On Thu, Aug 21, 2003 at 01:36:09PM -0500, PHPTOm wrote: > I will go buy a book on Linux security I think. any suggestions? Yeah. Enable cracklib in PAM to ensure you're using good passwords. Rotate them often. Don't enable any services in /etc/inetd.conf unless you absolutely have to. Install xinetd instead of the old standard inetd. [...snip from /etc/pam.d/passwd ] # Alternate strength checking for password. Note that this requires the # libpam-cracklib package to be installed. You will need to comment out # the password line above and uncomment the next two in order to use # this. (Replaces the `OBSCURE_CHECKS_ENAB', `CRACKLIB_DICTPATH') # password required pam_cracklib.so retry=3 minlen=8 difok=3 password required pam_unix.so use_authtok nullok md5 -- Chad Walstrom <chewie at wookimus.net> http://www.wookimus.net/ assert(expired(knowledge)); /* core dump */ -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 240 bytes Desc: not available Url : http://shadowknight.real-time.com/pipermail/tclug-list/attachments/20030821/49dcaa3c/attachment.pgp