Archive for the tag 'Protecting'

SBDavid

Protecting System Settings in Apache

Protecting System Settings in Apache

To run a really tight ship, you’ll want to stop users from setting up .htaccess files which can override security features you’ve configured. Here’s one way to do it.

In the server configuration.

AllowOverride None

This prevents the use of .htaccess files in all directories apart from those specifically enabled.

Password Protecting GRUB Using Boot Loader Passwords

GRUB can be configured by adding a password directive to its configuration file. To do this, first decide on a password, then open a shell prompt, log in as root, and type:

/sbin/grub-md5-crypt

When prompted, type the GRUB password and press Enter. This returns an MD5 hash of the password.

Next, edit the GRUB configuration file /boot/grub/grub.conf. Open the file and below the timeout line in the main section of the document, add the following line:

password –md5

Replace with the value returned by /sbin/grub-md5-crypt

The next time the system boots, the GRUB menu does not allow access to the editor or com-mand interface without first pressing p followed by the GRUB password.

prevent an attacker from booting into a non-secure operat-ing system in a dual-boot environment. For this, a different part of the /boot/grub/grub.conf file must be edited.

Look for the title line of the non-secure operating system and add a line that says lock directly beneath it.

For a DOS system, the stanza should begin similar to the following:

title DOS lock

To create a different password for a particular kernel or operating system, add a lock line to the stanza, followed by a password line.

Each stanza protected with a unique password should begin with lines similar to the following example:

title DOS lock password –md5