- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - Linux
- >
- pros and cons of bootloader passsword
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-10-2008 09:45 AM
тАО12-10-2008 09:45 AM
I prefer not to but I want to get other folks opinion.
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-10-2008 11:21 AM
тАО12-10-2008 11:21 AM
SolutionLike many things, the answer depends.
I never use it.
I build and work with systems that are in a secure data center, with physical security.
If I felt this security was not adequate, I'd consider bootloader as an extra option, but if I had a choice, I'd opt out on the project.
In an environment where physical access to the server is controlled, I find it not necessary. I don't even use it in my home based lab, where physical security is not key card based.
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-10-2008 12:28 PM
тАО12-10-2008 12:28 PM
Re: pros and cons of bootloader passsword
Typically such machines won't have an UPS, so any power failure (both accidental and intentional) will cause a reboot. The bootloader password would not prevent the machine from booting to a standard state; instead, it would prevent the users from gaining root access by entering boot options.
The appropriate support personnel would have the bootloader password. It would be used to get the machine out of the restricted kiosk mode for maintenance/service operations.
Of course, some physical security would also be required to stop people from opening the case and tampering with the system's internal components, and/or from stealing the entire system. Sometimes this requires nothing more than a few self-adhesive labels as seals; in other locations, the chassis will have to be locked and chained to the nearest solid structure.
MK
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-10-2008 03:05 PM
тАО12-10-2008 03:05 PM
Re: pros and cons of bootloader passsword
You must prevent the ability to boot and get root access.
If the server is physically located on a branch office, and you cannot be 100% sure of security, you should use also.
The con is that if you really need to boot into single user or emergency mode, to repair something, you may get stuck if you don't know or remember the password. You will have to boot from a CD, connect one if don't have it, hope that the bios is not password protected, and so.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-11-2008 12:59 AM
тАО12-11-2008 12:59 AM
Re: pros and cons of bootloader passsword
Security is always good :P As they've said above it hinders the wrong people to get the "right" access.
con's:
There's a couple of problems with this if you don't have physical access to the machine. A reboot takes atleast 2 people or a trip to your rent-a-rackspace datacenter :P
Ofcourse if you make sure it can boot into a default state and as explained above the right guys have the password to boot into rescue mode, this isn't a problem.
The main problem I see is that you can bypass this anyway.
If you have physical access and a USB stick/CD-ROM drive you can take any Linux install CD that gives you shell and some tools.
All you need to do is to set up a simple chroot environment and then rewrite grub/lilo to the MBR without any passwords.
So the kiosk-machine theory works since it probably won't have any functional USB ports or a CD-ROM drive... but for a server or a workstation I don't think it's fully possible to remove both.
You can ofcourse go to length and password protect the bios settings while turning of all legacy and USB-support and also set the boot-priority to boot on disk before CD.
And you all know how easy it is to remove a bios-password ;)
Well that's my rant for the day. Now to get some coffee and maybe get some work done :P
Best regards
Fredrik Eriksson
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО12-11-2008 05:36 AM
тАО12-11-2008 05:36 AM
Re: pros and cons of bootloader passsword
I want to add that I agree with Ivan with regards to workstations.
Not being located in a data center, and exposed to many potential users, I would definitely protect grub with a password to avoid system compromise.
SEP
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com