Koozali.org: home of the SME Server

Legacy Forums => General Discussion (Legacy) => Topic started by: Roussell on May 23, 2001, 01:45:49 PM

Title: Is it possible to lock the console ?
Post by: Roussell on May 23, 2001, 01:45:49 PM

Hi
I understand that after installation of the e-smith server, it is wise to disconnect the keyboard, mouse, and monitor and lock it away in a secure cupboard or datacenter.

However I need to keep the e-smith server under my desk in the office. How can I  'lock' disable the console, so no-one can actually plug in the keyboard and monitor and start hacking away?
Is there an equivalent of xlock ?
Thanks for any answers.

Title: Re: Is it possible to lock the console ?
Post by: Colin Hogben on May 23, 2001, 03:18:54 PM

> How can I 'lock' disable the console, so no-one can actually
> plug in the keyboard and monitor and start hacking away?

If someone with malicious intent were able to plug keyboard &
monitor into the server, they could just as easily (or more so)
reboot it from their own single-floppy hacker toolkit and wreak
as much havoc as they wish.

If you don't trust the people who have physical access, then you
need some form of physical security.

Title: Re: Is it possible to lock the console ?
Post by: Eric Siemens on May 23, 2001, 04:08:13 PM

Just take out the grafikcard an set bios not to boot from Floppy and "halt on no erors".
so you just have entry via HTML (E-smith-manager) or ssh.

greetz eric

Title: Re: Is it possible to lock the console ?
Post by: Nathan Fowler on May 24, 2001, 11:11:25 PM

For an AT system to POST it must have a video card.

Try setting the runlevel to 3 in /etc/inittab
Change id:7:initdefault: to id:3:initdefault:

You could also rename /sbin/e-smith/console to /sbin/e-smith/console2
Anytime you needed to get to console you could just run /sbin/e-smith/console2

Charlie, correct me if I am wrong.


Nathan Fowler

Title: Re: Is it possible to lock the console ?
Post by: Charlie Brady on May 26, 2001, 12:33:27 AM

Nathan Fowler wrote:
 
> For an AT system to POST it must have a video card.
>
> Try setting the runlevel to 3 in /etc/inittab
> Change id:7:initdefault: to id:3:initdefault:
>
> You could also rename /sbin/e-smith/console to
> /sbin/e-smith/console2
> Anytime you needed to get to console you could just run
> /sbin/e-smith/console2
>
> Charlie, correct me if I am wrong.

Sorry, I've had my head down.

Nathan, you are wrong :-). If you set runlevel to anything other than 7, you won't have an e-smith server any more.

There is a console option to require login as admin. Just choose login rather than auto, and admin needs to login to get at the console menu.

Charlie