help: security newbie
Pedro Fernandes Macedo
webmaster at margo.bijoux.nom.br
Tue Jun 15 01:32:22 UTC 2004
On Mon, 2004-06-14 at 19:59, T. 'Nifty New Hat' Mitchell wrote:
> a) Make sure that all the accounts on the machine have good pass words.
> Avoid running as root.
Just to add something to Tom's advice: grab "john" from fedora.us
(stable repository) and use it to try to crack the passwords.. From my
personal experience , john has a hard time trying to crack good
passwords.. And for simple ones (like passwords based on the user's name
or only number based passwords) are cracked very fast.
Just a warning though: warn all the users that you'll be trying to crack
their passwords and explain the reasons. This way they'll know that
you're doing this for their own protection.... We've had some problems
here because some users werent warned about it (they didnt go to the
lecture about our security policy) and had their accounts blocked
because they didnt change the password within 48 hours after being
contacted by e-mail.
More information about the fedora-list