WelcomeWelcome | FAQFAQ | DownloadsDownloads | WikiWiki

Author Topic: SECURITY - ROOT AND PASSWORD questions  (Read 2893 times)

Offline ALBERT123

  • Newbie
  • *
  • Posts: 7
SECURITY - ROOT AND PASSWORD questions
« on: January 05, 2011, 03:09:10 PM »
when I include the bootcode "secure" when I am booting,  the system prompts me to enter a new password everytime I boot or someone else boots,  it doesn't matter what you type it  basically just lets you in.

I also use the /etc/shadow in the .filetool.lst   I don't see any difference. It still lets anyone typing any password boot the next time.   this is not secure to me.

what i am looking for a password is the same like it works  for any other linux distro. i.e when I set a password for a user, the next time, someone reboots, he has to type in exactly the same password to be able to get into the system as that user.


Is that something possible ?



Offline danielibarnes

  • Hero Member
  • *****
  • Posts: 548
Re: SECURITY - ROOT AND PASSWORD questions
« Reply #1 on: January 05, 2011, 03:44:46 PM »
The secure bootcode allows you to set the passwords upon bootup. After you backup your /etc/shadow you no longer need that bootcode.

Offline moB

  • Newbie
  • *
  • Posts: 49
Re: SECURITY - ROOT AND PASSWORD questions
« Reply #2 on: January 08, 2011, 11:36:01 AM »
Greetings ALBERT123!

Perhaps you might try making an encrypted compressed backup file for your sensitive data?

Try seeing whether gnupg would do for this.

Code: [Select]
tar -czp your_sensitive_data | gpg -c -o date_backup.tar.gz.gpg

Then delete the sensitive data (wipe it clean).

Here's something like that:
http://mindspill.net/computing/linux-notes/how-to-archive-and-encrypt-a-directory-with-a-password.html

Let us know how it works.

Best luck to you!

moB


 say your last. Luck to ye, Starbuck - luck to ye,
 Mr. Stubb - luck to ye, Mr. Flask - good-bye,
 and good luck to ye all --Melville, Moby Dick


Offline Guy

  • Hero Member
  • *****
  • Posts: 1089
Re: SECURITY - ROOT AND PASSWORD questions
« Reply #3 on: January 08, 2011, 05:14:43 PM »
Does this need any extension(s) installed, or is everything that is needed in the base?
« Last Edit: January 08, 2011, 05:17:53 PM by Guy »
Many people see what is. Some people see what can be, and make a difference.

Offline tinypoodle

  • Hero Member
  • *****
  • Posts: 3857
Re: SECURITY - ROOT AND PASSWORD questions
« Reply #4 on: January 08, 2011, 06:45:42 PM »
While gpg would be in gnupg.tcz, 'tar -p' is an option particular to GNU tar which might create compatibility issues with other versions (incl. busybox in TC).
Wondering though as there is no '-f' if the '-p' perhaps was just a typo.
"Software gets slower faster than hardware gets faster." Niklaus Wirth - A Plea for Lean Software (1995)

Offline moB

  • Newbie
  • *
  • Posts: 49
Re: SECURITY - ROOT AND PASSWORD questions
« Reply #5 on: January 09, 2011, 01:22:16 AM »
While gpg would be in gnupg.tcz, 'tar -p' is an option particular to GNU tar which might create compatibility issues with other versions (incl. busybox in TC).
Wondering though as there is no '-f' if the '-p' perhaps was just a typo.

Sorry, not a typo, just me being out of touch  :-[

When I go to make a script or do any programming I write broken code, then puzzle-out errors with the particular OS I'm writing for. Small OSs like TC or Puppy are especially rewarding to work with. I enjoy getting it to work...

This is something I learned for Debian or BSD, likely, and wrongly applied the switches here.

I keep security mainly by keeping physical possesssion of my boxes. Don't share what you can't afford to give away  ;)

Good that tinypoodle pointed that out!

Thanks, I didn't mean to give bad advice, just point to a direction... "it's over there".

Always a beginner,
moB

 I quickly followed suit, and descending into the bar-room accosted the
 grinning landlord very pleasantly. I cherished no malice towards him
--Mellville, Moby Dick


Edit:

done the laundy, now had time to test tar command.

I said "tar create file name.tar from dir_name":

Code: [Select]
tar -c -f tarball_name.tar private_dir

Then deleted the pricvate test directory. I did not use wipe or any other secure file shredder, but you might consider this worthwhile for maximizing security on a portable system.

To restore the private data say "tar extract from file tarball.name" :

Code: [Select]
tar -x -f tarball_name.tar

The private test files were properly restored with correct file-structure.

Do not have gnupg installed. But I found a few interesting pages:

A script for Solaris9: http://www.unix.com/shell-programming-scripting/24487-gnupg-gpg-command.html

Instructions even I can understand ;-) http://www.cyberciti.biz/tips/linux-how-to-encrypt-and-decrypt-files-with-a-password.html

Looks like what you need.

All the best to you!

« Last Edit: January 09, 2011, 03:16:38 AM by moB »

Offline moB

  • Newbie
  • *
  • Posts: 49
Re: SECURITY - ROOT AND PASSWORD questions
« Reply #6 on: January 09, 2011, 05:28:25 AM »
Just one more thing came to mind...

You don't want to carry unsecured private data from previous sessions forward in your backup.

The first time you deploy password protection you may need to delete the old backup (mydata.tgz) and replace it. (Edit the drive to suit your configuration):

Code: [Select]
sudo rm -f  /mnt/sda5/tce/mydata.tgz && touch /mnt/sda5/tce/mydata.tgz

Then either use the backup tool or shutdown and let that take care of things for you  :)
« Last Edit: January 09, 2011, 08:21:57 AM by moB »

Offline gerald_clark

  • TinyCore Moderator
  • Hero Member
  • *****
  • Posts: 4254
Re: SECURITY - ROOT AND PASSWORD questions
« Reply #7 on: January 09, 2011, 11:24:34 AM »
I don't see the point.
Backup automatically replaces the old mydata.tgz with a new one.