How To Improve Unix Password Security

How To Improve Unix Password Security

Password security is the first and most powerful line of defence. Password security on Unix systems can be improved by doing the following:

- Review your password policy to confirm that some type of password aging is in place. Password aging should be in accordance with the CIO's policy guidelines.

- Periodically review the accounts on your system. Determine which accounts are no longer active and remove them.

- Implement shadow password and group files to restrict access to the encrypted password information. If an intruder can get a copy of your /etc/passwd file which contains encrypted passwords, then (s)he can use a password cracking program on a remote (possibly more powerful) host to test guessed passwords against each password entry. Shadow password and group files protect the encrypted passwords.

- Test the passwd program to see what kind of password construction rules are enforced. If strict password construction rules are not enforced then install npasswd or passwd+.

- Run a password cracking program such as crack to check for poor passwords.

Is there a way to password protect a directory in UNIX? Something like:
~$ cd dir
~$ Password:
~/dir$

The Unix way of doing it is through the existing permissions, make that directory, and its contents owned by a specific owner and/or group and require everyone to su to that owner to access the contents by removing read and write privileges from everyone but that user and/or group, su will prompt for the password.

How do I password protect a .tgz file with tar in Unix?

Neither the tar format nor the gz format has built-in support for password-protecting files.

The Windows zip format combines several different piece of functionality: compression (e.g. gzip), archiving multiple files into one (e.g. tar), encryption (e.g. gnupg), and probably others. Unix tends to have individual tools, each of which does one thing well, and lets you combine them.

The Unix equivalent of a password-protected .zip file would probably be called something like foo.tar.gz.gpg or foo.tgz.gpg.

And there are open-source zip and unzip tools for Unix, though they may not provide all the capabilities of the Windows versions (I'm fairly sure the newer .zipx format isn't supported).

You can use ccrypt.

Things can be encrypted by a pipe:

tar cvvjf - /path/to/files | ccrypt > backup.tar.bz2.cpt

Or in place:

ccrypt backup.tar.bz2

For automating, you can save a passkey into a file and use this passkey to encrypt:

ccrypt -k ~/.passkey backup.tar.bz2

You can use command:

zip -P password file.zip file

Or better:

zip -e file.zip file

man zip

Unix Tips

See Also

Have a Unix Problem
Unix Forum - Do you have a UNIX Question?

Unix Books :-
UNIX Programming, Certification, System Administration, Performance Tuning Reference Books

Return to : - Unix System Administration Hints and Tips

(c) www.gotothings.com All material on this site is Copyright.
Every effort is made to ensure the content integrity. Information used on this site is at your own risk.
All product names are trademarks of their respective companies.
The site www.gotothings.com is in no way affiliated with or endorsed by any company listed at this site.
Any unauthorised copying or mirroring is prohibited.