Linux Security HOWTO : Physical Security : Boot Loader Security
Previous: BIOS Security
Next: xlock and vlock

3.3. Boot Loader Security

The various Linux boot loaders also can have a boot password set. LILO, for example, has password and restricted settings; password always requires password at boot time, whereas restricted requires a boot-time password only if you specify options (such as single) at the LILO prompt.

Keep in mind when setting all these passwords that you need to remember them. :) Also remember that these passwords will merely slow the determined attacker. They won't prevent someone from booting from a floppy, and mounting your root partition. If you are using security in conjunction with a boot loader, you might as well disable booting from a floppy in your computer's BIOS, and password-protect the BIOS.

If anyone has security-related information from a different boot loader, we would love to hear it. (grub, silo, milo, linload, etc).

Note: If you have a server machine, and you set up a boot password, your machine will not boot up unattended. Keep in mind that you will need to come in and supply the password in the event of a power failure. ;(


Linux Security HOWTO : Physical Security : Boot Loader Security
Previous: BIOS Security
Next: xlock and vlock