On Fri, 29 Jul 2011, Marek Andreánsky wrote:

> Why is securing /etc/inittab helping? I've read that by
> adding init=/bin/bash to grub you can get into the machine and change the
> shadow file anyway, which gives you root. I'd say that Red Hat presumes that
> the server is in a secure location and it is therefore highly improbable
> that anyone could just simply sit down to it and reboot it without anyone
> ever noticing.

Well, one of the additional security measures when securing a Linux system 
is adding a password to your BIOS and to your bootloader. So that changing 
the kernel commandline or booting another device by someone unauthorized 
is hard or impossible.

You could consider someone having physical access to your system, to be 
able to walk away with the harddisk anyway (encrypted filesystem not 
taken into account), but at least that's not something you can do without 
being noticed.

So making it harder at multiple levels is required, and not a 100% 
guarantee. Adding proper datacenter security, security cameras, visible 
badges, etc... All help adding to the total security of your system's 
data.

-- 
-- dag wieers, [log in to unmask], http://dag.wieers.com/
-- dagit linux solutions, [log in to unmask], http://dagit.net/

[Any errors in spelling, tact or fact are transmission errors]