advertisement
Security
2. Console Security
As with any other security barrier you put in place to protect your server, it is pretty tough to defend against untold damage caused by someone with physical access to your environment, for example, theft of hard drives, power or service disruption and so on. Therefore, console security should be addressed merely as one component of your overall physical security strategy. A locked "screen door" may deter a casual criminal, or at the very least slow down a determined one, so it is still advisable to perform basic precautions with regard to console security.
The following instructions will help defend your server against issues that could otherwise yield very serious consequences.
2.1. Disable Ctrl+Alt+Delete
First and foremost, anyone that has physical access to the keyboard can simply use the
Ctrl+Alt+Delete key combination to reboot the server without having to log on. Sure, someone could simply unplug the power source, but you should still prevent the use of this key combination on a production server. This forces an attacker to take more drastic measures to reboot the server, and will prevent accidental reboots at the same time.
• To disable the reboot action taken by pressing the Ctrl+Alt+Delete key combination, comment out the following line in the file
/etc/init/control-alt-delete.conf
.
#exec shutdown -r now "Control-Alt-Delete pressed"
111
advertisement
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Related manuals
advertisement
Table of contents
- 7 1. Introduction
- 8 1. Support
- 9 2. Installation
- 10 1. Preparing to Install
- 12 2. Installing from CD
- 15 3. Upgrading
- 16 4. Advanced Installation
- 23 3. Package Management
- 24 1. Introduction
- 25 2. dpkg
- 26 3. Apt-Get
- 28 4. Aptitude
- 30 5. Automatic Updates
- 32 6. Configuration
- 34 7. References
- 35 4. Networking
- 36 1. Network Configuration
- 44 2. TCP/IP
- 48 3. Dynamic Host Configuration Protocol (DHCP)
- 51 4. Time Synchronisation with NTP
- 53 5. Remote Administration
- 54 1. OpenSSH Server
- 57 2. eBox
- 60 6. Network Authentication
- 61 1. OpenLDAP Server
- 80 2. Samba and LDAP
- 85 3. Kerberos
- 92 4. Kerberos and LDAP
- 98 7. Domain Name Service (DNS)
- 99 1. Installation
- 100 2. Configuration
- 105 3. Troubleshooting
- 109 4. References
- 110 8. Security
- 111 1. User Management
- 117 2. Console Security
- 118 3. Firewall
- 125 4. AppArmor
- 129 5. Certificates
- 134 6. eCryptfs
- 136 9. Monitoring
- 137 1. Overview
- 138 2. Nagios
- 142 3. Munin
- 144 10. Web Servers
- 145 1. HTTPD - Apache2 Web Server
- 152 2. PHP5 - Scripting Language
- 154 3. Squid - Proxy Server
- 156 4. Ruby on Rails
- 158 5. Apache Tomcat
- 162 11. Databases
- 163 1. MySQL
- 165 2. PostgreSQL
- 167 12. LAMP Applications
- 168 1. Overview
- 169 2. Moin Moin
- 171 3. MediaWiki
- 173 4. phpMyAdmin
- 175 13. File Servers
- 176 1. FTP Server
- 180 2. Network File System (NFS)
- 182 3. CUPS - Print Server
- 185 14. Email Services
- 186 1. Postfix
- 193 2. Exim
- 196 3. Dovecot Server
- 198 4. Mailman
- 204 5. Mail Filtering
- 210 15. Chat Applications
- 211 1. Overview
- 212 2. IRC Server
- 214 3. Jabber Instant Messaging Server
- 216 16. Version Control System
- 217 1. Bazaar
- 218 2. Subversion
- 223 3. CVS Server
- 225 4. References
- 226 17. Windows Networking
- 227 1. Introduction
- 228 2. Samba File Server
- 230 3. Samba Print Server
- 232 4. Securing a Samba File and Print Server
- 236 5. Samba as a Domain Controller
- 240 6. Samba Active Directory Integration
- 242 7. Likewise Open
- 246 18. Backups
- 247 1. Shell Scripts
- 251 2. Archive Rotation
- 254 3. Bacula
- 259 19. Virtualization
- 260 1. libvirt
- 265 2. JeOS and vmbuilder
- 275 3. UEC
- 284 4. OpenNebula
- 287 20. Clustering
- 288 1. DRBD
- 291 21. VPN
- 292 1. OpenVPN
- 296 22. Other Useful Applications
- 297 1. pam_motd
- 299 2. etckeeper
- 301 3. Byobu
- 303 4. References
- 304 A. Appendix
- 305 1. Reporting Bugs in Ubuntu Server Edition