Software security cannot possibly protect you from physical security risks.. if this system is in an area that's not safe, relocate it to a safer area.
There are a few things you can do:
- Set a BIOS password.. most support that.
- Set the boot priority to boot from the hard drive only.
- Remove any bsd.rd off the root partition...
- Remove the 'secure' setting from ttyC* devices in /etc/ttys.
None of this will prevent someone from stealing the physical hard drive and mounting it in another system, physical security is *your* responsibility.
An encrypted root file system sounds nice, but it's simply unfeasible.. the 3rd level boot program, i.e: /boot is on the root partition.. the loader before that is primitive, it has the blocks hard coded into it, and due to architectural constraints.. i.e: a 512 byte PBR, a suitable decryption routine would be insanely hard to write.
Sorry.