Monday, October 12, 2009

Linux Securirty Notes 10: Account Policies & Password Crack

CHAGE - Account policies.

/etc/passwd and /etc/shadow files are manipulated to configure the account policies. /etc/groups stores the information about the groups

/etc/passwd Format:
#User ID: Refer password to Shadow File: User ID: Group ID: Comment: Home directory: SHELL.

    This file has to be regularly checked for any root equivalent entry (any other users having the user id '0') in case of any suspected compromise to the system.
/etc/shadow Format:
    This file contains the encrypted password and the password policies information.

 Using this chage command we can alter the password policies.

Setting up the accound policies:
    This file defines the key variables that appiles to all users while creating the new users.This includes the following settings
Default Mail directory
Max password age days
Min Passsword held days
Password warining days etc

minimum and maximum user IDs
and the option of creating the home directories etc.
    After altering the file a new user created will be inheriting the new settings. Old users will retain their previous settings.

Now create a user and check the password policy using
# chage -l user
    This will show the default account policy set.
    If need to change the password policy upon per user basis can set password policy using chage.
#chage -m 3 user
    this updates the calue of minimum days of password held to 3
#chage -M 45 -W 7 user
    THis will change the value of Maximum password days to 45 and gives a Warining before 7 days of password expiration.

extract the usernames from the password file
# for i in `awk -F : {' print $1 '} /etc/passwd; do echo $i; done
    awk runs as field separator and prints the field 1. and extracts the user names from the file /etc/passwd

John The Ripper Tool:
    This is the password integritty checker as well password cracker. Download the tool and signature from
#gpg  --import

# gpg --verify john-1.7.tar.sig john-1.7.tar.gz
# tar -zxvf john-1.7.tar.gz
# cd john-1.6
# make

    This will return the list of system that this program can compiled on. So search for the file that has the similarities to our hardware.
eg :- "linux-x86-mmx-elf"
# make  linux-x86-mmx-elf
    Now the binary will be compiled
# cd run
    In this file we will get the newly compiled binary named "john"

#./john -users:root,kiran,jithu /etc/shadow
    If you have got a weak password in shadow it will echo the result of the password crack. including the alorithm used for encryption. This process result in creation of a file called john.pot which contains the encryption string and corressponding password.
#./john -show -users:root,kiran,jithu  /etc/shadow
    This will show the password cracked history (read from the file john.pot) in clear text format
kiran:kiran123:13037:3:45:7::: (the shadow file format)

    The more difficult password the time taken by the tool and the utilization of CPU will be more. Even more length of password with out any combination of case sensitive will make more time to crack. So usage of the password having more than 7 characters of minimum length will make more time to crack the passwords

#./john  /etc/shadow
    This will crack all the users in the system.

No comments:

Post a Comment

tag ur valuable ideas below