HostedDB - Dedicated UNIX Servers

Securing-Optimizing-RH-Linux-1_2_39
Comments and suggestions concerning this book should be mailed to gmourani@videotron.ca © Copyright 1999-2000 Gerhard Mourani and Open Network Architecture ® 39 3.    Choose a right Password The starting point of our Linux General Security tour is the password. Many people keep their valuable information and files on a computer and the only thing preventing others from seeing it is the eight-character string called a password. An unbreakable password contrary to popular belief does not exist. Given time and resources all passwords can be guessed either by social engineering or by brute force. Social engineering of server passwords and other access methods are still the easiest and most popular way to gain access to accounts and servers. Often, something as simple as acting as a superior or executive in a company and yelling at the right person at the right time of the day yields terrific results. Running a password cracker on a weekly basis on your system is a good idea. This helps to find and replace passwords that are easily guessed or weak. Also, a password checking mechanism should be present to reject a weak password when first choosing a password or changing an old one. Character strings that are plain dictionary words, or are all in the same case, or do not contain numbers or special characters should not be accepted as a new password. We recommend the following rules to make passwords effective: · They should be at least six characters in length, preferably eight characters including at least one numeral or special character. · They must not be trivial; a trivial password is one that is easy to guess and is usually based on the user’s name, family, occupation or some other personal characteristic. · They should have an aging period, requiring a new password to be chosen within a specific time frame. · They should be revoked and reset after a limited number of concurrent incorrect retries. 4.    The password length The minimum acceptable password length by default when you install your Linux system is 5. This mean that when a new user is allowed  to have a access on the server, his/her password length will be at minimum 5 mixes of character strings, letter, number, special character etc.    This is not enough and must be 8. To prevent unconscious people or administrator to be able to enter just 5 characters length for the valuable password edit the rather important “/etc/login.defs” file and change the value of 5 length to 8 length. Edit the login.defs file (vi /etc/login.defs) and change the line that read: PASS_MIN_LEN    5 To read: PASS_MIN_LEN    8 The “login.defs” is the configuration file for the login program. You should review or make changes to this file for your particular system. This is where you set other security policy settings (like password expiration defaults or minimum acceptable password length). 5.    The root account