LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 10-08-2002, 05:24 AM   #1
kushal
LQ Newbie
 
Registered: Oct 2002
Posts: 1

Rep: Reputation: 0
password protection


how do i prevent users on
my network from running

ypcat passwd

i need help desperately.
 
Old 10-08-2002, 07:18 AM   #2
born4linux
Senior Member
 
Registered: Sep 2002
Location: Philippines
Distribution: Slackware, RHEL&variants, AIX, SuSE
Posts: 1,127

Rep: Reputation: 49
try this:

chmod 500 /usr/bin/ypcat

this just makes it accessible only by root.
 
Old 10-08-2002, 08:30 AM   #3
neo77777
LQ Addict
 
Registered: Dec 2001
Location: Brooklyn, NY
Distribution: *NIX
Posts: 3,704

Rep: Reputation: 55
Also make it immune for modifications, deletion, renaming, linking to by changing attributes,
chattr +i /usr/bin/ypcat
 
Old 10-09-2002, 05:16 AM   #4
incarnation
LQ Newbie
 
Registered: Oct 2002
Posts: 1

Rep: Reputation: 0
even if one does

chmod 700 ...ypcat

the hacker can get a copy of ypcat , from somewhere , on his floppy and run it on my system . what does one do in that case.
 
Old 10-10-2002, 09:33 PM   #5
RijilV
Member
 
Registered: Sep 2002
Location: somewhere
Distribution: gentoo
Posts: 123

Rep: Reputation: 15
yp sucks. making ypcat exec only by root doesn't solve that problem, not one could a malicious user compile his own ypcat, chances are you are using something like Redhat so all the dolt has to do is grab a RPM...yawn..

there are some things you can do with NIS to make it more secure, however most of the failsafe methods break the purpose and functionality of NIS. For example you can still define local users in the /etc/passwd of all the hosts, however that makes using NIS pointless.

I suggest converting to OpenLDAP. There is redhat documentation regarding this, over at:

http://www.redhat.com/docs/manuals/l...edhattips.html
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Password Protection In CGI amit_28oct Programming 8 06-24-2004 02:22 AM
Directory password protection scootz6 Linux - Security 2 03-25-2004 02:04 PM
apache password protection demicheru Linux - Software 2 02-25-2003 05:13 PM
Password Protection TheSockMonster Linux - Newbie 1 05-27-2002 11:10 AM
IP & Password Protection karunesh Linux - Security 4 04-10-2002 02:57 PM


All times are GMT -5. The time now is 07:42 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration