Once you have access to the raw partition update the bootblocks using the

Once you have access to the raw partition update the

This preview shows page 82 - 87 out of 278 pages.

Once you have access to the raw partition, update the bootblocks using the installboot utility. The process depends on the NetBSD version you are using. If you are running 2.0 or higher, use the command shown next. Replace the bootxx_ffsv1 file with the one that matches your root filesystem type; failure to do so will render your system unbootable. # /usr/sbin/installboot -o console=com0 /dev/rwd0a /usr/mdec/bootxx_ffsv1 If you are running 1.6, use the following command instead: # /usr/mdec/installboot /usr/mdec/biosboot_com0.sym
Image of page 82
< Day Day Up > < Day Day Up >
Image of page 83
Hack 28 Remove the Terminal Login Banner Give users the information you want them to receive when they log in. The default login process on a FreeBSD system produces a fair bit of information. The terminal message before the login prompt clearly indicates that the machine is a FreeBSD system. After logging in, a user will receive a copyright message and a Message of the Day (or motd), both of which contain many references to FreeBSD. This may or may not be a good thing, depending upon the security requirements of your network. Your organization may also require you to provide legal information regarding network access or perhaps a banner touting the benefits of your corporation. Fortunately, a few simple hacks are all that stand between the defaults and your network's particular requirements. 3.6.1 Changing the Copyright Display Let's start with the copyright information. That's this part of the default login process: Copyright (c) 1992-2003 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. To prevent users from seeing this information, simply: # touch /etc/COPYRIGHT 3.6.2 Changing the Message of the Day Technically, you could add your own information to /etc/COPYRIGHT instead of leaving it as an empty file. However, it is common practice to put your information in /etc/motd instead. The default /etc/motd contains very useful information to the new user, but it does get rather old after a few hundred logins. You can edit /etc/motd to say whatever suits your purposes—anything from your favorite sci-fi excerpt to all the nasty things that will happen to someone if they continue to try to log into your system. Here's a very
Image of page 84
< Day Day Up > < Day Day Up >
Image of page 85
Hack 29 Protecting Passwords With Blowfish Hashes Take these simple steps to thwart password crackers. All good administrators know that passwords can be a weak link in the security chain. A malicious and determined user armed with a password cracker could conceivably guess enough of your network's passwords to access unauthorized resources. 3.7.1 Protecting System Passwords in General Fortunately, you can make a password cracker's life very difficult in several ways. First, educate your users to choose complex, hard-to-guess passwords that are meaningful enough for them to remember. This will thwart dictionary password crackers [Hack #30] , which use lists of dictionary and easy-to-guess words.
Image of page 86
Image of page 87

You've reached the end of your free preview.

Want to read all 278 pages?

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture

  • Left Quote Icon

    Student Picture