14
Jan
Need a strong, but easy to remember password? No need to remember, generate it! Up to 48 chars, works on any unix-like system:
read -s pass; echo $pass | md5sum | base64 | cut -c -16
Joe -
========================================
MD5SUM creates a 128 bit hash.
Base64 turns a binary number into ASCII
cut – simply removes sections for each line.
Output looks like:
n@H:~$ read -s pass; echo $pass | md5sum | base64 | cut -c -16
(I entered: abcdefg)
MDIwODYxYzhjM2Zl
27
Nov
Noob thing.
Might be interesting to find out if your password is on the list.
How do you change your password?
:~$ passwd
You will get output that looks like:
Changing password for (youruserid)
(current) UNIX password:
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
:~$
Wayno
24
Feb
Tiger is a package consisting of Bourne Shell scripts, C code and data files which is used for checking for security problems on a UNIX system. It scans system configuration files, file systems, and user configuration files for possible security problems and reports them. The command tig‐exp(8) can be used to obtain explanations of the problems reported by tiger.
You can configure tiger by adjusting the Tiger_ variables in the /etc/tiger/tigerrc configuration file. For each available module (see MODULES below) there is a corresponding variable in the configuration file that determines whether the module is run. All of the variables names start with Tiger_check_ and should be set equal to Y to run, or N to skip. Other configuration variables will modify the behaviour of some modules, and should be adjusted based on the operating system.
The /etc/tiger/tiger.ignore configuration file defines a set of messages that will not be presented in the report even if any of the modules gener‐ate them. If the file exists, all the entries (line by line) are used as extended regular expressions that are compared against each message (notice that it will introduce some overhead which grows with the size of the file). For more information on this mechanism read the README.ignore document.
jeremy@dynamicdesignz:~$ sudo apt-get install tiger
jeremy@dynamicdesignz:~$ sudo tiger
[sudo] password for jeremy:
Tiger UN*X security checking system
Developed by Texas A&M University, 1994
Updated by the Advanced Research Corporation, 1999-2002
Further updated by Javier Fernandez-Sanguino, 2001-2007
Covered by the GNU General Public License (GPL)
Configuring…
Will try to check using config for ‘i686′ running Linux 2.6.35-25-generic…
–CONFIG– [con005c] Using configuration files for Linux 2.6.35-25-generic. Using
configuration files for generic Linux 2.
Tiger security scripts *** 3.2.2, 2007.08.28.00.00 ***
23:18> Beginning security report for dynamicdesignz.
23:18> Starting file systems scans in background…
23:18> Checking password files…
23:18> Checking group files…
23:18> Checking user accounts…
23:18> Checking .rhosts files…
23:18> Checking .netrc files…
23:18> Checking ttytab, securetty, and login configuration files…
23:18> Checking PATH settings…
23:18> Checking anonymous ftp setup…
23:18> Checking mail aliases…
23:18> Checking cron entries…
23:18> Checking ‘inetd’ configuration…
23:18> Checking ‘tcpd’ configuration…
23:18> Checking ‘services’ configuration…
23:18> Checking NFS export entries…
23:18> Checking permissions and ownership of system files…
–CONFIG– [con010c] Filesystem ‘devtmpfs’ used by ‘none’ is not recognised as a valid filesystem
23:18> Checking for indications of break-in…
–CONFIG– [con010c] Filesystem ‘devtmpfs’ used by ‘none’ is not recognised as a valid filesystem
23:18> Performing rootkit checks…
23:19> Performing system specific checks…
/bin/grep: /etc/inittab: No such file or directory