Simple way to secure your root shell just a little bit more


Recommended Posts

-Alex-

Well, I liked it. Say what you want but I like it :p

Simply edit your shell login scripts file (/root/.bashrc) to include:

clear
echo "So you've found out the root password, now what?"
read P

if [ "$P" != "leeter" ]
then
 clear
 echo "I don't think so, goodbye!"
 exit
fi

clear

Or the one-liner:

clear && echo "So you've found out the root password, now what?" && read P; if [ "$P" != "leeter" ]; then clear && echo "I don't think so, goodbye!" && exit; fi; clear

Simply enter 'leeter' or whatever you specify when you get the prompt.

:)

Link to post
Share on other sites
Fish

Thing is, if you saw this as you opened a root shell, you'd know that there is a modified bashrc. So, you'd open bashrc and you'd see what the "password" is.

Perhaps it would work better if it didn't say anything along the lines of "So you've found the root password...", but simply left you at a command prompt. You might think you could enter any command, but actually, the shell will close unless you give the correct "password" first. Then again, after a couple of attempts, you might suspect that bashrc had been modified in some way....

Is there no way of obfuscating the password in bashrc?

Edited by Mr Fish
Link to post
Share on other sites
pyther

Couldn't that be halted with a simple Ctrl+C ?

Link to post
Share on other sites
  • 1 month later...
Rudy
worst...security...ever.

+1

Link to post
Share on other sites
adwin

If you want better security, configure your root device as an LVM/crypted AES....

Link to post
Share on other sites
David Scaife

An encrypted volume won't do anything to prevent or stop an attack against a running system. It's not a bad idea, and it is better security-wise than the alternative, but it's more of a physical security consideration.

Regarding the original poster's idea, the reason it doesn't help security is that you're relying on two assumptions: that an attacker who knows your password has to execute (and can't read) your .bashrc file, and that your script can't be terminated before calling exit.

The first assumption is false. There is nothing requiring that the console read/execute your .bashrc (let alone requiring that bash run at all); an attacker could simply specify bash --norc as the program to run if they wanted a shell when they run su or connect through SSH or whatever, bypassing your extra password prompt.

The second assumption is also false; as pyther said, a simple ctrl+c would terminate the execution of your script and present the attacker with a shell.

Security is not a trivial thing to get right. Essentially what you have attempted to do is add a second password; an extension to your existing password if you will, which unfortunately doesn't work very well. You'd be better off just appending that extra string to the end of your actual password.

Edited by David Scaife
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    No registered users viewing this page.