How to get Root rights on Linux ?


To protect your Linux,
- use only Linux
- use shadow password (Run pwconv as root)
- setup LILO password
- keep your Linux up-to-date
- subscribe to bugtrack mailling liste
- read the Linux Administrator Security Guide LASG and Securing-Optimizing-Linux-RH-Edition
- Remove the services you don't use (don't forget inetd services in /etc/inetd.conf)
- Replace inetd by xinetd
Convert your old information: itox -t /usr/sbin/ < /etc/inetd.conf > /etc/xinetd.conf
Update your /etc/hosts.allow to reflect service name and not binary name.
- Your default policy must be deny (ALL:ALL in /etc/hosts.deny)
- Setup a firewall with a default deny policy NetFilter
- Use OpenSSH instead of telnet and configure it correctly (no X forwarding in client, limit simultaneous connection for your server)
If you use Winx, you can get PuTTY, free win32 telnet/ssh client
- Configure your servers to run as non root (Squid,Mysql,Apache,IPLog,Bind,PostFix...)
- If you run an X server with XDM/KDM/GDM, use the last version of XFree server with Xwrapper and deny XDMCP: XDM, KDM : /etc/X11/xdm/Xaccess
GDM : look for [security] and [xdmcp] in /etc/X11/gdm/gdm.conf
- Chrooted BIND/DNS servers
- IPLog: TCP/IP traffic logger
- Nessus: Remote Security Scanner
Use the option "-a" to only listen to loopback interface
- Use PostFix instead of Sendmail
Important parameters in are mydestination and relay_domains
smtpd_banner = $myhostname ESMTP $mail_name
- Use ProFTPD instead of Wu-FTPD
In /etc/proftpd.conf, set
SyslogFacility AUTH
ExtendedLog /var/log/ftp.log AUTH
ServerIdent Off
- Restrict crontab users with /etc/cron.allow
- NMAP port scanner

The password cracker John The Ripper is avaible at

Introduction to Awk
The Unix Shell Guide
HTML Reference