Koozali.org: home of the SME Server

Obsolete Releases => SME 9.x Contribs => Topic started by: Bud on April 14, 2017, 09:13:46 AM

Title: Hardening SME server (reprise)
Post by: Bud on April 14, 2017, 09:13:46 AM

please guys just some questions on this subject

1. how do protect the sme server to NOT display what it is loading during the boot process ie: just to display eg: " Server Booting " or something similar

2. after the boot process i simply want to display a prompt with eg: " smeserver9.1 " what file(s) must i edit to do this?

3. how do i secure ( password protect ) the grub menu?

any help greatly appreciated  :)

Title: Re: Hardening SME server (reprise)
Post by: Stefano on April 14, 2017, 11:44:12 AM

Splitted from the original post, which is old

Bud, can you give us some "environmental" details? and, more, what are you trying to achieve?

Title: Re: Hardening SME server (reprise)
Post by: Bud on April 14, 2017, 11:56:39 AM

Stefano thanks for your reply

what i am trying to achieve is to secure the server(s) from prying eyes.

i am trying to enable or disable the boot process from showing what is being loaded during the sme server boot process.

any ideas?

Title: Re: Hardening SME server (reprise)
Post by: Stefano on April 14, 2017, 12:07:58 PM

ok..

1) setting a password on grub or bios won't let you update/reconfigure your server if you're not onsite
2) AFAIK even if "rhgb" and "quiet" are default values in grub config for SME9, they "don't work", meaning that according to this site (https://blog.nexcess.net/2011/08/22/making-the-centos-6-boot-splash-screen-more-verbose/) (for example) the verbose boot should be available removing those params.. anyway, even if you set up your grub to be less verbose, hitting Esc should give you again the possibility to see what's going on
3) IMO, security by obscurity doesn't work.. yus be sure your server is updated, your passwords are strong, your webapp (WP, Joomla ecc, if any) are updated too

and, finally.. such measures are intended to "protect" your server from people standing in front of it.. BTW, if someone has phisical access to your server, nothing will work :-)

Title: Re: Hardening SME server (reprise)
Post by: Stefano on April 14, 2017, 12:32:48 PM

searched a bit.. starting from this post on centos' forum (https://www.centos.org/forums/viewtopic.php?t=48019)
I tried

Code: [Select]

[root@backup server]# plymouth-set-default-theme
text

so there's no other theme..

Title: Re: Hardening SME server (reprise)
Post by: Daniel B. on April 14, 2017, 03:57:37 PM

I fail to see how hiding boot information get more security. There's absolutely no sensitive info printed during boot

Title: Re: Hardening SME server (reprise)
Post by: DanB35 on April 15, 2017, 01:32:26 AM

Quote from: Bud on April 14, 2017, 11:56:39 AM

i am trying to enable or disable the boot process from showing what is being loaded during the sme server boot process.

Unplug the monitor?

I really don't understand what you're trying to accomplish, or why.  Most of the services that come up during the boot process can be deduced by knowing the functionality provided by the SME server.  But more to the point, if an attacker has physical access to your SME box, you have no reason to count on any security at all.

Title: Re: Hardening SME server (reprise)
Post by: ReetP on April 20, 2017, 12:54:56 PM

Quote from: Stefano on April 14, 2017, 12:07:58 PM

ok..

1) setting a password on grub or bios won't let you update/reconfigure your server if you're not onsite

Unless you have remote access to iLO or a nice little Aten remote KVM unit ;-)

Handy get out of jail free for those 'Press F1 to continue' days  :lol: