Re: Regarding sudo
- From: Douglas Mayne <doug@xxxxxxxxxxxxxxxxx>
- Date: Thu, 12 Jul 2007 09:05:52 -0600
On Thu, 12 Jul 2007 08:05:17 -0500, John Hasler wrote:
Any program can test the validity of a given password. That doesn't matter
because finding a valid password by trial and error would take a billion
Pardon me for butting in, but I only want to add one clarification to what
you have written above. Cracking a password by trial and error _can_ take
a long time, that is, if the password has been properly chosen. A password
that is not properly chosen might be easy to break, using a dictionary
attack, etc. There are guidelines online which explain how to choose a
difficult to crack password. The passwd program I have used must do some
checking before setting the password, because the message, "Warning, weak
password" will popup if the password doesn't meet the requirements.
You also alluded to the 40 year history of the *nix system security,
which was designed with multiple users in mind from the beginning.
I have summarized a few of the key principles of *nix system security that
I have learned so far.
1. A normal user cannot damage the critical system files. Damage done by
users will be confined to his own files.
2. Sudo (and su users) should be educated to understand and follow good
security practices (have a good password, only use root "power" when
necessary, etc.) The root account is capable of causing great damage
to the system, including total destruction of the filesystem.
3. The *nix system protects critical system files from unauthorized access
by the non-root users of a system while the system is operating. The
file /etc/shadow has permissions which prevent simple users from reading
its contents, except for root. AIUI, the login service is started by root
at boot. That service reads /etc/shadow and uses it to authorize new users.
4. The system can deploy a newtork firewall to protect network services
from unauthorized access. Rate limited firewalls are useful in stopping
brute force attacks.
5. Prohibit simple password authentication via ssh. The public/private
keys used by ssh for certificate authentication is preferable to passing
passwords or password hashes over a network.
6. Protect system backups. The complete system backup may be vulnerable
to theft while it is in storage. For this reason, encrypting backups is a
good idea, IMO.
Again, this is not a comprehensive list, just some things that came to
mind, off the top of my head.
- Prev by Date: Re: It is possible to generate a passphraseless ssh key from command line
- Next by Date: TAR & GZIP into multiple files
- Previous by thread: Re: Regarding sudo
- Next by thread: Re: Regarding sudo