[Hudlug] Fwd: Re: [newbie] MLdonkey
Chris Wood
hudlug at mailman.lug.org.uk
Sat Nov 2 12:33:00 2002
On Friday 01 November 2002 22:07 pm, you wrote:
> Hi guys,
>
> This bit of the conversation interested, me, the act of locking a
> workstation, I know that it is possible in Windows NT, but is it
> possible in Linux? I know that KDE has the "screen lock" thing, but then
> is it not possible to have the machine switch into a different terminal
> using CTRL+ALT+An F Key?
>
Yup, this is true.
So - lock your KDE/Gnome/E/WM/Whatever session, and make sure you are not
logged in on any of the VTs. This way, If someone comes along and pops his
way through the VTs on your linux box all he'll get are login prompts and
the locked X session.
> So what do you recommend for keeping the machine secure when you leave
> it off? At a LAN Party when I took my PC and I left that open, I just
> left it with a login terminal on the screen by my Xsession was still
> open in the background along with some other stuff.
>
When you leave it off? As in powered off? I don't do anything special. It
*IS* possible to do naughty stuff, especially if you have a bootable linux
CD. People could muck about with your data having booted your machine this
way.
However, They don't don't know your passwords or ssh passphrases, and hence
they are limited to doing nasty things to your machine and not other
machines that you usually access on the network (you don't store important
data locally do you?). This is another good reason for using a secure
password - you don't want someone cracking it if they do get access to your
machine in some way...
If you want some extra security you could set the lilo boot password and
potentially the bios boot password too. This will simply slow people down
and won't stop someone with a scewdriver and a bootable CD. Personally I
don't bother with these, as they are more likely to simply make a hacker all
the more determined to do his worst.
Just keep it simple and use some common sense:
* Don't leave logged in sessions on VTs and make sure you lock your X
session - in fact set up your X session to automatically lock after 5 mins
of inactivity - the screensaver section of the WM tools usually allows you
to do this.
* Use well chosen passwords and long passphrases.
* Don't leave unnecessary ports open on your machine.
* Use ssh rather than Telnet
* Don't allow anonymous ftp to your machine.
* Don't tell your mates/work colleagues your passwords
* Don't leave telnet/ssh sessions open to remote machines when your not
using them.
* Don't leave shells logged in as root anywhere
* Don't log into your local machine as root - just su when you need to
yadda yadda yadda....
I'm sure you guys are pretty sensible, and that the above seem like common
sense...
So at the lan party you just flipped over from your X session to a VT and
left it at that? Did you lock the X session? If so, then that's pretty much
all that I would have done.
Phew! Too much for a Saturday morning! Must still be interview mode - I
start my new job on Monday morning...
I'm happy to talk security at the meet (on tuesday this week?) if anyone is
interested... Got a fair bit of experience from working in a web hosting
environment.
C.
> Thanks
> Shak