Disableing halt/reboot/poweroff

[Pedro Fonseca]

Greetings!

Can anyone tell me how can I restrict the use of the halt/reboot/poweroff
comands and the ALT+CTRL+DEL key combination to the root user?

As it is right now, any user can pick up the keyboard and shut down the
server, without even having to log in, and any user whatsoever can use the
halt comand.

Best regards.

--
______________________________________________________________________
Pedro Fonseca (pedro....@iscte.pt)
Mob.: (+351)964598357
http://www.pedrofonseca.com
ADETTI/ISCTE (Instituto Superior de Ciências do Trabalho e da Empresa)

[myosh]

On Fri, 5 Oct 2001 13:32:07 +0100, "Pedro Fonseca"
<pedro....@netcabo.pt> wrote:
>
>Can anyone tell me how can I restrict the use of the halt/reboot/poweroff
>comands and the ALT+CTRL+DEL key combination to the root user?
>

in my distro (suse) there is a file called /etc/inittab

there you will find the line

ca::ctrlaltdel:/sbin/shutdown -r -t 4 now (or similar)

just comment this line with # and ctrl-alt-del is disabled.

>server, without even having to log in, and any user whatsoever can use the
>halt comand.
>

I wondered and tried it out. /sbin/halt says that you must be a
superuser to execute it.

greets

myosh

[Dave Brown]

In article <9pk9mk$si9$1...@venus.telepac.pt>, Pedro Fonseca wrote:
> Can anyone tell me how can I restrict the use of the halt/reboot/poweroff
> comands and the ALT+CTRL+DEL key combination to the root user?
>
> As it is right now, any user can pick up the keyboard and shut down the
> server, without even having to log in, and any user whatsoever can use the
> halt comand.

To disable ctl-alt-del rebooting, edit /etc/inittab, commenting out the
line with "ctrlaltdel" in it.

But, if you're interested in *security*, it starts with physical security.
If anyone can walk up to a server and use the keyboard, the server is not
secure... given physical access, a machine can be compromised. Eg., can't
prevent power-off if they can pull the plug; susceptible to rebooting from
diskette/cdrom in "rescue" mode; case not locked, pull the hard drive; etc.

--
Dave Brown Austin, TX

[Pedro Fonseca]

"myosh" <y00...@gmx.net> wrote in message
news:3bbdbc3d...@news.t-online.de...

> in my distro (suse) there is a file called /etc/inittab
> there you will find the line
> ca::ctrlaltdel:/sbin/shutdown -r -t 4 now (or similar)
>
> just comment this line with # and ctrl-alt-del is disabled.

OK! Just done this and CTRL-ALT-DEL is disabled. Thanks!

> I wondered and tried it out. /sbin/halt says that you must be a
> superuser to execute it.

You are absolutely right! The halt command man page states that one must be
the superuser to successfully execute that command. But, despite what the
man page says, an unpriviledged account can shutdown the server with that
command! I'm sure because I've just tried it again... My distro is Red Hat
7.1. Any thoughts on how I disable unpriviledged accounts access to this
command? Perhaps chmod halt to 700? But wouldn't this cause other problems?

[Pedro Fonseca]

"Dave Brown" <dhb...@apm6-154.realtime.net> wrote in message
news:slrn9rrg4g...@hobbes.dhbrown.net...

> To disable ctl-alt-del rebooting, edit /etc/inittab, commenting out the
> line with "ctrlaltdel" in it.
>
> But, if you're interested in *security*, it starts with physical security.
> If anyone can walk up to a server and use the keyboard, the server is not
> secure... given physical access, a machine can be compromised. Eg., can't
> prevent power-off if they can pull the plug; susceptible to rebooting from
> diskette/cdrom in "rescue" mode; case not locked, pull the hard drive;
etc.

Absolutely right. I can't really lock the computer case in a safe box (that
would be the only near 100% perfect solution to the problem), but I'm
applying all the basic security measures, like password protect the BIOS
setup, allow only the harddisk to boot, remove the lilo prompt, disabling
CTRL-ALT-DEL and the halt command...

