2.5.1 and security issues
Thanks to all who wrote, but none gave any useful
detail as to how to accomplish the security.
My Original post was:
> I have a question involving securing the Solaris 2.5.1 OS.
>
> I have a few Axils running 2.5.1 Solaris, and my question is
> how do I keep a user, from just booting the system in single
> user mode, changing the shadow file to whatever they like and
> then rebooting and loging in as root?
>
> I tried this on one of my workstations and it was very
> easily accomplished in just a few minutes time.
>
> Any suggestions on how to secure this method of root
> access would be much appreciated.
Those that answered:
Apr 20 Sydney Weinstein (54) Re: 2.5.1 and security issues
Apr 20 Danny Johnson (58) Re: 2.5.1 and security issues
Apr 20 varshney@pacbell.n (26) Re: 2.5.1 and security issues
Apr 20 Casper Dik (48) Re: 2.5.1 and security issues
Apr 20 Casper Dik (47) Re: 2.5.1 and security issues
Apr 21 Rasana Atreya (59) Re: 2.5.1 and security issues
Apr 21 David Fetrow (35) Re: 2.5.1 and security issues
After diging into the man page on eeprom, this is how it is done.
NOTE: Solaris 2.5.1 defaults to wide open on security, so if you
have not done this to any of your machines, then I would
highly suggest that you do it ASAP, otherwise, some
unscrupulous person could easily lock you out of your workstation.
There are two commands involved with this, but it appears that when
initially activated, the first command activates the second.
COMMANDS:
eeprom security-mode=full
eeprom security-password=
As I said previously, when initially activated: eeprom security-mode=full
then this calls the password change part, and asks for a password.
The password is of course asked for twice for verification.
There are three modes, none,command, and full, the default is none.
This is how I was easily able to reboot in single user mode, and
change the shadow file and then login as root.
When set eeprom security-mode=full or command, will require a password
thus preventing the typical user from rebooting the system in single
user mode.
For any additional details please read the man page on eeprom
ie.(man eeprom).
--
+ ------------------------------------------------- +
+ +++ N E C +++ +++ A M E R I C A +++ +
+ ------------------------------------------------- +
+ Marc L. Summers System Administrator +
+ 3100 N.E. Shute Road Hillsboro Oregon 97124 +
+ PH: 1-503-681-3338 FAX: 1-503-681-3304 +
+ Email: marcs@tdd.hbo.nec.com +
+ ---------- Sic transit gloria mundi. ------------ +
+ --- "Thus passes away the glory of the world." -- +
+ ------------------------------------------------- +
