Michel Posted May 3, 2003 Report Share Posted May 3, 2003 If you add passwords to lilo they worn that everyone can read it......Now I've a small encrypted partition with AES=128 I think...I suppose if there was a way I could say that the lilo-file is there, it would be encrypted, not? If I place it as root, noone can read it except if you are root? That makes me think...how can anyone read it(if it is not encrypted) it they're not root? It hey are root, they don't have to bother about lilo, because they are root then! I read grub has a builtin encryption(salt..is this any good? It hasn't such a nice background as mdk:))... I'm going extreme....in security.: :D Quote Link to comment Share on other sites More sharing options...
aru Posted May 3, 2003 Report Share Posted May 3, 2003 If you add passwords to lilo they worn that everyone can read it...... no if it has 700 permissions (chmod 700 /etc/lilo.conf) Quote Link to comment Share on other sites More sharing options...
aru Posted May 3, 2003 Report Share Posted May 3, 2003 If you are really concerned about lilo security I suggest you to remove the /etc/lilo.conf file from your harddisk. Then anytime you have to edit your boot sector you can create it from scratch, run /sbin/lilo, and delete lilo.conf again. ...Or better, don't use your harddisk at all, use your system memory, so no fingerprints will be left: ~# /sbin/lilo -v -C <( cat << EOF > boot=/dev/hda > map=/boot/map > install=/boot/boot.b > vga=normal > default=linux > keytable=/boot/es-latin1.klt > lba32 > prompt > timeout=150 > message=/boot/message > restricted > password=WzxokZnr > > image=/boot/vmlinuz-2.4.19-32mdk > label=2419-32 > root=/dev/hda2 > alias=linux > read-only > optional > vga=normal > append=" devfs=mount hdc=ide-scsi" > initrd=/boot/initrd-2.4.19-32mdk.img > EOF > ) <<press enter here>> LILO version 21.7-5, Copyright (C) 1992-1998 Werner Almesberger Linux Real Mode Interface library Copyright (C) 1998 Josh Vanderhoof Development beyond version 21 Copyright (C) 1999-2001 John Coffman Released 06-May-2001 and compiled at 17:29:46 on Aug 5 2001. Reading boot sector from /dev/hda Merging with /boot/boot.b Mapping message file /boot/message Boot image: /boot/vmlinuz-2.4.19-32mdk Mapping RAM disk /boot/initrd-2.4.19-32mdk.img Added 2419-32 (alias linux) * ~# history -c ~# The last command deletes your history, so no clues are left at all. :mrgreen: [edited: I've forgotten the pasword field] Quote Link to comment Share on other sites More sharing options...
aru Posted May 3, 2003 Report Share Posted May 3, 2003 :mrgreen: <- That emoticon at the end of my posts means that I'm joking :D But well thought the way I've proposed above is not a bad idea for any security-paranoid (after all works like a charm. *tested*) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.