But... Of course you are very right: anyone can unplug the power cord from
the machine!

[Bob Hauck]

On Fri, 5 Oct 2001 16:15:11 +0100, Pedro Fonseca <pedro....@netcabo.pt>
wrote:

>You are absolutely right! The halt command man page states that one must be

>the superuser to successfully execute that command. But, despite what the
>man page says, an unpriviledged account can shutdown the server with that
>command!

Does your distro make it SUID? Just changing perms to 700 ought to fix
that.

--
-| Bob Hauck
-| Codem Systems, Inc.
-| http://www.codem.com/

[Vladimir Florinski]

In article <slrn9rro...@hauck.codem.com>, "Bob Hauck"
<b...@this-is.invalid> wrote:

> On Fri, 5 Oct 2001 16:15:11 +0100, Pedro Fonseca
> <pedro....@netcabo.pt> wrote:
>
>>You are absolutely right! The halt command man page states that one must
>>be the superuser to successfully execute that command. But, despite what
>>the man page says, an unpriviledged account can shutdown the server with
>>that command!
>
> Does your distro make it SUID? Just changing perms to 700 ought to fix
> that.

No, this is considerably more complex than you think. First of all, there
are two "halt" or "poweroff" commands. One is in /sbin and the other is in
/usr/bin. The /sbin/halt can indeed only be executed by root. The other is
a symbolic link to the consolehelper program which checks if a user is
authorised to run the real halt. Access control is maintained through PAM,
specifically, see the files in /etc/pam.d/ and /etc/security/console.apps/

--
Vladimir

[Markku Kolkka]

"Pedro Fonseca" <pedro....@netcabo.pt> writes:
> "myosh" <y00...@gmx.net> wrote in message

> > I wondered and tried it out. /sbin/halt says that you must be a
> > superuser to execute it.

Yes, but RH has /usr/bin/halt which is a symlink to
/usr/bin/consolehelper. consolehelper allows regular users to perform
certain privileged commands, e.g poweroff or reboot.

> My distro is Red Hat
> 7.1. Any thoughts on how I disable unpriviledged accounts access to this
> command?

Edit /etc/pam.d/halt (see man consolehelper and PAM docs).

--
Markku Kolkka
markku...@iki.fi

[myosh]

On 05 Oct 2001 21:22:11 +0300, Markku Kolkka
<markku...@koti.tpo.fi> wrote:

>Yes, but RH has /usr/bin/halt which is a symlink to
>/usr/bin/consolehelper. consolehelper allows regular users to perform
>certain privileged commands, e.g poweroff or reboot.
>

i see. thx for the info. Seems to me being a possible security leak ??
Something like sudo, i guess.

Anyway, for all who are interested in security :

http://www.sans.org/top20.htm

greets

myosh

[Pedro Fonseca]

Thanks to Vladimir, Markku and the rest of you people. You were right! It
all came down to editing the appropriate PAM files.

Best regards.

[Bob Hauck]

On Fri, 05 Oct 2001 11:00:24 -0700, Vladimir Florinski
<vflo...@citrus.ucr.edu> wrote:

> No, this is considerably more complex than you think. First of all, there
> are two "halt" or "poweroff" commands. One is in /sbin and the other is in
> /usr/bin. The /sbin/halt can indeed only be executed by root. The other is
> a symbolic link to the consolehelper program which checks if a user is
> authorised to run the real halt. Access control is maintained through PAM,
> specifically, see the files in /etc/pam.d/ and /etc/security/console.apps/

Heaven forbid they should do something normal like use sudo for this.
I think I'm glad I don't use Red Hat. Between this and the "label"
thing in /etc/fstab that bit me in the ass last week (ended up with
wrong volume being mounted after shuffling disks around which lead to
data loss) I'll just stick with Debian and Caldera. They're trying so
hard to make it "easy" that it now just shoots your foot for you.

--
-| Bob Hauck
-| To Whom You Are Speaking
-| http://www.haucks.org/