Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Does the strength of my root password make a huge difference on how hard it is to break into my system? Or is it just important if people have physical access to my machine?
Are any of thes ports open big risks: 22, 631, 6000
Yes indeed. Lets say that an intruder gets access to your machine as a normal user through exploiting a service that runs as a user instead of root, or perhaps logging in to your box as a user via X11 listening on port 6000. Then the next step is either finding some sort of local exploit like a buffer overflow, or to try cracking your root password. Personally I use a phrase with non english words and a at least 16 character number as a root password. But that's just me and my paranoia. I'd recommend using the longest password that you can, 20-30 characters should do it. As for those ports - 22 is the ssh port. This should only be open if you are using sshd on your box to permit yourself to login over the net from other boxes. You should also make sure that you are running the patched version of ssh as a new vulnerability was found this week. If your sshd is setup to let you login as root then your root password will make a very big difference in how easy it is to hack your box. 631 is the internet printing protocol port, I'm not aware of any issues regarding this port, but I would check into it if I were you. Port 6000 is the X Windows port. If it is accessible from the outside people can attempt to login to your box using xdm, gdm, kdm etc. They would then have a running X session on your box. This is another place where a good root password will come in handy. If you haven't configured things properly people may be able to attempt to login as root through this port. Unless you are using any of these ports from outside of your home network they should all be firewalled off as 2 of them present potential security vulnerabilities. Also if you do not need ssh I would uninstall it immediately as there is no reason to run a potential point of entry for attackers.
when you say non-english do you mean jibberish?cuz they have dictionaries for all languages, so if your password could be cracked whether its agua44 or water44.
but to strength up use random characters, numbers and such, and try not to use words.
16 Characters minimum? I guess if you used a date or something you could remember you get 8 characters right there... One thing is you have to be able to remember the password. A post-it note on the monitor isn't exactly secure...
Probably one of the most common security practices is changing numbers for letters like 0=o i=1 etc. One thing I would do if you are concerned is make sure the password is long enough. I've messed around with password cracking utilities and if it's 8 characters I could usually get it within a few days. (btw your wife's name is not secure)
1. Do not make it personalized. Like don't use anything related to you like your birthday, dog's name or address, etc.
2. Change it often. If you make users change theirs every 30 days or so on your system, change yours too. Its only good practice and a changing password is a harder to crack/figure out password.
3. Use letters and numbers. Don't use common words in your passwords and do variations of upper/lowercase, other characters besides common language letters, etc.
is not likely to get cracked even though it doesn't contain any numbers. And it's easy for me to remember.
Annoyingly long root passwords also discourage you from logging in as root when you don't have to. ... you'll prefer to use your non-privileged account with the easier-to-type password.
It's really not that hard making up and remembering a password as long as you like. A good method for this is to open up your Linux reference book (or any other if you want ) at a random page and take out a random sentence. Then take the first letter of every word of that sentence and use the mas your password. If it is too short, take a different sentence. That will give you a password with only 'random' characters but you will be able to remember it quite easily as you can remember the sentence rather than some characters.
edited - (for some reason....) So toss one of those non-english words in a mnenomic phrase and add (redacted) you've got a pretty damn good password. At least if you change it every 30 days or so as suggested above. Of course my motto has always been "Sure I'm paranoid, but am I paranoid enough?"
Last edited by Read_Icculus; 06-13-2006 at 02:05 PM.
There is another trick to make your pswd longer. Just take the old, short password (i.e. hotdog), then take a random letter (i.e. 'k'). Then type the random letter which we took after the every letter in th password. In our example the end password will be: hkoktkdkokgk. So we made it twice longer than before with minimal difficulty. I don't know how much time it would take to decrypt it, using John for example, but it will be more than before. Maybe enough to do your shedulded password change in safety
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.