Saturday, April 30, 2011

How to secure your Linux Box : Part 1

1) Password: The first step in making a Linux box secure is for you to realise that good passwords are back bone of Linux security. An easily guessed word or date or a dictionary word for that matter are as bad a password as none at all. The amazing thing is that even weak passwords can be turned into strong ones pretty easily. If you love your name and you always remember a particular date (may be your gf's b'day? ) then combining both of them in a random order might be a very good idea. For example: 14ab07ha19y83 is a way better password then just 'abhay' or '14071983'. Even better would be if you could add a few special characters to it like this 14ab#$07ha&^19y83. Yes the password is extremely difficult to remember thus you must practice it before you apply it to something as important as your root account.
If you are not smart enough or you are too lazy to make good passwords for your self then give a visit to
AllSeek.NFO or
TechZoom
The former is a better link as it also gives you a way to say your password so that you can remember it easily.
NOTE: I strictly recommend you making your own passwords instead of using such tools.

2) Securing LILO: Before everyone pounces on me by saying that "Oh!!! Start using GRUB", I would like to say that I am a bit old fashioned. Yes, I like LILO and love to stay with it but not with a HUGE flaw in its security. Before I go on explaining you as to how you can remove this major loophole, I would like to explain what it is.
If you are using LILO then rather than just pressing "Enter" key on the LILO prompt, write this on lilo prompt.
Code:
 linux single
or
Code:
 linux 1
You can see that I am just adding single or 1 after the word linux (this is the label with which you identify your Linux snippet in lilo.conf) and telling LILO to boot into single user mode. This single user mode will log you or any other smart-a$$ friend of yours in to a root shell where you can do everything you desire.
Some distros have grown out of this vulnerability and now add sulogin to their start up scripts. This will ask you for a root password once the system boots before taking you to the root shell but then there is a work around to this security as well by doing the following at the lilo prompt.
Code:
 linux init=/bin/bash
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)