Cooking with Linux - Security's Front Door
What is this I see on our specials chalkboard, François? Mxyztplk? That is the root password for our main server! Mon Dieu! What do I see here? Those are all our administrative passwords! Why would you post secret information where everyone can see it? Quoi? So you would not forget? But François, neither will anyone else. I see you have posted your own login passwords as well. Please, erase those immediately and wash the chalkboard when you are done. Merci. Now, just to be safe, we will need to generate a whole new set of passwords for all our systems. What were you thinking, mon ami? Of course, I see. We'll discuss this later. Our guests are arriving now. Prepare yourself, François.
Welcome, everyone! How wonderful to see you here at Chez Marcel, home of superb Linux and open-source software and, of course, wine served from one of the world's finest wine cellars. Speaking of wine...François, please head down to the wine cellar, over in the East wing, and bring back the 2005 Sonoma County Kokomo Zinfandel. Vite!
Ah, mes amis, you missed a rare opportunity to see all of Chez Marcel's security, exposed on our Specials du Jour board. Nevertheless, it does provide an excellent backdrop to our menu this evening, as all the items relate to password security. Passwords, mes amis, are still your first line of defense when it comes to computers. Biometric systems, like fingerprint readers, can make secure access more daunting and difficult to breach, but most systems, including countless Web sites, require a user name and password for access, and that's not changing anytime soon. In the end, it usually comes back to passwords, and passwords mean people need to remember them. And, that's where the problem starts.
I've been in offices where people will tell you (if you insist) that everyone pretty much knows everybody else's passwords—just in case. I've seen yellow sticky notes stuck to computer screens with passwords written down so the users don't forget. Even when that information is out of sight, people use simple passwords, like the word “password”, because they're easy to remember.
One way to get secure passwords that aren't your pet's name or your spouse's birthday is to pick a phrase that means something to you, and then play with it. For example, take the phrase “Believe in magic!” Now, take only the consonants of the first and last word, and you have blvmgc. Add an I at the beginning, but make that I a numeric 1 instead. Add an asterisk for the final character, and you have 1blvmgc*—a great password if ever there was one.
Another, more secure way (particularly if you need many passwords), is to enlist the help of a random password generator. One such program is Pierre “khorben” Prochery's makepasswd program (inspired by Rob Levin's Perl script of the same name). Pierre's makepasswd program uses your computer's random number generator to create passwords of varying constraints. It also can generate encrypted passwords. You can get a single, random password by typing makepasswd at a shell prompt. The program also accepts different parameters on the command line, as shown here:
$ makepasswd --chars 8 --count=4 0dAU8BXM suQt4CF2 5x0yGJ1S 6KTInj58
So, what happened? The --chars 8 parameter tells the program to use exactly eight characters in the resulting password. You also can specify --minchars and --maxchars to get different password lengths. The --count=4 parameter tells the program to generate four passwords. The default is to provide only one password. Type makepasswd --help for a full list of parameters.
Shell users know this well, but those who take the time to learn the ins and outs of their Linux systems learn this too; many graphical programs are front ends to one or more text- or shell-based commands. The same is true for the next item on our menu, KriptPass, which wraps the makepasswd program in a nice, graphical interface. KriptPass is a Kommander script available from Kriptopolis.org. Kommander is a combination program editor and executor that can be used to create any number of graphical applications using the KDE framework. I mention Kommander, because you need it to use KriptPass. So, installing Kommander is the first step. Because it's a KDE application, check your system to see whether you already have Kommander installed. If you don't, check your distribution's repositories and install it. Because KriptPass is based on makepasswd, you need that as well.
Assuming you have Kommander installed, installing and running KriptPass is as simple as downloading it from www.kde-apps.org/content/show.php/KriptPass?content=58800. Extract the script wherever you like, open up Konqueror and simply click on the kriptpass.kmdr file. That's all there's to it (if you like, you can add a shortcut icon on your desktop for future use). The KriptPass window appears (Figure 1), and you'll see three tabs labeled Passwords, Wireless Keys and About.
Practical Task Scheduling Deployment
One of the best things about the UNIX environment (aside from being stable and efficient) is the vast array of software tools available to help you do your job. Traditionally, a UNIX tool does only one thing, but does that one thing very well. For example, grep is very easy to use and can search vast amounts of data quickly. The find tool can find a particular file or files based on all kinds of criteria. It's pretty easy to string these tools together to build even more powerful tools, such as a tool that finds all of the .log files in the /home directory and searches each one for a particular entry. This erector-set mentality allows UNIX system administrators to seem to always have the right tool for the job.
Cron traditionally has been considered another such a tool for job scheduling, but is it enough? This webinar considers that very question. The first part builds on a previous Geek Guide, Beyond Cron, and briefly describes how to know when it might be time to consider upgrading your job scheduling infrastructure. The second part presents an actual planning and implementation framework.
Join Linux Journal's Mike Diehl and Pat Cameron of Help Systems.
Free to Linux Journal readers.View Now!
|The Firebird Project's Firebird Relational Database||Jul 29, 2016|
|Stunnel Security for Oracle||Jul 28, 2016|
|SUSE LLC's SUSE Manager||Jul 21, 2016|
|My +1 Sword of Productivity||Jul 20, 2016|
|Non-Linux FOSS: Caffeine!||Jul 19, 2016|
|Murat Yener and Onur Dundar's Expert Android Studio (Wrox)||Jul 18, 2016|
- Stunnel Security for Oracle
- The Firebird Project's Firebird Relational Database
- My +1 Sword of Productivity
- Managing Linux Using Puppet
- SUSE LLC's SUSE Manager
- Murat Yener and Onur Dundar's Expert Android Studio (Wrox)
- Non-Linux FOSS: Caffeine!
- Doing for User Space What We Did for Kernel Space
- Google's SwiftShader Released
- Parsing an RSS News Feed with a Bash Script
With all the industry talk about the benefits of Linux on Power and all the performance advantages offered by its open architecture, you may be considering a move in that direction. If you are thinking about analytics, big data and cloud computing, you would be right to evaluate Power. The idea of using commodity x86 hardware and replacing it every three years is an outdated cost model. It doesn’t consider the total cost of ownership, and it doesn’t consider the advantage of real processing power, high-availability and multithreading like a demon.
This ebook takes a look at some of the practical applications of the Linux on Power platform and ways you might bring all the performance power of this open architecture to bear for your organization. There are no smoke and mirrors here—just hard, cold, empirical evidence provided by independent sources. I also consider some innovative ways Linux on Power will be used in the future.Get the Guide