Once you have access to the raw partition, update the bootblocks using the installboot utility. The process depends on the NetBSD version you are using. If you are running 2.0 or higher, use the command shown next. Replace the bootxx_ffsv1 file with the one that matches your root filesystem type; failure to do so will render your system unbootable. # /usr/sbin/installboot -o console=com0 /dev/rwd0a /usr/mdec/bootxx_ffsv1 If you are running 1.6, use the following command instead: # /usr/mdec/installboot /usr/mdec/biosboot_com0.sym
< Day Day Up > < Day Day Up >
Hack 28 Remove the Terminal Login Banner Give users the information you want them to receive when they log in. The default login process on a FreeBSD system produces a fair bit of information. The terminal message before the login prompt clearly indicates that the machine is a FreeBSD system. After logging in, a user will receive a copyright message and a Message of the Day (or motd), both of which contain many references to FreeBSD. This may or may not be a good thing, depending upon the security requirements of your network. Your organization may also require you to provide legal information regarding network access or perhaps a banner touting the benefits of your corporation. Fortunately, a few simple hacks are all that stand between the defaults and your network's particular requirements. 3.6.1 Changing the Copyright Display Let's start with the copyright information. That's this part of the default login process: Copyright (c) 1992-2003 The FreeBSD Project. Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994 The Regents of the University of California. All rights reserved. To prevent users from seeing this information, simply: # touch /etc/COPYRIGHT 3.6.2 Changing the Message of the Day Technically, you could add your own information to /etc/COPYRIGHT instead of leaving it as an empty file. However, it is common practice to put your information in /etc/motd instead. The default /etc/motd contains very useful information to the new user, but it does get rather old after a few hundred logins. You can edit /etc/motd to say whatever suits your purposes—anything from your favorite sci-fi excerpt to all the nasty things that will happen to someone if they continue to try to log into your system. Here's a very
< Day Day Up > < Day Day Up >
Hack 29 Protecting Passwords With Blowfish Hashes Take these simple steps to thwart password crackers. All good administrators know that passwords can be a weak link in the security chain. A malicious and determined user armed with a password cracker could conceivably guess enough of your network's passwords to access unauthorized resources. 3.7.1 Protecting System Passwords in General Fortunately, you can make a password cracker's life very difficult in several ways. First, educate your users to choose complex, hard-to-guess passwords that are meaningful enough for them to remember. This will thwart dictionary password crackers [Hack #30] , which use lists of dictionary and easy-to-guess words.
You've reached the end of your free preview.
Want to read all 278 pages?