[BusyBox] BusyBox / Netkit-Tiny / TinyLogin status...?

Erik Andersen andersen at lineo.com
Tue Feb 27 20:47:08 UTC 2001


On Tue Feb 27, 2001 at 07:38:59AM +0000, Matthew Franz wrote:
> > > There has been some discussion to that effect, but nothing conclusive (anyone
> > > have strong opinions either way?).  There have been several changes to
> > > tinylogin recently, and I plan on making a 1.0 release of tinylogin, possibly
> > > as soon as tonight.  I'm bumping up the version number to 1.0, simply because
> > > I consider it "done".  I can't think of much further I really want 
> > > to do with it (except use it).
> > 
> > Point: Real distributions without `login' very unsecure ;)
> > 
> 
> How hard would it be to modify init to *not* spawn off shells (fairly easy
> I imagine). 

It only spawns shells when people do not include an /etc/inittab
file.  If there is an /etc/inittab file, then init does what
the inittab file tells it to.

> Dynamically deleting all the ttys from inittab from within the linuxrc
> didn't appear to work, although I tried this a while back and I may have
> screwed something up.

Right now, busybox init does not support 'init -q' for re-reading the
/etc/inittab file, so changes to it will only take effect after a reboot.

> I like the idea of no login and no console and access via ssh with RSA
> keys. Seems about as secure as you can get and we perfect for firewall/IDS
> distros.

This can be done quite easily with busybox init.  Just don't start
any shells or gettys.  Set /etc/inittab to something like:

	# Initialize the system
	::sysinit:/etc/init.d/rcS
	# Fire up ssh
	::respawn:/usr/sbin/sshd
	# Stuff to do before rebooting
	::ctrlaltdel:/bin/umount -a -r
	::ctrlaltdel:/sbin/swapoff -a

 -Erik

--
Erik B. Andersen   email:  andersen at lineo.com
--This message was written using 73% post-consumer electrons--





More information about the busybox mailing list