How to prevent someone from modifying initrd file

[zbs888]

Hi guys,in order to prevent the tinycore startup file initrd on public computers from being illegally modified by others, is there any good solution?
Anyone can open and modify the initrd file using "zcat and cpio", and overwrite the initrd
How to avoid this situation, do not modify the initrd file casually.
Waiting for you to give good advice.

[Rich]

Hi zbs888
Lock down the computer. Disable  sudo  for the user so they can't modify files owned by root. Make sure the kernel and
initrd are owned by  root:root.  Disable booting from an external device so they can't boot their own operating system.

Or you could try hiding it. Install you boot loader, kernel, and initrd on sda3 for example. Modify your initrd as follows:

Code: [Select]

mv etc/init.d/rcS etc/init.d/rcs
Create a new  etc/init.d/rcS  containing the following:

Code: [Select]

#!/bin/sh
# Make it look like the partition doesn't exist.
umount /dev/sda3
rm /dev/sda3
rm /mnt/sda3

# Replace this file with the original rcS file.
mv /etc/init.d/rcs /etc/init.d/rcS
# Run the original rcS file.
/etc/init.d/rcS
Complete the deception by creating a fake boot directory on sda1 for example. Copy the boot directory from sda3 to sda1.
Modify the boot loaders config file in sda1 to point to sda1 instead of sda3. Replace the initrd in sda1 with an unmodified
version.

[curaga]

That's the scenario secure boot was designed for. Though many computers only allow Microsoft's keys, not yours.

[zbs888]

Hi zbs888
Lock down the computer. Disable  sudo  for the user so they can't modify files owned by root. Make sure the kernel and
initrd are owned by  root:root.  Disable booting from an external device so they can't boot their own operating system.

Or you could try hiding it. Install you boot loader, kernel, and initrd on sda3 for example. Modify your initrd as follows:

Code: [Select]

mv etc/init.d/rcS etc/init.d/rcs
Create a new  etc/init.d/rcS  containing the following:

Code: [Select]

#!/bin/sh
# Make it look like the partition doesn't exist.
umount /dev/sda3
rm /dev/sda3
rm /mnt/sda3

# Replace this file with the original rcS file.
mv /etc/init.d/rcs /etc/init.d/rcS
# Run the original rcS file.
/etc/init.d/rcS
Complete the deception by creating a fake boot directory on sda1 for example. Copy the boot directory from sda3 to sda1.
Modify the boot loaders config file in sda1 to point to sda1 instead of sda3. Replace the initrd in sda1 with an unmodified
version.

Thanks for your reply.
I found some guys boot from usb ,copy and modify initrd to add a new user or modify root passwd ,then overwrite my orig initrd.
So i want to know ,can we encryption or any way to disable someone modify the initrd file

[Rich]

Hi zbs888
If your BIOS has the option to disable booting from USB and CD drive, do that. Then set the password to the BIOS to
prevent others from accessing it.

[Rich]

Hi zbs888
I think some machines also include an  Administrator  password option in the BIOS. If I'm not mistaken, only someone
knowing that password could boot the machine.

[hiro]

can't you just unplug the device that you boot from that has the initrd file?

[Rich]

Hi hiro

... I found some guys boot from usb ,copy and modify initrd to add a new user or modify root passwd ,then overwrite my orig initrd. ...

It sounds like the machine boots from a hard drive but the people he wants to keep out reboot the machine using a
USB thumb drive.

[zbs888]

Hi hiro

... I found some guys boot from usb ,copy and modify initrd to add a new user or modify root passwd ,then overwrite my orig initrd. ...

It sounds like the machine boots from a hard drive but the people he wants to keep out reboot the machine using a
USB thumb drive.

Yes，someone using a usb drive reboot computer and remount hd driver,copy and modify initrd file ,then overwriter it.Then they can be a root

[hiro]

i'd suggest preventing access physically.

[Rich]

Hi zbs888
I have an old HP G62 laptop that has a  Security  menu in the  BIOS Setup  screen. It lists 2 passwords that can be set:
1. Administrator    Controls access to the  BIOS Setup.
2. Power-On          Controls access to the system at boot.

Setting the  Power-On  password means no one who does not know the password can boot the machine. Check your
machine for a similar option.

What kind of computer (make & model) are you dealing with?

[zbs888]

Hi zbs888
I have an old HP G62 laptop that has a  Security  menu in the  BIOS Setup  screen. It lists 2 passwords that can be set:
1. Administrator    Controls access to the  BIOS Setup.
2. Power-On          Controls access to the system at boot.

Setting the  Power-On  password means no one who does not know the password can boot the machine. Check your
machine for a similar option.

What kind of computer (make & model) are you dealing with?

Thanks for your reply.
In addition to the physical methods such as BIOS, I wonder if there is a way to directly protect the initrd file from being viewed and decompressed and modified