UPDATE as of 11/05/02!!
SecureIt 1.05 DOES work with OS X 10.2
To try booting into safe mode, hold down "command" & "s" keys while booting. Secureit requires that a password be entered BEFORE dropping you into a CLI. I can not say that SecureIt will work with future releases, but I will keep this page updated!
SecureIt 1.05 Click here for the FAQ on SecureIt.
SecureIt is a perl script that locks down the security hole in OS X and Darwin when booting in to singleuser mode. Although this "security hole" is there by design (most large networks that have unix systems rely on this hole if their sys admin leaves without letting anyone know the password, it is a back door more than anything) the average user wanting to secure their box will want to plug it!
For more information on the security hole, see my post to the MacNN forum where I outlined how to change the root password when in singleuser mode. Click here.
This script, when you install asks for a password (this CAN be different than your current root password), once installed when you boot into singleuser mode it will ask for the password, if you type it wrong it will reboot the computer. There is no way to kill the script in singleuser mode.
Newto version 1.05:
1. Logs failed login attempts.
2. Password is kept in a file readable
ONLY by root and is stored encrypted!
3. rc.boot file is updated by a patch instead of importing a copy.
4.
New uninstall option will completely remove SecureIt from your computer.
To install:
Open a terminal window
su to root and type root password
go to the directory where you downloaded secureit.tar.gz and type:
tar xvzf secureit.tar.gz
cd secureit
./install
It will ask for a password, make sure you remember it!!
That's it! Try rebooting into singleuser mode (hold down the "command" & "s" keys during the boot process) and type in a wrong password, then do it again with the correct password. You are now safe from unwanted visitors!
Read the README file for more information on what SecureIt can and can not do.
NOTE: If you forget both your root password & the singleuser password there are ways to reset the password. Although SecureIt goes a long way to help secure your computer, it is not 100% effective.