Simple way to secure your root shell just a little bit more

By -Alex-
in HOW TO & FAQ Guides

 Share

Recommended Posts

Grand Master

-Alex-

Posted
Posted

Well, I liked it. Say what you want but I like it :p

Simply edit your shell login scripts file (/root/.bashrc) to include:

clear
echo "So you've found out the root password, now what?"
read P

if [ "$P" != "leeter" ]
then
 clear
 echo "I don't think so, goodbye!"
 exit
fi

clear

Or the one-liner:

clear && echo "So you've found out the root password, now what?" && read P; if [ "$P" != "leeter" ]; then clear && echo "I don't think so, goodbye!" && exit; fi; clear

Simply enter 'leeter' or whatever you specify when you get the prompt.

:)

Link to comment
Share on other sites
Veteran

Fish

Posted
Posted (edited)

Thing is, if you saw this as you opened a root shell, you'd know that there is a modified bashrc. So, you'd open bashrc and you'd see what the "password" is.

Perhaps it would work better if it didn't say anything along the lines of "So you've found the root password...", but simply left you at a command prompt. You might think you could enter any command, but actually, the shell will close unless you give the correct "password" first. Then again, after a couple of attempts, you might suspect that bashrc had been modified in some way....

Is there no way of obfuscating the password in bashrc?

Edited by Mr Fish
Link to comment
Share on other sites
  • 1 month later...
Proficient

David Scaife

Posted
Posted (edited)

An encrypted volume won't do anything to prevent or stop an attack against a running system. It's not a bad idea, and it is better security-wise than the alternative, but it's more of a physical security consideration.

Regarding the original poster's idea, the reason it doesn't help security is that you're relying on two assumptions: that an attacker who knows your password has to execute (and can't read) your .bashrc file, and that your script can't be terminated before calling exit.

The first assumption is false. There is nothing requiring that the console read/execute your .bashrc (let alone requiring that bash run at all); an attacker could simply specify bash --norc as the program to run if they wanted a shell when they run su or connect through SSH or whatever, bypassing your extra password prompt.

The second assumption is also false; as pyther said, a simple ctrl+c would terminate the execution of your script and present the attacker with a shell.

Security is not a trivial thing to get right. Essentially what you have attempted to do is add a second password; an extension to your existing password if you will, which unfortunately doesn't work very well. You'd be better off just appending that extra string to the end of your actual password.

Edited by David Scaife
Link to comment
Share on other sites
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.