Modify Seccheck behaivor
Hi guys... I install seccheck on my suse email server.. and it seems that one of it's security test it check for weakness passwords, and send to the users an email with something like: Your password for account "account_name" is insecure.
Please change it as soon as possible.
Yours, Password Checking Robot
How could I stop that process to send an email to each user ? Thanks !! bye --ed
On Mon, Nov 18, 2002 at 09:48:45AM -0600, Linux User wrote:
Hi guys... I install seccheck on my suse email server.. and it seems that one of it's security test it check for weakness passwords, and send to the users an email with something like:
How could I stop that process to send an email to each user ?
afair, rpm -e john ... if it is not there, it cannot check your passwords :) probably mv /usr/sbin/john{,.the.ripper} will do, too ... rpm -i john: "John the Ripper" detects weak passwords like first names, common expressions etc. on your system. uhm, do you really want to have those passwords on your machine? hth, Lars
Yes, Further to Lars - I would DEFINITELY either remove users with weak passwords, i.e. default system users like informix, (assuming you're not using informix, obviously), or give them a decent, i.e. minimum 8 characters, upper/lower cased letters and numbers mixed. If you're in doubt about removing users just give them a password, i.e. you're superuser password. If someone gets you're SU password the jigs pretty much up anyway.... What is your thinking behind not letting your users know about weak passwords, just as a matter of interest? Andy
>>>>>>>>>>>> Original Message <<<<<<<<<<<<<<<<<<
On Mon, Nov 18, 2002 at 09:48:45AM -0600, Linux User wrote:
Hi guys... I install seccheck on my suse email server.. and it seems that one of it's security test it check for weakness passwords, and send to
On 11/18/02, 5:24:27 PM, Lars Ellenberg
users an email with something like:
How could I stop that process to send an email to each user ?
afair, rpm -e john ...
if it is not there, it cannot check your passwords :) probably mv /usr/sbin/john{,.the.ripper} will do, too ...
rpm -i john: "John the Ripper" detects weak passwords like first names, common expressions etc. on your system.
uhm, do you really want to have those passwords on your machine?
hth, Lars
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
participants (3)
-
Andrew Bennett
-
Lars Ellenberg
-
Linux User