Oliver Schad wrote:
Am Samstag, 18. Februar 2006 01:48 schrieb mir Christian Limberg:
maybe you can emerge tools like chrootkit or rkhunter for checking
your box for intruders. Clearly, it wouldn't help, if someone has
'bruteforced' your password, but if an intruder came throu a
vunerable application and installed a rootkit or something like that,
the tools might help you.
No, you can't detect with those tools if your system is *not*
compromised.
Furthermore it is highly recommended, that your root-password
contains of a non-dictionay alpha-numeric (at least capitals, lower
case letters and numbers) 8 character long phrase.
And it it highly recommended to set up a new system from scratch.
Everything else is Russian roulette.
Regards
Oli
There are a lot of good schemes for creating solid, memorable passwords.
My favorite advice comes from the USAH (http://www.admin.com/). To
paraphrase, come up with a nonsensical and slightly offensive (George
Carlin's seven words are allowed:
http://en.wikipedia.org/wiki/Seven_dirty_words) phrase of a half dozen
or so words. Take the first two letters from each word. Then mix up the
case and use numbers or symbols to replace certain letters occasionally.
The result is a pretty solid password that you should be able to
remember by remembering the silly phrase you started with.
--
[email protected] mailing list
