Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
03-29-2004, 11:11 PM
|
#1
|
Member
Registered: Mar 2004
Location: Jakarta
Posts: 164
Rep:
|
forgot my password ? i can change the password
Excuse me, gurus , addicts, members and other newbies
I'm a
I saw a thread in this forum saying
" I forgot my root password, what should I do? "
and then come replies like these:
1." go to single mode, change the root password"
2."run live cd , boot it, mount your hdd, chroot, and change the pasword"
my question is, is it that easy to get the root access??
any suggestion to secure that?
|
|
|
03-29-2004, 11:31 PM
|
#2
|
Member
Registered: May 2003
Location: S.W. Ohio
Distribution: Ubuntu, OS X
Posts: 760
Rep:
|
If you have physical access to the computer, then yes it is that easy, whether it is linux, windows or any number of operating systems. You could password protect the bios, bootloader, set permission on the mount command, remove the cdrom, diskette drive. Lock your case, or deny access to the computer to begin with. There are other precautions you could take, do a search on this site or google for more info.
|
|
|
03-31-2004, 11:28 PM
|
#3
|
LQ Newbie
Registered: Mar 2004
Posts: 9
Rep:
|
As long as someone has access to the box they WILL get passwords. A good processor, decent amount or RAM and the right apps = PASSWORDS....
LM hashes = OH MY GOD DISABLED THOSE THINGS.....
I was at my friends house the other day and had his admin pw cracked in literally 10 minutes. The poor guy about crapped his pants. He told me he thought it took months to years to brute force 8 character pw's. I started laughing, this one took ten minutes. LM's are disabled now....
It's a good idea to test your passwords... Until I started cracking them I had no idea how easy they were to crack, whether MD5 or w/e....
My friend's password was an easy one..... letmeinplease, lol......... Most people might call that a good long password, heh...
Whether you lock BIOS or not if I can boot your computer up to the login screen I can crack your password on it. Boot from CD right into a linux platform without installin anything and copy your password files to take home and crack. Then depending on your security probably dial ya up remotely and be in. If not that, next time ya stop by the place you could drop a trojan or enable the right service cause you would have root pw. I can hear the sirens now, hehe....
Use passwords like these.
hello3849gblak39da8kj2nbye, I'm not kidding either, lol......... Just write it down on a piece of paper and memorize it. Put the piece of paper away somewhere safe.
edit: and yes you could change the password, everything of course "is much much easier to do against a win box though".
Last edited by tunnelit; 03-31-2004 at 11:33 PM.
|
|
|
04-01-2004, 12:26 AM
|
#4
|
Member
Registered: Dec 2003
Location: Petaling Jaya
Distribution: Ubuntu
Posts: 475
Rep:
|
[QUOTE]Originally posted by tunnelit
Use passwords like these.
hello3849gblak39da8kj2nbye, I'm not kidding either, lol......... Just write it down on a piece of paper and memorize it. Put the piece of paper away somewhere safe.
[/QOUTE]
That password is a good idea if you running server but if you just use linux for desktop applications, it is not fun if everytime you want to install applications that need root password, you have to type many characters.
I think the security must not be extreme one. Not too easy. Not too hard. You must have a security policy. If you run a server, then yes, you have to make a wonderful password.
That is just my opinion.
|
|
|
04-01-2004, 12:30 AM
|
#5
|
LQ Newbie
Registered: Sep 2003
Distribution: Debian Unstable
Posts: 3
Rep:
|
every time you increase security you decrease convenience
|
|
|
04-01-2004, 02:38 AM
|
#6
|
Member
Registered: Nov 2002
Location: England
Distribution: Ubuntu 9.04
Posts: 631
Rep:
|
An 8 character password does take a long time to crack with brute force (days/weeks unless the cracker gets lucky). You don't have to have a very long password; just one which isn't caught by dictionary attacks.
Ross Anderson has done some good research on this issue - read the paper here.
Nothing wrong with long passwords, but be aware that there are many more ways to find a password than just cracking it.
On the original question, the only really effective way of preventing someone with physical access and time from breaking in is to encrypt the hard drive. That's pretty much true for any OS. There are how-tos around; but you might prefer just to encrypt your data which is simpler.
Other things which raise the bar against attackers with physical access include BIOS passwords, LILO passwords, cutting the time LILO sits on the menu before booting to a minimum and making sure that the hard drive is first in the BIOS boot list.
|
|
|
04-01-2004, 10:44 PM
|
#7
|
Member
Registered: May 2003
Location: S.W. Ohio
Distribution: Ubuntu, OS X
Posts: 760
Rep:
|
quote:
As long as someone has access to the box they WILL get passwords. A good processor, decent amount or RAM and the right apps = PASSWORDS....
Yes good passwords are important, but if someone has access to your box, then all you have to do is boot your favorite cd, mount the hardrive and you are in.
quote:
On the original question, the only really effective way of preventing someone with physical access and time from breaking in is to encrypt the hard drive. That's pretty much true for any OS. There are how-tos around; but you might prefer just to encrypt your data which is simpler.
Pretty much sums it all up.
|
|
|
04-05-2004, 08:30 PM
|
#8
|
Member
Registered: Mar 2004
Location: Jakarta
Posts: 164
Original Poster
Rep:
|
Hmmmmm..............
BIOS password seems uncrackable (without special hardware)
It's the most important right (for the box) ???
|
|
|
04-05-2004, 09:16 PM
|
#9
|
Member
Registered: May 2003
Location: Beverly Hills
Distribution: Slackware, Gentoo
Posts: 350
Rep:
|
Quote:
Originally posted by JrLz
Hmmmmm..............
BIOS password seems uncrackable (without special hardware)
It's the most important right (for the box) ???
|
take the battery out for 10 minutes or so and the BIOS password is gone.
|
|
|
04-06-2004, 07:36 PM
|
#10
|
Member
Registered: Mar 2004
Location: Jakarta
Posts: 164
Original Poster
Rep:
|
Yes, of course, I mean --> uncrackable without special hardware tweaking,
(without opening the box)
Can someone get rid off the BIOS password ?
tunnellit , can you???
|
|
|
All times are GMT -5. The time now is 12:30 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|