[Hudlug] Fwd: Re: [newbie] MLdonkey

Chris Wood hudlug at mailman.lug.org.uk
Sat Nov 2 12:33:00 2002 

On Friday 01 November 2002 22:07 pm, you wrote:
> Hi guys,
>
> This bit of the conversation interested, me, the act of locking a
> workstation, I know that it is possible in Windows NT, but is it
> possible in Linux? I know that KDE has the "screen lock" thing, but then
> is it not possible to have the machine switch into a different terminal
> using CTRL+ALT+An F Key?
>

Yup, this is true. 
So - lock your KDE/Gnome/E/WM/Whatever session, and make sure you are not 
logged in on any of the VTs. This way, If someone comes along and pops his 
way through the VTs on your linux box all he'll get are login prompts and 
the locked X session.

> So what do you recommend for keeping the machine secure when you leave
> it off? At a LAN Party when I took my PC and I left that open, I just
> left it with a login terminal on the screen by my Xsession was still
> open in the background along with some other stuff.
>

When you leave it off? As in powered off? I don't do anything special. It 
*IS* possible to do naughty stuff, especially if you have a bootable linux 
CD. People could muck about with your data having booted your machine this 
way.
However, They don't don't know your passwords or ssh passphrases, and hence 
they are limited to doing nasty things to your machine and not other 
machines that you usually access on the network (you don't store important 
data locally do you?). This is another good reason for using a secure 
password - you don't want someone cracking it if they do get access to your 
machine in some way...
If you want some extra security you could set the lilo boot password and 
potentially the bios boot password too. This will simply slow people down 
and won't stop someone with a scewdriver and a bootable CD. Personally I 
don't bother with these, as they are more likely to simply make a hacker all 
the more determined to do his worst.

Just keep it simple and use some common sense:
* Don't leave logged in sessions on VTs and make sure you lock your X 
session - in fact set up your X session to automatically lock after 5 mins 
of inactivity - the screensaver section of the WM tools usually allows you 
to do this.
* Use well chosen passwords and long passphrases.
* Don't leave unnecessary ports open on your machine.
* Use ssh rather than Telnet
* Don't allow anonymous ftp to your machine.
* Don't tell your mates/work colleagues your passwords
* Don't leave telnet/ssh sessions open to remote machines when your not 
using them.
* Don't leave shells logged in as root anywhere
* Don't log into your local machine as root - just su when you need to

yadda yadda yadda....
I'm sure you guys are pretty sensible, and that the above seem like common 
sense...

So at the lan party you just flipped over from your X session to a VT and 
left it at that? Did you lock the X session? If so, then that's pretty much 
all that I would have done. 

Phew! Too much for a Saturday morning! Must still be interview mode - I 
start my new job on Monday morning...

I'm happy to talk security at the meet (on tuesday this week?) if anyone is 
interested... Got a fair bit of experience from working in a web hosting 
environment.

C.

> Thanks
> Shak