Disable ctrl-alt-b?
Per Foreby
perf at efd.lth.se
Fri Aug 13 16:33:06 CEST 2004
On Fri, 13 Aug 2004, Steffen Grunewald wrote:
> On Fri, Aug 13, 2004 at 03:07:15PM +0200, Per Foreby wrote:
> > Even if I enable all possible security in the BIOS setup, it is still
> > possible to press ctrl-alt-b to change the MBA settings. I'm not sure if
> > this is a security problem, but at least the students will be able to
> > change the settings and leave the computer unbootable from the network.
> >
> > Does anyone know if it is possible to prevent the users from changing the
> > MBA settings?
>
> Not really: there's some security by obscurity - you can hide the
> message...
How can I do that? (My hardware is asus p4p800 with 3c940 (sk98) network,
with bios integrated MBA.)
> > If not, my backup solution is to only allow booting from C:, and password
> > protect all lilo/grub alternativs but local boot. This requires physical
> > access to the computers if I want to reinstall, but is still much better
> > than the bios solution (halt, enter bios, change boot order, install from
> > network, halt, enter bios, change boot order again, boot from disk).
>
> What's the exact problem? In general you'd be happy to boot locally,
> with or without a PXE response. If you want to do an install and don't
> succeed, then something is wrong with the PXE (MBA) settings...
Next week, we will replace 24 suns in our computer labs with linux
computers. Since this is our first try at linux in a student environment,
i suspect there will be quite a few reinstallations before we get
everything right. Thats why it would be nice if I could say "fai_chboot
-IBv", reboot the client and be assured that they always will start an
installation. Of course, I could check the output from faimond and se if
any computers didn't install correctly, so this is not a big problem.
Our computer engineering students will try everything that is not
disabled, so eventually some computer will have their settings altered.
This is a small problem with 24 computers, but our plans are to replace
all our suns (about 150), and in a more distant future maybe replace up to
600 windows computers, so the problem will grow.
Still, I agree that this is kind of a luxury problem. I guess I'm a bit
spoiled from running suns where OS and hardware are made for each other.
But sparcstations with half the speed for twice the money are no longer an
option for us.
--
Per Foreby http://www.efd.lth.se/perf/
More information about the linux-fai
mailing list