Linux with Operating System Concepts

Download 5,65 Mb.

Pdf ko'rish

bet	134/254
Sana	22.07.2022
Hajmi	5,65 Mb.
	#840170

1 ... 130 131 132 133 134 135 136 137 ... 254

Bog'liq
Linux-with-Operating-System-Concepts-Fox-Richard-CRC-Press-2014

Password management
involves three general
operations. First is the initial generation of passwords. Second is establishing and enforcing
a policy requiring strong passwords. Third is establishing and enforcing a policy whereby
passwords must be modified in some timely fashion. We examine these three topics in this
section, starting with means of automatically generating initial user passwords.
9.4.1 Ways to Automatically Generate Passwords
The
apg
program is an easy way to generate random passwords. It provides 6 passwords of
8 characters each, using randomly generated characters from /dev/random. The apg pro-
gram can check the quality of a password by comparing it to a dictionary file to ensure that
no random passwords come close to matching a dictionary entry. The program has many
options, the most useful of which are listed in Table 9.3.
As apg may not be part of your initial Linux installation, you might have to install it.
If you prefer, you can write your own command line instruction to generate passwords
by using the output from /dev/urandom. The /dev/urandom device is a random number
generator program serving as a device. It generates any character. If we use it to create pass-
words, we may find many of those characters generated should not be used in a password
as they are control characters or nonvisible characters. We would want to delete any such
characters from the password.
In order to remove specific characters from those generated by /dev/urandom, we can
utilize the
tr
program (translate or delete characters). For tr, we add the
–cd
option to
specify that we want to delete all but the characters provided in the included set. The set
would be either one of
[:alpha:]
or
[:alnum:]
, or a range of characters as in a-z, a-zA-Z

366
◾
Linux with Operating System Concepts
or perhaps bcdfghjklmnpqrstvwxyz if, for instance, we wanted to generate a string with no
vowels. We would pipe the result to an instruction that could truncate the output. For this,
head or tail would be useful.
We could use the following instruction to generate a random password of eight
characters:
tr –cd ‘[:alpha:]’
<
/dev/urandom | head –c8
This instruction would generate a randomly generated password of 8 letters (the use of -c8
causes head to return just the first 8 bytes, which is equivalent to the first 8 characters).
Notice that we are not piping the result of /dev/random to tr but instead using /dev/uran-
dom as input into tr because /dev/urandon is treated like a file rather than a program. Also,
we could use
[:alnum:]
if we wanted passwords that included both letters and digits.
These are only two of the ways to generate passwords. There are many others, including
using the date command combined with an encryption algorithm to take the characters in
the date and generate a hash version of it. The hash version will look like a random series of
characters. Alternatively, the encryption program openssl can generate random characters
for us. Two commands are shown below using these approaches:
•
date%s | sha256sum | head –c8
•
openssl rand –base64 6
Obviously, a problem with the approaches shown above is that the passwords will truly
look random and therefore will be very difficult to memorize. A user, when confronted
with such a password, will surely change it to something easier to remember. However, this
could result in a weak password. As a system administrator, you could also write a script
that would generate a few random entries from the Linux dictionary and piece together
parts of the words. Thus, while the password does not consist of a dictionary entry, it might
be easier to remember. For instance, by obtaining the
com
from computer and attach it to
TABLE 9.3
Useful apg Options

Download 5,65 Mb.

Do'stlaringiz bilan baham:

1 ... 130 131 132 133 134 135 136 137 ... 254