• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Other Serial interface password

mraganpbr

New Member


Messages: 2

#1
So I need to secure the equipment we are using. I have read the manuals and can't seem to find that answers that I need. I first need to be able to shut down the NIC on the box. I would need to be able to turn this back on using the serial interface. (USB to Serial from another server) Because of this I need to be able to password protect the serial interface...ttys0. I have tried changing the rc.conf.local from firewall_type 'open' to 'closed' and that didn't not give me the desired affect of shutting down all IP traffic on the NIC. Now before anyone says why do you need to do that I work in the government IP space and they say I have to... I have not other reason.
Any help would be appreciated. I am pretty new to Linux ( I was a network engineer before I got thrown this project)
 

SirDice

Administrator
Staff member
Administrator
Moderator

Thanks: 5,875
Best answers: 6
Messages: 26,473

#5
I have tried changing the rc.conf.local from firewall_type 'open' to 'closed' and that didn't not give me the desired affect of shutting down all IP traffic on the NIC.
ifconfig <interface> down
This is pretty hardcore so definitely make sure you have another way to access the machine or you're going to lock yourself out.
Now before anyone says why do you need to do that I work in the government IP space and they say I have to... I have not other reason.
Assuming this is proper enterprise-grade server equipment, doesn't the server have IPMI? Dell calls it "DRAC", HP "iLO", various names exist but they basically all do the same thing; It allows you to remote control the machine. You can even turn it off and on remotely.

I am pretty new to Linux
FreeBSD lesson 1: FreeBSD is not (a) Linux. Please don't confuse the two.
 

Phishfry

Daemon

Thanks: 753
Best answers: 1
Messages: 2,323

#6
I need to secure the equipment we are using.
So it took it to mean that you were going to physically secure the server to another area. Like from an office to a data room.
Most users here would think of securing as hardening. So what is it? What are you doing.
I first need to be able to shut down the NIC on the box.
See above. Like SirDice is alluding to, if you are accessing the server over ssh and do this you are disconnected.
Now if your physically moving it, then re-connecting via serial console in new location, that makes sense.
Maybe your server room has no monitors.

I think I am going to run into the issue that it isn't a standard install .
I am not sure what you mean by "install". That was why I linked to the serial console instructions. That makes a memstick serial installer. But you should not need an installer at all. Not from what you describe.
Simply set your /boot/loader.conf settings for serial console, then reboot and test.
I don't think you can enable serial console without rebooting unfortunately. It's part of the boot process.
Please elaborate more on your task and we can help.

Yes the Linux bit threw me too but I try and ignore. Maybe you forgot where you were?
 
Top