Re: boot -s - can i detect intruder

From: Nikolay Kanchev (niki_at_amk-drives.bg)
Date: 09/16/03

  • Next message: Guy P.: "Re: boot -s - can i detect intruder" 
    To: <freebsd-security@freebsd.org>
Date: Tue, 16 Sep 2003 11:38:19 +0100

    ----- Original Message -----
    From: "Socketd" <db@traceroute.dk>
    To: <freebsd-security@freebsd.org>
    Sent: Tuesday, September 16, 2003 9:14 AM
    Subject: Re: boot -s - can i detect intruder

    > On Tue, 16 Sep 2003 11:02:05 +0100
    > "Nikolay Kanchev" <niki@amk-drives.bg> wrote:
    >
    > > Several people have physical access to my FreeBSD box and I have the
    > > feeling that somebody try to get access with boot -s options . Can I
    > > log activity after boot -s option (change user password, install
    > > software and etc.). I use boot -s and change user password, but after
    > > reboot i can't find this atcivity in log files.
    > > The BSD box is shutdown and run again many time at day.
    >
    > Why not set console in /etc/ttys to insecure? Then you can't login
    > without a password.
    >
    > br
    > socketd

    I will set this but first I want to try catch the intruder. If I understand
    when someone try to use boot -s and what is doing in box I can get him.

    ---------------
    G. Hasse wrote
    ---------------
    Why is the box shutdown??? Are you doing kernel development or
    advanced devicedriver development? Why are you many persons
    on sutch a system in that case? And if you are doing kernel
    development all must have root access anyway?

    There is *no* reason to shut down the system in ordinary
    maintainance!

    GH
    -----------------------

    The box is a test box for training and people that work with box can reboot
    it. But this people not know that this is only test box, I tell them that
    this is small server for LAN becaus I want to test this mans.

    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

  • Next message: Guy P.: "Re: boot -s - can i detect intruder"

    Relevant Pages

    • Re: SOS computer keeps rebooting.
      ... you can't get the reboot loop to stop. ... No body gets real for real boot CDs, ... Plan A ... The only way to unlock the keyboard was a complete power down. ...
      (microsoft.public.windowsxp.general)
    • Re: XP Suddenly Slow to Boot [Long/Detailed]
      ... You said the systweak fixed a "bunch of things" but no joy. ... Every time you do a boot or reboot, ... | and decided to just reboot and see if the sound situation would ...
      (microsoft.public.windowsxp.basics)
    • Re: New XP box will only boot in safe mode?
      ... I too can reboot this PC and during the boot up process I see the post. ... to install a symantec upgrade at http://tinyurl.com/yckf2z. ... You can access Event Viewer by selecting Start, ...
      (microsoft.public.windowsxp.help_and_support)
    • Re: Any Way to Run Windows 2000 From Read-Only CD?
      ... Bart's PE is a popular choice for making a boot CD. ... every now and then at reboot. ... files and/or ghost images to automate the process of hardening machines? ... Most adware is prevented by doing one or more of the following: ...
      (microsoft.public.windows.server.security)
    • Re: XP Pro boot hanging
      ... Database Developer ... in the boot ini once ... After cloning, reboot, I forgot to remove the Acronis CD and USB connected ... Neither drive will boot into Windows. ...
      (microsoft.public.windowsxp.general)
    • Quantcast