Re: [cobalt-security] got root?

[Tim Dunn <tdunn@xxxxxxxxxxxxxxxxxxx>]

> > My new saying is "Got Console Got Root!".....
> I've seen a A LOT of scripts that give you a root shell after a minute or
> two...

Well, if you have console access to a box, you usually can root it very 
quickly.  Failing that, you can usually just down the box, which is
almost as bad.

Lintel boxes are especially bad with the old LILO "boot single" option.  
And even if not, it's usually a rather trivial matter to set up a mini-
distro on removable boot media (CD or floppy) and config the BIOS to use 
that.  After all, physical access to the console usually grants you access
to the Big Red Switch and the power cord.

My home Lintel boxes have LILO passwords, but I've not gotten paranoid
enough to set up BIOS passwords.  They do bypass removable media on
boot, but w/o a BIOS password, that's not going to stop someone for
long.  I figure if someone has physical access to my home system, I have
bigger problems than data integrity at this point. =)

Were I to colo, I'd definitely have those set, and replace key screws 
with locks (from CyberGuys, http://tinyurl.com/zz3).  I would expect the 
colo facility to be responsibility for power integrity and physical access 
control, and pick up from there.  (and no, the case lock won't stop a drill,
but the paranoia has to stop somewhere.)

tim

-- 
Sysadmin Rule #14: If it's not on fire, it's a software issue.