Tag Archives: hardening

password when starting a linux server in single-user mode


On RHEL 6.2-based systems (like Scientific Linux 6.2):
edit /etc/sysconfig/init

# Set to ‘/sbin/sulogin’ to prompt for password on single-user mode
# Set to ‘/sbin/sushell’ otherwise

Like this:


Then if you add an ‘s’ to the grub entry when the server boots it will ask you for a password , or hit ctrl-d. Ctrl-d makes the server enter normal boot (telinit *).

Should all linux machines be installed this way? To me this sounds like a definite deal, especially if you have the console physically or remotely accessible.

How to restrict access to your phpmyadmin

Went through the apache logs on my web-server and saw some access requests to my phpmyadmin page.

It’s probably a good idea to restrict access to this web based sql admin interface (in case there is an exploit I don’t want somebody to use it on this).

How to make phpmyadmin a bit more secure

sudo vi /etc/phpmyadmin/apache.conf
sudo nano /etc/phpmyadmin/apache.conf

“Alias /phpmyadmin /usr/share/phpmyadmin”
<Directory /usr/share/phpmyadmin>

add this:

Order Deny,Allow
Deny from all
Allow from
Allow from

This will let your vm access the /phpmyadmin part and also anything with an IP on the network.

Also, up there in the alias where it first says /phpmyadmin – change this to something else like “Alias /youcannotguessthis /usr/share/phpmyadmin” and it will be a lot harder for automatic scanners to find it.

Here is some more information.