Mailinglist Archive: opensuse-security (9 mails)

< Previous Next >
Re: [opensuse-security] Re: strong password with libcrypt
  • From: "Carlos E. R." <robin.listas@xxxxxxxxxxxxxx>
  • Date: Fri, 16 May 2008 11:46:11 +0200 (CEST)
  • Message-id: <alpine.LSU.1.00.0805161139140.2128@xxxxxxxxxxxxxxxx>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



The Friday 2008-05-16 at 06:15 -0300, Alvin wrote:

In the suse-oss repo there is a package called seccheck. Here's the
description:

"Regularly executable scripts (via cron) for checking the security of
your system."

Amongst other checks (file perms, open sockets, etc.) it uses a program called
john (for John the Ripper I think) that attempts to decrypt all the user
account passwords.

An email is sent to the root account with the results of the checks.

I doesn't validate the user's new password like you want, but perhaps this
could we usefull for you?

It need you install also "john" and its database (john-wordlists...rpm). It runs as a cron job every every week and it is terribly slow. Slow as in /days/. It is worse than old beagle and old zypper, together, at their worst.

Without john installed the secchk task will complain every week that john is not installed, but that's fine.

- -- Cheers,
Carlos E. R.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.4-svn0 (GNU/Linux)

iD8DBQFILVfktTMYHG2NR9URAs3WAJ9gvxZg+SZVh1bLNBwYxdO3OexKgACfUnNh
70JT38KEF1ghTwuRGc/aIPo=
=zxrv
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-security+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-security+help@xxxxxxxxxxxx

< Previous Next >
List Navigation
Follow Ups
References