Simple way to secure your root shell just a little bit more

[-Alex-]

Well, I liked it. Say what you want but I like it :p

Simply edit your shell login scripts file (/root/.bashrc) to include:

clear
echo "So you've found out the root password, now what?"
read P

if [ "$P" != "leeter" ]
then
 clear
 echo "I don't think so, goodbye!"
 exit
fi

clear

Or the one-liner:

clear && echo "So you've found out the root password, now what?" && read P; if [ "$P" != "leeter" ]; then clear && echo "I don't think so, goodbye!" && exit; fi; clear

Simply enter 'leeter' or whatever you specify when you get the prompt.

:)

[Fish]

Thing is, if you saw this as you opened a root shell, you'd know that there is a modified bashrc. So, you'd open bashrc and you'd see what the "password" is.

Perhaps it would work better if it didn't say anything along the lines of "So you've found the root password...", but simply left you at a command prompt. You might think you could enter any command, but actually, the shell will close unless you give the correct "password" first. Then again, after a couple of attempts, you might suspect that bashrc had been modified in some way....

Is there no way of obfuscating the password in bashrc?

Edited September 4, 2008 by Mr Fish

[pyther]

Couldn't that be halted with a simple Ctrl+C ?

[nuskool]

worst...security...ever.

[Rudy]

  nuskool said:

worst...security...ever.

+1

[adwin]

If you want better security, configure your root device as an LVM/crypted AES....

[David Scaife]

An encrypted volume won't do anything to prevent or stop an attack against a running system. It's not a bad idea, and it is better security-wise than the alternative, but it's more of a physical security consideration.

Regarding the original poster's idea, the reason it doesn't help security is that you're relying on two assumptions: that an attacker who knows your password has to execute (and can't read) your .bashrc file, and that your script can't be terminated before calling exit.

The first assumption is false. There is nothing requiring that the console read/execute your .bashrc (let alone requiring that bash run at all); an attacker could simply specify bash --norc as the program to run if they wanted a shell when they run su or connect through SSH or whatever, bypassing your extra password prompt.

The second assumption is also false; as pyther said, a simple ctrl+c would terminate the execution of your script and present the attacker with a shell.

Security is not a trivial thing to get right. Essentially what you have attempted to do is add a second password; an extension to your existing password if you will, which unfortunately doesn't work very well. You'd be better off just appending that extra string to the end of your actual password.

Edited October 16, 2008 by David Scaife