User's Manual

Solaris 9 Security CX-310-301 49

# find / -user 8888 -print -exec chown root {} \;

/var/report1

/var/report2

/var/report3

Now list the files to check they have changed owner:

# ls -l /var/report*

-rw-r--r-- 1 root other 0 Apr 10 22:34 /var/report1

-rw-r--r-- 1 root other 0 Apr 10 22:34 /var/report2

-rw-r--r-- 1 root other 0 Apr 10 22:34 /var/report3

Protecting Passwords

The security policy should provide users with guidelines for passwords, including details on how they

should be protected and also guidelines for creating secure passwords.

A password must:

¾ never be written down

¾ never be shared with anyone else

¾ be unique for a single user account. Don’t use the same password if you have multiple accounts,

because if one is cracked, they’re all cracked!

¾ never be stored in unencrypted form (i.e. plain text)

The users of a system should be educated as to the risks posed by passwords and the threat that exists from

an attacker running a cracking, or password guessing program. Make them aware of the types of words an

attacker will be looking for.

Also, the super user, or root password must never be revealed to anyone not authorized to use it. A better

solution is to implement RBAC or sudo to allow administrators a higher privilege without having to

provide this password. The root password should be kept in a sealed envelope in a secure location so that it

can be accessed only in an emergency, and then of course, changed again afterwards.

Recommendations for a Good Password

The following recommendations apply to all user passwords:

¾ Do not use common dictionary words, or names, or car license plate combinations, phone

numbers, social security numbers and so on. Password cracking programs can trawl through

millions of potential passwords extremely quickly and are programmed to recognize these kind of

patterns