Security

So at some point, the intense paranoia will hit, and you'll be left wondering, "How the heck do I keep people from cracking into my system?"

Linux isn't as security inconsious as say, Windows NT, but it does have it's problems. Lots of them. And fortunately, there are ways to slow down the crackers, or make it not worth their while to break into your system. Here are some resources about security and below are some steps you can take to make sure that your box is more secure than it started out.

The first step is to make sure that every account on your system has a password, and that the password isn't something stupid like 'password' or 'admin' or whatever else you think would be an easily guessable password. (If it's in the dictionary, it's a bad password.) If you're worried about crackers, disable the guest account, too. For a system as small as one here at Wellesley is likely to be, you won't need it anyway.

The easiest way to make sure that every account has a valid password is to log in as root and then to:

  1. cd /etc
  2. pico passwd
  3. Check through all the accounts and make sure that each one has either an * after the username or that it has a series of garbled numbers and letters after it.
  4. ctrl+x out of the passwd file afterwords, without changing anything.
This will not check to make sure that all your accounts have a useful password, but it's a start.

After doing that, there are several things you can do to make yourself safer. I've listed them below in an order that I think makes sense, but you can feel free to ignore what I've written here and go your own way. (After all, that's what I'm doing with this independent study.)

Password Shadowing

In RedHat Linux 5.0 and greater, this is staggeringly simple to implement, and it's a really good idea to implement it sooner rather than later. What this does is remove the encrypted passwords from the passwd file and put them someplace else. This is a good idea because the passwd file is world readable - it has to be for things like finger and other programs that talk about who's on your machine to run. But if your passwd file is world readable, a cracker can snag it with relative ease and then take her leisure breaking the passwords in the file without you ever realizing it's been done.

Password Shadowing moves the passwords to the /etc/shadow file, which is readable only by root, and isn't even writable by root.

  1. rpm -q shadow-utils
    This will check to make sure that you have the password shadowing RPM installed on Linux. If you didn't mess around with your config too much when you created your system, this should come up a yes. Otherwise, you'll have to install the RPM. (I'll figure out how to do that some other time.) If it comes up a yes, then go on to the next step...
  2. su to root. (This is where you type in su and then the root password.)
  3. /usr/sbin/pwconv
And that's it, your passwords are shadowed. Granted, if someone gets the root password, you're passwd and shadow files are open books, but if someone gets the root password, you're hosed anyway.

SSH and Slogin

SSH provides encrypted transmissions between your server and the outside world. Instructions and further motivation for installing it are available within the Applications section, under SSH.

Back to the Table of Contents.
Created: February 28, 1999
Last updated: May 12, 1999