> > Anyone wanting this kind of high security certainly isn't going to have a
> > machine bouncing back into multi user mode after a reboot....
>
> You don't need to criple the system that way to get full security. Just
> mark all the lilo stuff, init and the startup scripts as immutable. Set
> the securelevel in the startup scripts. Then the hacker will gain nothing
> by rebooting.
Mmmmm. Don't forget the kernel, the shell used to run the scripts, all
libraries used by the shell. All other binaries invoked in the startup
scripts. Kernel modules. ld.so. No doubt loads more... get my point? Much
better to prevent reboot from bringing machine back into a useable state.
I like to implement this anyway -- if a Linux machine goes down I want to
know _why_, as this is a rare event. If there is a genuine problem I want
to be there to supervise the system attempt to limp back into existance.
> Btw, is root prevented to write directly to the harddisk device? If not,
> he can just go around the filesystem or make his own modifications to the
> boot sector etc.
All this and lots more is of course denied. I've tried to be thorough in
what actions are disallowed, so there is _no_ _way_ root can mess with
info on the disk by whatever cunning means. I've probably forgotten things
though, so mail me when you find my errors...
Chris