On 6 Jul 2000, Oleg Goldshmidt wrote:
> > But if I am not a sys admin?
>
> I am not (apart from my home computer).
next thing you know, you dial out and people crack in through your ppp
connection (it happens a LOT, mind you! people run scanners on dial-up
IP ranges for BackOriffice, webmin, linuxconf and other stupidities,
telnet included, old FTPD ad BIND versions too.
I have published once my script for home-protection of linux dialups
with IPchains.
> > Do you run Quake on you server, latest
no, I wish there was Carmagedon for Linux though. what's your point?
> > 2.4.0-test3-pre2-ac2-riel7-aa2 kernel?
2.4.0-test2-ac2-reiser3.6.10 compiled just last night for my new
dual-PII if you must ask. again, what's the connection?
> > Should I have a 12 character password with capitals+symbols+digits on my
> > home machine?
>
> Yes, but 8 characters would suffice, too, provided they are mixed-case
> with special characters, and cannot be easily guessed.
on a home machine 6 are OK too, if obfuscated enough. and change it once
a year.
> > The answer is simple. Unix model of security is almost useless in a
> > single user machine.
>
> I disagree strongly. At the very least have a user account and a root
> one, keep them very separate, and always think thrice before you type
> su. Especially if the machine is connected to the internet. Look
> through this list's archives for some war stories told when someone
> asked why crackers would try to break into one's home box.
and never EVER run X as root.
--
Ira Abramov, GNU/Linux advocate.
(@-
//\ "Akamai, Google, MicroSoft, Sun, Oracle, Intel, NASA, Sony,
v_/_ Python, JPG, PNG - CS masturbation is changing the world."
-- C.S. answering to Linus, 3/7/2000
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
