the same for any rescue CD you might use.

[ You can also download one of the many single-floppy Linux distributions (e.g., Tom's RootBoot ), and use it to bring up the machine as described. This is, of course, much faster than downloading and burning a rescue CD, especially on a slow connection. -- Ben ]

Follow these steps to reset the password using Knoppix:

• Reboot the system and configure it to boot from the Knoppix CD (instructions available here)
• At the Knoppix Boot Prompt (See Fig. 3 below) enter: knoppix lang=us to start boot Knoppix using the english locale. If you understand German, feel free to just hit 'Enter' to boot into Knoppix.
• Once the system finishes booting, press + + (The Control, Alt and F1 key together) to switch to a virtual terminal.
• Type mkdir mountplace to create a directory called 'mountplace'. This is where we will mount the filesystem.
• Type mount /dev/hdaX mountplace, where /dev/hdaX is your root partition. More information on Linux partitions is available here.
• Change to the "/etc" directory on your root partition by typing cd mountplace/etc.
• Use your favorite text editor and open the 'shadow' file for editing. I use 'vi', so I type vi shadow (If you have a really old system, you won't have a shadow file, in which case you need to edit the 'passwd' file.)
• Scroll down to the line containing the root user's information, which looks something like:
  root:dsfDSDF!s:12581:0:99999:7:::
• Delete everything between the first and second colons, so that the line looks like:
  root::12581:0:99999:7:::
• Save the file and exit your editor.
• Type cd to return to your home directory.
• Type umount mountplace to unmount the partition.
• Type reboot to reboot your system, and remove the Knoppix CD from the drive.
• Now you can log into your system as root with no password. Make sure you change the password immediately.

Reseting passwords by mounting on another system and editing the password file

This option is a bit more work than any of the earlier options but is almost sure to work (except when the filesystem is encrypted).

Follow these steps to reset the password:

• Shut down the machine after backing up all important data.
• Open the casing, unplug the hard drive, and take it to another machine. (This system should be running Linux, since Windows can't read the Linux partition formats.)
• Connect the hard disk as a slave drive and boot the new system.
• Once the system finishes booting, mount the slave drive's root partition as shown above and edit the password file.

How To Set the Time Zone

Change directory to /usr/lib/zoneinfo/. Get the time zone package if you don't have this directory. The source is available inftp://metalab.unc.edu/pub/Linux/system/admin/time/.

Then make a symbolic link named localtime pointing to one of the files in this directory (or a subdirectory), and one called posixrules pointing tolocaltime. For example:

$ ln -sf US/Mountain localtime $ ln -sf localtime posixrules

This change will take effect immediatelytry date.

If the system uses Red Hat-style configuration files, the respective time zone info files are /usr/share/zoneinfo and /etc/localtime.

The manual pages for tzset or tzselect describe setting the time zone. Some programs recognize the TZ environment variable, but this is not POSIX-correct.

You should also make sure that your Linux kernel clock is set to the correct GMT time. Type date -u and check that the correct UTC time is displayed. SeeWhy Does the Computer Have the Wrong Time?.