LDP
/
old-www
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
old-www/LDP/solrhe/Securing-Optimizing-Linux-R.../chap5sec31.html

240 lines
5.6 KiB
HTML
Raw Permalink Blame History

<HTML
><HEAD
><TITLE
>Choose a right Password</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.60"><LINK
REL="HOME"
TITLE="Securing and Optimizing Linux"
HREF="index.html"><LINK
REL="UP"
TITLE="General System Security"
HREF="gen-syssecured.html"><LINK
REL="PREVIOUS"
TITLE="Security as a Policy"
HREF="chap5sec30.html"><LINK
REL="NEXT"
TITLE="The root account"
HREF="chap5sec32.html"></HEAD
><BODY
CLASS="section"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>Securing and Optimizing Linux: RedHat Edition -A Hands on Guide</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="chap5sec30.html"
>Prev</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
>Chapter 5. General System Security</TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="chap5sec32.html"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="section"
><H1
CLASS="section"
><A
NAME="AEN3220"
>5.3. Choose a right Password</A
></H1
><P
>&#13; The starting point of our Linux General Security tour is the password. Many people keep their valuable information and files on a computer, and the only thing preventing others from seeing
it is the eight-character string called a password. An unbreakable password, contrary to popular belief, does not exist. Given time and resources all passwords can be guessed either by social
engineering or by brute force.
</P
><P
>&#13; Social engineering of server passwords and other access methods are still the easiest and most popular way to gain access to accounts and servers. Often, something as simple as acting as a
superior or executive in a company and yelling at the right person at the right time of the day yields terrific results.
</P
><P
>&#13; Running a password cracker on a weekly basis on your system is a good idea. This helps to find and replace passwords that are easily guessed or weak. Also, a password checking mechanism
should be present to reject a weak password when first choosing a password or changing an old one. Character strings that are plain dictionary words, or are all in the same case, or do not
contain numbers or special characters should not be accepted as a new password.
We recommend the following rules to make passwords effective:
<P
></P
><UL
><LI
STYLE="list-style-type: dash"
><P
>
They should be at least six characters in length, preferably eight characters including at least one numeral or special character.
</P
></LI
><LI
STYLE="list-style-type: dash"
><P
>&#13; They must not be trivial; a trivial password is one that is easy to guess and is usually based on the user's name, family, occupation or some other personal characteristic.
</P
></LI
><LI
STYLE="list-style-type: dash"
><P
>
They should have an aging period, requiring a new password to be chosen within a specific time frame.
</P
></LI
><LI
STYLE="list-style-type: dash"
><P
>&#13; They should be revoked and reset after a limited number of concurrent incorrect retries.
</P
></LI
></UL
>
</P
><P
>&#13; The minimum acceptable password length by default when you install your Linux system is 5. This mean that when a new user is allowed to have a access on the server, his/her password
length will be at minimum 5 mixes of character strings, letter, number, special character etc.
This is not enough and must be 8.
</P
><P
>&#13; To prevent non-security-minded people or administrators from being able to enter just 5 characters for the valuable password, edit the rather
important <TT
CLASS="filename"
>/etc/login.defs</TT
> file and change the value of 5 to 8.
Edit the <TT
CLASS="filename"
>login.defs</TT
> file vi <TT
CLASS="filename"
>/etc/login.defs</TT
> and change the line that read:
<TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><PRE
CLASS="literallayout"
><TT
CLASS="computeroutput"
>&#13; PASS_MIN_LEN 5
</TT
></PRE
></TD
></TR
></TABLE
>
To read:
<TABLE
BORDER="0"
BGCOLOR="#E0E0E0"
WIDTH="100%"
><TR
><TD
><PRE
CLASS="literallayout"
><TT
CLASS="computeroutput"
>&#13; PASS_MIN_LEN 8
</TT
></PRE
></TD
></TR
></TABLE
>
The <TT
CLASS="filename"
>login.defs</TT
> is the configuration file for the login program. You should review or make changes to this file for your particular system. This is where you set
other security policy settings like password expiration defaults or minimum acceptable password length.
</P
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="chap5sec30.html"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="index.html"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="chap5sec32.html"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>Security as a Policy</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="gen-syssecured.html"
>Up</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>The root account</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>
Reference in New Issue View Git Blame Copy Permalink