Thursday, December 30, 2010

Strengthening PAM

If OpenBSD is one os the securest Operating  Systems out there .. then I think by default Debian should implement stronger passwords.

But I guess we will just have to do it ourselves.

Basically run (This is for Debian Lenny)

apt-get install libpam-cracklib

Edit  /etc/pam.d/common-password

Comment out line 24.

I.e. password   required   pam_unix.so nullok obscure md5

Further down you will see

password requisite pam_cracklib.so retry=3 minlen=8 difok=3
password [success=1 default=ignore] pam_unix.so obscure use_authtok try_first_pass sha512


Remove the comments. And thats that.


Whats interesting is that Debian Squeeze, does this automagically.

Personally I would change minlen to 10  and difok to 6.


HTH

Brent

Friday, December 3, 2010

I learnt a new thing from my colleague today. Rewriting the from address for mail that is stuck in the Exim mail queue.

And the command is :

exim -Mes <message-id> <address>
Natually its listed in the Exim Bible Exim Cheat Sheet
 
Silly me for not refering to it.
:)