[BusyBox] BusyBox / Netkit-Tiny / TinyLogin status...?
Erik Andersen
andersen at lineo.com
Tue Feb 27 20:47:08 UTC 2001
On Tue Feb 27, 2001 at 07:38:59AM +0000, Matthew Franz wrote:
> > > There has been some discussion to that effect, but nothing conclusive (anyone
> > > have strong opinions either way?). There have been several changes to
> > > tinylogin recently, and I plan on making a 1.0 release of tinylogin, possibly
> > > as soon as tonight. I'm bumping up the version number to 1.0, simply because
> > > I consider it "done". I can't think of much further I really want
> > > to do with it (except use it).
> >
> > Point: Real distributions without `login' very unsecure ;)
> >
>
> How hard would it be to modify init to *not* spawn off shells (fairly easy
> I imagine).
It only spawns shells when people do not include an /etc/inittab
file. If there is an /etc/inittab file, then init does what
the inittab file tells it to.
> Dynamically deleting all the ttys from inittab from within the linuxrc
> didn't appear to work, although I tried this a while back and I may have
> screwed something up.
Right now, busybox init does not support 'init -q' for re-reading the
/etc/inittab file, so changes to it will only take effect after a reboot.
> I like the idea of no login and no console and access via ssh with RSA
> keys. Seems about as secure as you can get and we perfect for firewall/IDS
> distros.
This can be done quite easily with busybox init. Just don't start
any shells or gettys. Set /etc/inittab to something like:
# Initialize the system
::sysinit:/etc/init.d/rcS
# Fire up ssh
::respawn:/usr/sbin/sshd
# Stuff to do before rebooting
::ctrlaltdel:/bin/umount -a -r
::ctrlaltdel:/sbin/swapoff -a
-Erik
--
Erik B. Andersen email: andersen at lineo.com
--This message was written using 73% post-consumer electrons--
More information about the busybox
mailing list