WelcomeWelcome | FAQFAQ | DownloadsDownloads | WikiWiki

Author Topic: How to prevent someone from modifying initrd file  (Read 4021 times)

Offline zbs888

  • Newbie
  • *
  • Posts: 42
How to prevent someone from modifying initrd file
« on: December 09, 2020, 01:21:01 AM »
Hi guys,in order to prevent the tinycore startup file initrd on public computers from being illegally modified by others, is there any good solution?
Anyone can open and modify the initrd file using "zcat and cpio", and overwrite the initrd
How to avoid this situation, do not modify the initrd file casually.
Waiting for you to give good advice.

Offline Rich

  • Administrator
  • Hero Member
  • *****
  • Posts: 11635
Re: How to prevent someone from modifying initrd file
« Reply #1 on: December 09, 2020, 02:14:02 AM »
Hi zbs888
Lock down the computer. Disable  sudo  for the user so they can't modify files owned by root. Make sure the kernel and
initrd are owned by  root:root.  Disable booting from an external device so they can't boot their own operating system.

Or you could try hiding it. Install you boot loader, kernel, and initrd on sda3 for example. Modify your initrd as follows:
Code: [Select]
mv etc/init.d/rcS etc/init.d/rcs
Create a new  etc/init.d/rcS  containing the following:
Code: [Select]
#!/bin/sh
# Make it look like the partition doesn't exist.
umount /dev/sda3
rm /dev/sda3
rm /mnt/sda3

# Replace this file with the original rcS file.
mv /etc/init.d/rcs /etc/init.d/rcS
# Run the original rcS file.
/etc/init.d/rcS

Complete the deception by creating a fake boot directory on sda1 for example. Copy the boot directory from sda3 to sda1.
Modify the boot loaders config file in sda1 to point to sda1 instead of sda3. Replace the initrd in sda1 with an unmodified
version.
« Last Edit: December 09, 2020, 02:15:39 AM by Rich »

Offline curaga

  • Administrator
  • Hero Member
  • *****
  • Posts: 11044
Re: How to prevent someone from modifying initrd file
« Reply #2 on: December 09, 2020, 03:03:54 AM »
That's the scenario secure boot was designed for. Though many computers only allow Microsoft's keys, not yours.
The only barriers that can stop you are the ones you create yourself.

Offline zbs888

  • Newbie
  • *
  • Posts: 42
Re: How to prevent someone from modifying initrd file
« Reply #3 on: December 09, 2020, 04:41:35 AM »
Hi zbs888
Lock down the computer. Disable  sudo  for the user so they can't modify files owned by root. Make sure the kernel and
initrd are owned by  root:root.  Disable booting from an external device so they can't boot their own operating system.

Or you could try hiding it. Install you boot loader, kernel, and initrd on sda3 for example. Modify your initrd as follows:
Code: [Select]
mv etc/init.d/rcS etc/init.d/rcs
Create a new  etc/init.d/rcS  containing the following:
Code: [Select]
#!/bin/sh
# Make it look like the partition doesn't exist.
umount /dev/sda3
rm /dev/sda3
rm /mnt/sda3

# Replace this file with the original rcS file.
mv /etc/init.d/rcs /etc/init.d/rcS
# Run the original rcS file.
/etc/init.d/rcS

Complete the deception by creating a fake boot directory on sda1 for example. Copy the boot directory from sda3 to sda1.
Modify the boot loaders config file in sda1 to point to sda1 instead of sda3. Replace the initrd in sda1 with an unmodified
version.
Thanks for your reply.
I found some guys boot from usb ,copy and modify initrd to add a new user or modify root passwd ,then overwrite my orig initrd.
So i want to know ,can we encryption or any way to disable someone modify the initrd file

Offline Rich

  • Administrator
  • Hero Member
  • *****
  • Posts: 11635
Re: How to prevent someone from modifying initrd file
« Reply #4 on: December 09, 2020, 09:00:02 AM »
Hi zbs888
If your BIOS has the option to disable booting from USB and CD drive, do that. Then set the password to the BIOS to
prevent others from accessing it.

Offline Rich

  • Administrator
  • Hero Member
  • *****
  • Posts: 11635
Re: How to prevent someone from modifying initrd file
« Reply #5 on: December 09, 2020, 09:06:06 AM »
Hi zbs888
I think some machines also include an  Administrator  password option in the BIOS. If I'm not mistaken, only someone
knowing that password could boot the machine.

Offline hiro

  • Hero Member
  • *****
  • Posts: 1229
Re: How to prevent someone from modifying initrd file
« Reply #6 on: December 10, 2020, 08:37:36 AM »
can't you just unplug the device that you boot from that has the initrd file?

Offline Rich

  • Administrator
  • Hero Member
  • *****
  • Posts: 11635
Re: How to prevent someone from modifying initrd file
« Reply #7 on: December 10, 2020, 08:43:13 AM »
Hi hiro
... I found some guys boot from usb ,copy and modify initrd to add a new user or modify root passwd ,then overwrite my orig initrd. ...
It sounds like the machine boots from a hard drive but the people he wants to keep out reboot the machine using a
USB thumb drive.

Offline zbs888

  • Newbie
  • *
  • Posts: 42
Re: How to prevent someone from modifying initrd file
« Reply #8 on: December 14, 2020, 07:54:45 PM »
Hi hiro
... I found some guys boot from usb ,copy and modify initrd to add a new user or modify root passwd ,then overwrite my orig initrd. ...
It sounds like the machine boots from a hard drive but the people he wants to keep out reboot the machine using a
USB thumb drive.
Yes,someone using a usb drive reboot computer and remount hd driver,copy and modify initrd file ,then overwriter it.Then they can be a root

Offline hiro

  • Hero Member
  • *****
  • Posts: 1229
Re: How to prevent someone from modifying initrd file
« Reply #9 on: December 15, 2020, 07:03:19 AM »
i'd suggest preventing access physically.

Offline Rich

  • Administrator
  • Hero Member
  • *****
  • Posts: 11635
Re: How to prevent someone from modifying initrd file
« Reply #10 on: December 15, 2020, 08:56:56 AM »
Hi zbs888
I have an old HP G62 laptop that has a  Security  menu in the  BIOS Setup  screen. It lists 2 passwords that can be set:
1. Administrator    Controls access to the  BIOS Setup.
2. Power-On          Controls access to the system at boot.

Setting the  Power-On  password means no one who does not know the password can boot the machine. Check your
machine for a similar option.

What kind of computer (make & model) are you dealing with?

Offline zbs888

  • Newbie
  • *
  • Posts: 42
Re: How to prevent someone from modifying initrd file
« Reply #11 on: December 16, 2020, 10:54:22 PM »
Hi zbs888
I have an old HP G62 laptop that has a  Security  menu in the  BIOS Setup  screen. It lists 2 passwords that can be set:
1. Administrator    Controls access to the  BIOS Setup.
2. Power-On          Controls access to the system at boot.

Setting the  Power-On  password means no one who does not know the password can boot the machine. Check your
machine for a similar option.

What kind of computer (make & model) are you dealing with?
Thanks for your reply.
In addition to the physical methods such as BIOS, I wonder if there is a way to directly protect the initrd file from being viewed and decompressed and modified