On the servers you REALLY care about you can  use luks and encrypted USB keys that have to be in the system in order for it to decrypt the root partition on boot. But most folks don&#39;t really need to go to that extreme. Your best to decide how valuable the data you have actually is, and how often you want to have to come into the office at 3am on a Saturday night just to reboot something, much less wake the other guy up to open his safe to get the key.  :)  <br>
<br><div class="gmail_quote">2011/7/29 Dag Wieers <span dir="ltr">&lt;<a href="mailto:[log in to unmask]"><a href="/scripts/wa.exe?LOGON=A3%3Dind1107%26L%3DSCIENTIFIC-LINUX-DEVEL%26E%3Dquoted-printable%26P%3D327122%26B%3D--0016e659f8eaef1c9804a935ed4b%26T%3Dtext%252Fhtml%3B%2520charset%3DISO-8859-1%26pending%3D" target="_parent" >[log in to unmask]</a></a>&gt;</span><br><blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
<div class="im">On Fri, 29 Jul 2011, Marek Andreánsky wrote:<br>
<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">
Why is securing /etc/inittab helping? I&#39;ve read that by<br>
adding init=/bin/bash to grub you can get into the machine and change the<br>
shadow file anyway, which gives you root. I&#39;d say that Red Hat presumes that<br>
the server is in a secure location and it is therefore highly improbable<br>
that anyone could just simply sit down to it and reboot it without anyone<br>
ever noticing.<br>
</blockquote>
<br></div>
Well, one of the additional security measures when securing a Linux system is adding a password to your BIOS and to your bootloader. So that changing the kernel commandline or booting another device by someone unauthorized is hard or impossible.<br>

<br>
You could consider someone having physical access to your system, to be able to walk away with the harddisk anyway (encrypted filesystem not taken into account), but at least that&#39;s not something you can do without being noticed.<br>

<br>
So making it harder at multiple levels is required, and not a 100% guarantee. Adding proper datacenter security, security cameras, visible badges, etc... All help adding to the total security of your system&#39;s data.<br>
<font color="#888888">
<br>
-- <br>
-- dag wieers, <a href="mailto:[log in to unmask]" target="_blank"><a href="/scripts/wa.exe?LOGON=A3%3Dind1107%26L%3DSCIENTIFIC-LINUX-DEVEL%26E%3Dquoted-printable%26P%3D327122%26B%3D--0016e659f8eaef1c9804a935ed4b%26T%3Dtext%252Fhtml%3B%2520charset%3DISO-8859-1%26pending%3D" target="_parent" >[log in to unmask]</a></a>, <a href="http://dag.wieers.com/" target="_blank">http://dag.wieers.com/</a><br>
-- dagit linux solutions, <a href="mailto:[log in to unmask]" target="_blank"><a href="/scripts/wa.exe?LOGON=A3%3Dind1107%26L%3DSCIENTIFIC-LINUX-DEVEL%26E%3Dquoted-printable%26P%3D327122%26B%3D--0016e659f8eaef1c9804a935ed4b%26T%3Dtext%252Fhtml%3B%2520charset%3DISO-8859-1%26pending%3D" target="_parent" >[log in to unmask]</a></a>, <a href="http://dagit.net/" target="_blank">http://dagit.net/</a><br>
<br>
[Any errors in spelling, tact or fact are transmission errors]</font></blockquote></div><br>