Checking Physical Security
Some Linux vulnerabilities involve the bad guy actually being at the system console — something that’s entirely possible given the insider threats that every organization faces.
Physical security hacks
If an attacker is at the system console, anything goes, including rebooting the system (even if no one is logged in) by pressing Ctrl+Alt+Delete. After the system is rebooted, the attacker can start it in single-user mode, which allows the hacker to zero out the root password or possibly even read the entire shadow password file.
Countermeasures against physical security attacks
Edit your /etc/inittab file and comment out (place a # sign in front of) the line that reads ca::ctrlaltdel:/sbin/shutdown -t3 -r now, shown in the last line of Figure. These changes will prevent someone from rebooting the system by pressing Ctrl+Alt+Delete. Be forewarned that this will also prevent you from legitimately using Ctrl+Alt+Delete.
Figure : /etc/inittab showing the line that allows a Ctrl+Alt+Delete shutdown.
For Linux-based laptops, use disk encryption software, such as WinMagic ( www.winmagic.com ) and Symantec ( www.symantec.com ). If you don’t, when a laptop is lost or stolen, you could very well have a data breach on your hands and all the state, federal, compliance, and disclosure law requirements that go along with it. Not good!
