How Do You Use Partitions on a Disk and Have Complete Disk Encryption with Ubuntu?

0 Comments

Problem scenario
You want your entire hard disk to have encryption. You want to install Ubuntu Linux with partitions. What do you do?

Solution
Follow these directions, but make sure the second partition (with GRUB) uses 80 MB. To do this, mentally find this command “sgdisk –new=2:0:+2M $DEV” here:
https://help.ubuntu.com/community/Full_Disk_Encryption_Howto_2019

When you get to that command,

Continue reading “How Do You Use Partitions on a Disk and Have Complete Disk Encryption with Ubuntu?”

How Do You Get Passwords to Expire for Existing Users?

0 Comments

Problem scenario
You want passwords to rotate periodically for all users. You modified the /etc/login.defs file, and new users are inheriting the temporal rotational policies for passwords. How can pre-existing accounts be forced to periodically change their password?

Solution
Use this command for every password (but replace “jdoe” with the user you want to change and replace “30” with the number of days you want the password to last for before the user is forced to change it):

sudo chage -M 30 jdoe

# The user can still log in one more time after expiration. …

Continue reading “How Do You Get Passwords to Expire for Existing Users?”

How Do You Disable Hyperthreading in Linux?

0 Comments

Problem scenario
You are running Linux with a multi-core CPU and motherboard. You want to turn off simultaneous multithreading (because in some use cases the performance can improve or you are concerned about security). What should you do?

Possible Solution #1
If you want to be able to turn it back on without rebooting, you could have a crontab job run a script at reboot.

Continue reading “How Do You Disable Hyperthreading in Linux?”

Is the Term “Threadjacking” a Netiquette or Cybersecurity Issue?

0 Comments

Problem scenario
You have heard the term “threadjacking” in different contexts. What does it mean?

Answer
The word “threadjack” can have different meanings. It can be a netiquette issue, a cybersecurity issue, or both.

Threadjacking can refer to the practice of responding to an email thread or website posting to change the topic. These type of threadjackings have no security implication.

Continue reading “Is the Term “Threadjacking” a Netiquette or Cybersecurity Issue?”

How Do You Troubleshoot the Error “req: Use -help for summary”?

0 Comments

Problem scenario
You run a command like this:

sudo openssl req -newkey rsa:2048 -nodes -keyout contint.key -x509 -days 9999 contint.crt

You get this as the output: “req: Use -help for summary.”

What should you do?

Possible Solution #1
Use the “-out” flag between “9999” and “contint.crt”.

Possible Solution #2
Do you have an extra “-new” flag in your command?

Continue reading “How Do You Troubleshoot the Error “req: Use -help for summary”?”

How Do You Troubleshoot “jdoe is not authorized to run that command as root”?

0 Comments

Problem scenario
You failed to use visudo on a Red Hat or Debian distribution of Linux. You try to elevate your user to sudo and run a command but you get: “jdoe is not authorized to run that command as root.”

You forgot the root password. You cannot boot into rescue/recovery mode. How do you correct the /etc/sudoers file?

Solution
Run “pkexec” without quotes.

Continue reading “How Do You Troubleshoot “jdoe is not authorized to run that command as root”?”

Is It a Best/Recommended Practice to Not Allow Desktop Clipboard Pastes for Password Fields on a Website?

0 Comments

Problem scenario
You think a website field for a password should allow a password to be pasted in. This could make the users not copy the password. Some hackers exploit memory/RAM. Should you avoid allowing a password to be pasted in?

Solution
Traditionally confirmation password fields did not allow pasting (with control-v) from the clipboard. Now NIST is saying you can do this: https://pages.nist.gov/800-63-FAQ/

Some people think it is not ideal to have sensitive information in RAM.

Continue reading “Is It a Best/Recommended Practice to Not Allow Desktop Clipboard Pastes for Password Fields on a Website?”

How Do You Install the Putty Utility on a Linux Server?

0 Comments

Problem scenario
You want to run the puttygen command on a Linux server. (You tried yum and dnf commands to install putty, but they failed.) What do you do?

Solution
Prerequisites
i. These directions assume you have installed the C compiler. If you need assistance, see How Do You Install a C Compiler on Linux?
ii. These directions also assume you have the GTK library installed.

Continue reading “How Do You Install the Putty Utility on a Linux Server?”

Is It a Best/Recommended Practice to Enforce Complex Passwords?

0 Comments

Problem scenario
You are modifying /etc/security/pwquality.conf. Is it a recommended practice to have no or few repeating characters with different classes of characters including lowercase, uppercase, numbers and special characters?

Solution
It can be counter productive to have very strong password requirements according to the NIST (https://pages.nist.gov/800-63-FAQ/).

If you are using Linux or Unix, NIST does suggest you use a crack library dictionary (per A-B10 from https://pages.nist.gov/800-63-FAQ/).

Continue reading “Is It a Best/Recommended Practice to Enforce Complex Passwords?”

Is It a Best/Recommended Practice to Not Use “Make Visible” the Password when Entering It?

0 Comments

Problem scenario
You think that the users should not click the “make visible” option when entering a password. As an I.T. professional, you are not sure if this should be used or not. You read and think that it should not be used. Is it recommended that you have a practice of not letting the users make the password visible?

Solution
It is not clear.

Continue reading “Is It a Best/Recommended Practice to Not Use “Make Visible” the Password when Entering It?”