If your Linux server is exposed to unauthorized users (such as servers in the public room, public office), then its security will have serious problems. use Single-user mode to enter the system linux boot: When prompted, use a special command such as Linuxsingle or Linux 1 to enter Single-user mode (single-user mode)
If your Linux server is exposed to unauthorized users (such as servers in the public room, public office), then its security will have serious problems.
use Single-user mode to enter the system
linux boot: When prompted, use a special command, such as Linuxsingle or Linux 1, to enter Single-user mode (single-user mode). This command is useful, such as forgetting the Super User (root) password. Reboot the system, in the boot: prompted to enter the Linux single (or Linux 1), the super user into the system, edit the passwd file, remove the root line of X.
to the Super User (root) into the system, edit the/etc/inittab file, change the Id:3:initdefault settings, in which the additional line (as follows), so that the system to restart into Single-user mode, prompted to enter the Superuser password:
then executes the command:/sbin/init Q to make this setting work.
Transmission of dangerous parameters to the core at system startup
the most common boot loader (boot loader) tool under Linux is Lilo, which is responsible for managing the boot system (which can be added to other partitions and operating systems). But it is also dangerous for some illegal users to start Linux randomly or pass dangerous parameters to the core when the system starts.
edit File/etc/lilo.conf, in which you add the restricted parameter, which must be used in conjunction with the following password parameter, indicating that you need to enter a password when passing to some parameters of the Linux kernel at boot: prompt.
The password parameter can be used with restricted, or it can be used separately, as described below.
is used with restricted: the password is required to be passed to the kernel parameter only when it is started, and it is important to note that the password is not required in normal (default) mode.
used alone (not used with restricted): means that no matter what startup mode, Linux will always require the password, if there is no password, there is no way to start Linux, in this case the security is higher, the equivalent of the periphery to add a layer of defensive measures. Of course it's bad-you can't reboot the system remotely unless you add restricted parameters.
because the password is plaintext and not encrypted, the/etc/lilo.conf file must be set to be read only by Superuser, and can be set using the following command:
then executes the command:/SBIN/LILO-V, writes it to the boot sector, and makes the change effective.
to enhance the security of the/etc/liio.conf file, you can also set this file as an immutable property, using the command:
chattr 10 i/etc/lilo.conf
If you want to modify the/etc/liio.conf file later, use the chattr-i/etc/lilo.conf command to remove this attribute.
Use the "Ctrl+alt+del" key combination to reboot
for this, it is very important, and very easy to ignore, if the illegal user can access the server's keyboard, he can use the key combination "Ctrl+ait+del" to enable your server restart.
edit/etc/inittab file, give ca::ctrlaltdel:/sbin/shutdown-t3-r now comment # # #ca:: Ctrlaltdei:/sbin/shutdown-t3-r now.
then executes the command:/sbin/init Q to make this change effective.