Originally Posted by
nvkedvkem
Hi! Is there any way to setup server full data wipe on root password change attempt?
I have my own product which i sell and do not want anyone to see what is inside, so i do not let customers have root access to server, but i know that someone can just reset root password.
Please if you know the way, help me.
This is Linux, so there is always a way. Just remember because something is possible, does not mean it is a good idea. There are likely better, safe, more efficient ways to protect your product and data. That being said, this command should do what you need:
Code:
tail -F /var/log/auth.log | grep -q "password changed for root" && echo "removing files"
Or you could set up a simple cronjob to poll the auth log file periodically and take action as needed. Again, it's not perfect, it can likely be circumvented, but should give you some creative ideas on where to go next.
Bookmarks