Securing a Password Your password should be easy for you to remember but impossible for someone else to guess. Pick a short word, phrase, or sequence of letters and/or numbers at least eight characters long. Don't pick family names, birth dates, or terms that others might trace back to you. On the other hand, passwords are useless if you can't remember them, so keep it simple. You don't want to end up locked out of your system, and if you have to write your password down, then anyone can break into your computer. Switch at least one of the letters to uppercase or to a similar number. For example, you could use 0 (zero) instead of o, or 3 instead of E. Substitute at least one symbol for a character.
Now you should have a password that's a minimum of eight characters long, with letters, numbers, case changes, and symbols in it. |
Seems like you hear about a new hacking exploit or security flaw almost every week. Making your system secure isn't a single task you can perform once, it's an ongoing series of small tasks. Luckily, there are several things anyone can do to make sure their system is reasonably secure. Keeping your passwords secure, disabling any unnecessary and potentially dangerous services, paying attention to security advisories, and keeping your system up-to-date (which we cover in the appendixes) are good ways to keep your system secure. To change your password: 1. | passwd
The passwd command will lead you through the process of changing your password.
If you're using Windows or Mac OS X, use the standard operating-system control panels for changing your password.
| 2. | Unless you're logged in as root, you'll be prompted to enter your old password. Type it and press Enter. Your existing password won't show up onscreen, so type carefully.
If you're changing root's password, skip this step and go straight to step 3.
| 3. | Enter your new password, then press Enter.
Your new password doesn't show up onscreen, so type carefully.
| 4. | To ensure that you typed it correctly, you will be asked to retype your password; do so and then press Enter again.
|
 Tip
Change your password using the passwd command (Code Listing 4.1) periodically. Some corporate IT groups suggest doing so every three months, but every six months to a year is probably often enough, and you'll be less likely to forget your current password.
To disable dangerous services (xinetd If you're using Fedora Core or Mac OS X, the xinetd service controls all of the standard Internet services, such as telnet and ftp. 1. | cd /etc/xinetd.d
If your system uses xinetd (Fedora Core or Mac OS X) to control Internet services, the configuration information is stored in the xinetd.d subdirectory of /etc.
| 2. | Edit the various files, each named after the service it configures, in the xinetd.d directory using your favorite text editor.
Lines beginning with the # character are comments. Each file lists the service name and several keyword/value pairs, one per line.
Disabled services will have a disabled = yes line in the configuration file.
| 3. | Make sure that any unnecessary services are disabled by adding a disabled = yes line to their configuration files, if one isn't already there.
Services you'll want to disable (if they aren't already) include telnet, ftp, shell, login, exec, talk, ntalk, and tftp. You probably don't require any of these.
| 4. | ps aux | grep xinetd |  awk '{ print $2; }'
Find the process ID (PID) of xinetd (Code Listing 4.2).
You'll see two entries here; the second is for the grep command you just entered.
| 5. | kill -HUP pid
Send the "hang up" signal to xinetd. By convention, this signal tells servers to reload their configuration files.
|
Code listing 4.1. Changing your password with the passwd command. $ passwd Changing local password for chrish Old Password: New Password: Retype New Password:
Code listing 4.2. Disabling xinetd services. [root@dhcppc2 xinetd.d]# ps aux | grep xinetd | awk '{ print $2; }' 1880 2573 [root@dhcppc2 xinetd.d]# kill -HUP 1880
To disable dangerous services (inetd): 1. | cd /etc
If your system uses inetd (FreeBSD or Cygwin with the inetd package installed) to control Internet services, the configuration information is stored in the usual directory.
| 2. | Edit the inetd.conf file using your favorite text editor.
Lines beginning with the # character are comments. Each line lists the service name, information about the service's connections, the program that supports the service, and any program arguments.
| 3. | Make sure that any unnecessary services are commented out by adding a # character at the start of the line.
Services you'll want to disable (if they aren't already) include telnet, ftp, shell, login, exec, talk, ntalk,and tftp. You probably don't require any of these.
| 4. | ps aux | grep /usr/sbin/inetd |  awk '{ print $2; }'
Find the process ID (PID) of inetd (Code Listing 4.3).
| 5. | kill -HUP pid
Send the "hang up" signal to inetd. By convention, this signal tells servers to reload their configuration files.
|
Code listing 4.3. Disabling inetd services. bsd# ps aux | egrep /usr/sbin/inetd | awk '{  kill -HUP 437
|
