Topic: Hardening SME server (reprise)

[Bud]

please guys just some questions on this subject

1. how do protect the sme server to NOT display what it is loading during the boot process ie: just to display eg: " Server Booting " or something similar

2. after the boot process i simply want to display a prompt with eg: " smeserver9.1 " what file(s) must i edit to do this?

3. how do i secure ( password protect ) the grub menu?

any help greatly appreciated 

[Stefano]

Splitted from the original post, which is old

Bud, can you give us some "environmental" details? and, more, what are you trying to achieve?

[Bud]

Stefano thanks for your reply

what i am trying to achieve is to secure the server(s) from prying eyes.

i am trying to enable or disable the boot process from showing what is being loaded during the sme server boot process.

any ideas?

[Stefano]

ok..

1) setting a password on grub or bios won't let you update/reconfigure your server if you're not onsite
2) AFAIK even if "rhgb" and "quiet" are default values in grub config for SME9, they "don't work", meaning that according to this site (for example) the verbose boot should be available removing those params.. anyway, even if you set up your grub to be less verbose, hitting Esc should give you again the possibility to see what's going on
3) IMO, security by obscurity doesn't work.. yus be sure your server is updated, your passwords are strong, your webapp (WP, Joomla ecc, if any) are updated too

and, finally.. such measures are intended to "protect" your server from people standing in front of it.. BTW, if someone has phisical access to your server, nothing will work

[Stefano]

searched a bit.. starting from this post on centos' forum (https://www.centos.org/forums/viewtopic.php?t=48019)
I tried

Code: [Select]

[root@backup server]# plymouth-set-default-theme
text

so there's no other theme..

[Daniel B.]

I fail to see how hiding boot information get more security. There's absolutely no sensitive info printed during boot

[DanB35]

i am trying to enable or disable the boot process from showing what is being loaded during the sme server boot process.

Unplug the monitor?

I really don't understand what you're trying to accomplish, or why.  Most of the services that come up during the boot process can be deduced by knowing the functionality provided by the SME server.  But more to the point, if an attacker has physical access to your SME box, you have no reason to count on any security at all.

[ReetP]

ok..

1) setting a password on grub or bios won't let you update/reconfigure your server if you're not onsite

Unless you have remote access to iLO or a nice little Aten remote KVM unit

Handy get out of jail free for those 'Press F1 to continue' days