Follow Techotopia on Twitter

On-line Guides
All Guides
eBook Store
iOS / Android
Linux for Beginners
Office Productivity
Linux Installation
Linux Security
Linux Utilities
Linux Virtualization
Linux Kernel
System/Network Admin
Programming
Scripting Languages
Development Tools
Web Development
GUI Toolkits/Desktop
Databases
Mail Systems
openSolaris
Eclipse Documentation
Techotopia.com
Virtuatopia.com
Answertopia.com

How To Guides
Virtualization
General System Admin
Linux Security
Linux Filesystems
Web Servers
Graphics & Desktop
PC Hardware
Windows
Problem Solutions
Privacy Policy

  




 

 

Securing and Optimizing Linux: RedHat Edition -A Hands on Guide
PrevChapter 5. General System SecurityNext

5.3. Choose a right Password

The starting point of our Linux General Security tour is the password. Many people keep their valuable information and files on a computer, and the only thing preventing others from seeing it is the eight-character string called a password. An unbreakable password, contrary to popular belief, does not exist. Given time and resources all passwords can be guessed either by social engineering or by brute force.

Social engineering of server passwords and other access methods are still the easiest and most popular way to gain access to accounts and servers. Often, something as simple as acting as a superior or executive in a company and yelling at the right person at the right time of the day yields terrific results.

Running a password cracker on a weekly basis on your system is a good idea. This helps to find and replace passwords that are easily guessed or weak. Also, a password checking mechanism should be present to reject a weak password when first choosing a password or changing an old one. Character strings that are plain dictionary words, or are all in the same case, or do not contain numbers or special characters should not be accepted as a new password. We recommend the following rules to make passwords effective:

  • They should be at least six characters in length, preferably eight characters including at least one numeral or special character.

  • They must not be trivial; a trivial password is one that is easy to guess and is usually based on the user's name, family, occupation or some other personal characteristic.

  • They should have an aging period, requiring a new password to be chosen within a specific time frame.

  • They should be revoked and reset after a limited number of concurrent incorrect retries.

The minimum acceptable password length by default when you install your Linux system is 5. This mean that when a new user is allowed to have a access on the server, his/her password length will be at minimum 5 mixes of character strings, letter, number, special character etc. This is not enough and must be 8.

To prevent non-security-minded people or administrators from being able to enter just 5 characters for the valuable password, edit the rather important /etc/login.defs file and change the value of 5 to 8. Edit the login.defs file vi /etc/login.defs and change the line that read: 

            PASS_MIN_LEN    5
To read: 

            PASS_MIN_LEN    8
The login.defs is the configuration file for the login program. You should review or make changes to this file for your particular system. This is where you set other security policy settings like password expiration defaults or minimum acceptable password length.

PrevHomeNext
Security as a PolicyUpThe root account
  
 
  Published under the terms of the Open Publication License Design by Interspire