About Security
Securing a Password
Your password should be easy for you to remember but impossible for someone else to guess.- Pick a short word, phrase, or sequence of letters and/or numbers at least eight characters long.
- Don't pick family names, birth dates, or terms that others might trace back to you. On the other hand, passwords are useless if you can't remember them, so keep it simple. You don't want to end up locked out of your system, and if you have to write your password down, then anyone can break into your computer.
- Switch at least one of the letters to uppercase or to a similar number. For example, you could use 0 (zero) instead of o, or 3 instead of E.
- Substitute at least one symbol for a character.
Now you should have a password that's a minimum of eight characters long, with letters, numbers, case changes, and symbols in it. |
Seems like you hear about a new hacking exploit or security flaw almost every week. Making your system secure isn't a single task you can perform once, it's an ongoing series of small tasks.Luckily, there are several things anyone can do to make sure their system is reasonably secure. Keeping your passwords secure, disabling any unnecessary and potentially dangerous services, paying attention to security advisories, and keeping your system up-to-date (which we cover in the appendixes) are good ways to keep your system secure.To change your password:
| 1. | passwdThe passwd command will lead you through the process of changing your password.If you're using Windows or Mac OS X, use the standard operating-system control panels for changing your password. | | 2. | Unless you're logged in as root, you'll be prompted to enter your old password. Type it and press Enter. Your existing password won't show up onscreen, so type carefully.If you're changing root's password, skip this step and go straight to step 3. | | 3. | Enter your new password, then press Enter.Your new password doesn't show up onscreen, so type carefully. | | 4. | To ensure that you typed it correctly, you will be asked to retype your password; do so and then press Enter again. |
 Tip- Change your password using the passwd command (Code Listing 4.1) periodically. Some corporate IT groups suggest doing so every three months, but every six months to a year is probably often enough, and you'll be less likely to forget your current password.
To disable dangerous services (xinetd
If you're using Fedora Core or Mac OS X, the xinetd service controls all of the standard Internet services, such as telnet and ftp.
| 1. | cd /etc/xinetd.dIf your system uses xinetd (Fedora Core or Mac OS X) to control Internet services, the configuration information is stored in the xinetd.d subdirectory of /etc. | | 2. | Edit the various files, each named after the service it configures, in the xinetd.d directory using your favorite text editor.Lines beginning with the # character are comments. Each file lists the service name and several keyword/value pairs, one per line.Disabled services will have a disabled = yes line in the configuration file. | | 3. | Make sure that any unnecessary services are disabled by adding a disabled = yes line to their configuration files, if one isn't already there.Services you'll want to disable (if they aren't already) include telnet, ftp, shell, login, exec, talk, ntalk, and tftp. You probably don't require any of these. | | 4. | ps aux | grep xinetd |  awk '{ print $2; }'Find the process ID (PID) of xinetd (Code Listing 4.2).You'll see two entries here; the second is for the grep command you just entered. | | 5. | kill -HUP pidSend the "hang up" signal to xinetd. By convention, this signal tells servers to reload their configuration files. |
Code listing 4.1. Changing your password with the passwd command.
$ passwd
Changing local password for chrish
Old Password:
New Password:
Retype New Password:
Code listing 4.2. Disabling xinetd services.
[root@dhcppc2 xinetd.d]# ps aux | grep xinetd | awk '{ print $2; }'
1880
2573
[root@dhcppc2 xinetd.d]# kill -HUP 1880
To disable dangerous services (inetd):
| 1. | cd /etcIf your system uses inetd (FreeBSD or Cygwin with the inetd package installed) to control Internet services, the configuration information is stored in the usual directory. | | 2. | Edit the inetd.conf file using your favorite text editor.Lines beginning with the # character are comments. Each line lists the service name, information about the service's connections, the program that supports the service, and any program arguments. | | 3. | Make sure that any unnecessary services are commented out by adding a # character at the start of the line.Services you'll want to disable (if they aren't already) include telnet, ftp, shell, login, exec, talk, ntalk,and tftp. You probably don't require any of these. | | 4. | ps aux | grep /usr/sbin/inetd |  awk '{ print $2; }'Find the process ID (PID) of inetd (Code Listing 4.3). | | 5. | kill -HUP pidSend the "hang up" signal to inetd. By convention, this signal tells servers to reload their configuration files. |
Code listing 4.3. Disabling inetd services.
bsd# ps aux | egrep /usr/sbin/inetd | awk '{ print $2; }'
437
bsd# kill -HUP 437
|
لطفا منتظر باشید ...
