System Administration
cancel
Showing results for 
Search instead for 
Did you mean: 

Password Protect Single User Mode

 
SOLVED
Go to solution
Bob Ferro
Regular Advisor

Password Protect Single User Mode

Here's a simple question. Our security department wants us to password protect whenever we go into Single User Mode. That's fine until we forget root's password or lock it out. Then our alternative to boot from an installation CD or an Ignite tape. Are we going to be able to boot from these devices and if so, what good is password protection if we can boot from an alternate device without a password? I need some pro vs cons.
8 REPLIES
James R. Ferguson
Acclaimed Contributor
Solution

Re: Password Protect Single User Mode

Hi Bob:

Look at '/etc/default/security' in particular the 'BOOT_AUTH' and 'BOOT_Users' attributes.

http://docs.hp.com/en/B2355-60130/security.4.html

Regards!

...JRF...
Bob Ferro
Regular Advisor

Re: Password Protect Single User Mode

But my question is what are the PROs and CONs of password protecting single user mode if we can bypass it by booting from an Ignite tape or a installation CD?
Mel Burslan
Honored Contributor

Re: Password Protect Single User Mode

Bob,

In a day like today, where remote console option are quite prolific, console only direct access to root account policies are coming short of satisfying the requirement of being on-site with physical access to the server. When you are forced to insert a media to break into your own system, it is an added leel of security. But after all, someone will need some way of accessing this server and in the ultimate end, security department will need to trust at least ONE admin. And needless to say, nothing is 100% secure, but adding another level of complexity to the breaking into the system makes it more difficult to be broken in, should a mishap takes place and an unauthorized person gains access into some level of secured perimeter.

When it comes to security, at some point, you need to take your logical hat off, I came to realize and not to fight, by questioning the authority. If they want to feel safe under a false sense of security, let it be. You will be much happier.
________________________________
UNIX because I majored in cryptology...
Bob Ferro
Regular Advisor

Re: Password Protect Single User Mode

I appreciate your comments. My big question is the only way to break the system is by physical access to the console which is in a very secured area (guards, access cards, etc.). So what good is password protecting SUM, if the only thing someone needs is an installation CD? Doesn't matter what release, just a CD that anyone can get. Don't need a password. Where's the security?
Steven E. Protter
Exalted Contributor

Re: Password Protect Single User Mode

Shalom,

Password protecting single user mode is a bad ideas:

pro: It improves security and stops unauthorized users from changing the root password.

con: Single user mode is a necessary method for regaining control of a system when the root password has been forgotten, or reset by an operator without documentation.

Remote console devices themselves can be protected well enough to not require single user mode being protected.

Modern servers with ilo cards have ssl protection to their web interface, and can use the root password to prevent unauthorized reboot.

Single user mode is a very useful tool that can be protected adequately IMO.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Bob Ferro
Regular Advisor

Re: Password Protect Single User Mode

is this a pro or con?

Modern servers with ilo cards have ssl protection to their web interface, and can use the root password to prevent unauthorized reboot.


IMO?
Olivier Masse
Honored Contributor

Re: Password Protect Single User Mode


Security auditors view security as an onion, with each layer making a system more secure. Following that point of view, it does make sense to lock down SUM. But as you figured out, any attacker who manages to gain access to your console, be it on site or remotely, can easily circumvent a locked down SUM by booting off any OS he/she desires out of a DVD or even using your Ignite server! It can take as few as 10 minutes for someone who's prepared and knows what he/she's doing.

Restricting your iLOs/MPs in a locked-down network, and providing access to them only through a box from which you can use SSH redirection, is a much better "onion layer" from my point of view than locking down SUM. Yet, experience has showed me that security auditors often don't consider what measures might already be in place for a particular security issue, and if they decided that SUM must be locked down, no matter what you do to protect your console, than you as an admin have no choice of doing it.

Hey, who knows, even if you don't have a networked MP, an attacker might be able to use a laser to poke the pins of your serial ports behind your server to hack it, from across the street, using an expensive network mirrors left in place by blue-lens-glassed 19-year old nerd who posed as an HVAC contractor last week.

So would I do it? Not unless I'm forced to. But I'd do it, no problem, under one condition: any production system that gets its SUM locked out must absolutely be in a ServiceGuard cluster. If a goof happens with the root password, I can least failover the application and reinstall the affected node without too much interruption. Without ServiceGuard, we're talking about a complete reinstallation if something goes south.

My two cents
Bob Ferro
Regular Advisor

Re: Password Protect Single User Mode

Thank you for all youre replys.