On Wed, 14 Aug 1996, Jerzy Kakol wrote: > > ...the attribute readable for others in case of the file /etc/passwd? > > Recently my debian system was cracked by several pirates. They have > account name and the password widely broadcasted on an IRC channel. The > only way, as I guess, they grabed root's privilages was free access to > /etc/passwd. > Is there a free and debianized shadow-password package? > > TIA. > > Jerzy Kakol
I know there is a shadow password system for linux and there may in fact be a .deb for that package. These are typical permissions for /etc/passwd: -rw-r--r-- 1 root sys 1309 Jun 25 15:05 /etc/passwd That's right, readable by all. The protection in the original passwd mechanism doesn't come from hiding the cipher text, that field is the result of a one-way hash and cannot be effectively decrypted. (In fact the one-way hash makes it impossible for the "rubber hose cryptanalyt" to beat the passwords out of you or another sys admin.) If your passwords are good even if an attacker gets your /etc/passwd they won't find anything by craking it (dictionary attack). You may want to have passwords checked before they are hashed into /etc/passwd using anlpasswd or the like with the biggest baddest dictionary files you can find. The anlpasswd program replaces passwd or yppasswd, though this isn't obvious to your users. If your system has been compromised, or is likely to be, you will probably want to restore it from a known good backup (or, better yet, reinstall) and run Tripwire (or a similar tool) to be sure of integrity in the future. Even if you fixed the root password you probably have no idea what else the intuders may have done to keep a back door open. _____________________________________________________________________ Don Gaffney (http://www.emba.uvm.edu/~gaffney) Engineering, Mathematics & Business Administration Computer Facility University of Vermont - 237 Votey Building - Burlington, VT 05405 (802) 656-8490 - Fax: (802) 656-8802
