Linux User Management Security: password cracking prevention and account File Protection (1)

BKJIA exclusive Article: Linux, as a multi-task, multi-user operating system, may be used by multiple users within the same period of time, and user management is directly related to the security of the entire system, users need to emphasize and protect password management and account file management.

Linux User management includes password management and user group management. The following two aspects are described respectively.

This article is affiliated with the topic: Linux system comprehensive management

1. Password Management

The password is the key for a user to log on to the Linux system. If there is no key, it will always take some effort to log on to the target operating system. No matter what remote attacks the intruders use, the entire system cannot be fully controlled if the user password of the administrator or super administrator cannot be obtained. To access the system, the simplest and necessary method is to steal the user's password. Therefore, for the system administrator account, the most important thing to protect is the password. If the password is stolen, it means the arrival of a disaster.

Most intruders obtain administrator privileges through various systems and vulnerability settings, and then launch malicious attacks on the system. Weak account password settings make it easy for intruders to crack and access computers and networks, while strong passwords are hard to crack, and even password cracking software is hard to do in a short time. Password cracking software generally uses three methods for cracking: dictionary guesses, combined guesses, and brute force guesses. Without a doubt, cracking a strong password is far more difficult than cracking a weak password. Therefore, the system administrator account must use a strong password.

According to statistics, about 80% of security risks are caused by improper password settings. Therefore, password settings are very skillful. When setting a password, observe the password security setting principle. This principle applies to any password usage scenarios, including Windows and UNIX/Linux operating systems.

John the Ripper is a tool software used to crack the plaintext password when the ciphertext is known. The latest version is JOHN1.7, which mainly supports cracking the ciphertext of DES and MD5 encryption methods. It can work on multiple and different models and different operating systems. The operating systems that have been tested to run normally include: linux x86, freeBSD, x86, Solaris, iSCSI, OSF/1 Alpha, DOS, WinNT/WinXP series, etc.

John the Ripper Official Website: http://www.openwall.com/john/

John the Ripper 1.7 is a good password cracking tool. It is automatically stored on a regular basis during decryption. You can force the decryption process to be interrupted by using the ctrl + c key combination ), you can continue the john-restore command from the interrupted location next time ). When you press the keyboard, you can see the entire decryption process. All cracked passwords will be stored in JOHN. in the POT file, all users with the same ciphertext in the SHADOW will be classified as one type, so JOHN will not perform unnecessary repetitive work. In program design, key password generation conditions are placed in JOHN. in the INI file, you can modify the settings by yourself. This not only supports changing the word type, but also supports Writing C Programs to limit the password value.

Before using the software, we can download the latest john-1.7.3.4 for Linux version from the Internet, which contains three directories: DOC, SRC, and RUN, run the following command on the machine:

#make#make clean linux-x86-any

After installation, you can switch to the RUN directory for testing, as shown below:

#cd ../run#./john –test

John the ripper provides the following commands for users to choose from:

In addition to the password cracking program, this software package also contains several other utility tools that are helpful for implementing password cracking. These tools are all placed in the run directory, the following is a brief introduction.

1) unshadow PASSWORD-file shadow-FILE

The unshadow command combines the passwd and shadow files. The result is used by John to crack the program. Usually, you should use the redirection method to save the results of this program in the file, and then pass the file to John's cracking program.

2) unafs DATABASE-file cell-NAME

Unafs extracts hash values from the binary AFS database and generates available output for John. Generally, this output should be redirected to the file.

3) unique OUTPUT-FILE

Delete the duplicate words in the dictionary table, but do not change the order of the entries in the dictionary table.

After the installation, we can use the following methods to test the password of our account:

In general, many users have simple password naming methods, such as foo, hello, world, or many of them use the same password as the user name, in general, we can use a simple Decryption Method To preliminarily test the passwords in the system. If we find that the passwords can be successfully cracked, we need to strengthen the strength of these passwords, as follows:

#./john –single “/etc/shadow”Loaded 2 password hashes with 3 different salts (FreeBSD MD5 [32/32])liyang             (liyang)guesses: 1  time: 0:00:00:00 100%  c/s: 6975  trying: 999991900

In the preceding command, we found that the system has a liyang user whose username and password are both liyang. Therefore, we can find and use liyang in the simplest way, if it is a hacker, it will lead to unimaginable consequences. Therefore, our users should immediately strengthen their passwords based on this situation.

Secondly, users can use dictionary files to test and test the malicious password strength of system users. People usually use hello, superman, cooler, asdfgh, 123456, and so on as their own passwords. The-rules parameter adds some changes on this basis. For example, if the dictionary contains the word "cool", JOHN will try to decrypt it using the word changes such as cooler, CoOl, and Cool. Generally, the decryption time ranges from hours to days depending on the number of users in the SHADOW, the dictionary size of users, and the speed of users' machines. The following is an example of decryption using this method. Suppose we have generated a password. the lst file contains frequently used passwords based on dictionary words. Therefore, we use this method to test and crack the user password in the system. Because the dictionary retains the word young, therefore, the google password is also tested. The Network Administrator also needs to reinforce the password, such as adding appropriate suffixes, letters, and numbers:

# ./john --wordlist=password.lst "/etc/shadow"
Loaded 2 password hashes with 2 different salts (FreeBSD MD5 [32/32])
young            (google)
guesses: 1  time: 0:00:00:01 100%  c/s: 3571  trying: zhongguo