andrewd@cs.tamu.edu (Andrew Ted Duchowski) (02/07/91)
Greetings, I administer a DECstation3100, and I believe I inherited the job with a slight security hole. If the DECstation goes down, it goes to single-user mode and sits there, without prompting for superuser password or trying to get into multi-user mode. My administrative knowledge is not extremely extensive, as you can tell. Can anyone suggest a way to fix this so that the machine either prompts for su password or goes to multi-user mode. Thanks in advance, Andrew. -- -------------- Not an Official Texas A&M University Document --------------
sfreed@ariel.unm.edu (Steven Freed CIRT) (02/08/91)
In article <1904@riscy.enet.dec.com>, dbb@riscy.enet.dec.com (dave barrett) writes: > -- > In article <11858@helios.TAMU.EDU>, andrewd@cs.tamu.edu (Andrew Ted > Duchowski) writes: > |> If the DECstation goes down, it goes to single-user mode and sits there, > |> without prompting for superuser password or trying to get into multi-user > |> mode. > Shutdown and halt your system, and at the prompt type: > >> setenv bootmode a > This will cause the system to autoboot into multi-user mode if it goes > down. First of all, I assume that you are talking about systems with the new password protected ROMs in them. With that in mind, do not be foolishly led into believing that these systems are secure. They are not. They can be booted into single user mode by anyone at any time without the password. All you have to do is hit the reset button on the back, or better yet, the power switch. The machine will then try to boot into multi user mode, but, 9 times out of 10 (particularly if it is on a network) when it tries to fsck the disk, it will fail, and drop back into single user mode with a message such as: Disk inconsistancy, Please fsck by hand. Very quick, very simple. We have tried this many times here. We have found the only way to make it secure is to have the password protected ROMs AND a password protected init. Someday, DEC may also wake up to this fact. -- Thanks, Steve. sfreed@ariel.unm.edu