![]() If you do not use BT on a notebook, disable it. ![]() And have a look at the currently running services. If you do not need ssh do not install ssh, if you do not use a webserver do not install a webserver. Lock your screen when you go AFK.ĭo not install services or software for the fun of it. sudo -reset-timestamp removes the current grace period and will ask for the password again when you next use "sudo". and think first.ĭo not leave your system unattended when the "sudo" grace period is active. If you open a browser and are given a popup that looks like our "asking for admin account password". If you have no relation to "Abwegwfkwefkwe" it is a good password.ĭo not enter your admin password when asked for it unless you know it was expected to be asked. An example I used before when discussing this: If your dog is named "Abwegwfkwefkwe" using "Abwegwfkwefkwe" as a password is BAD even though it looks good (since someone could ask you: 'what is your dog's name' and they try that as a free guess). And you will be even better off if it is a strong password (maybe easy to remember for you but not guessable by others). then your problem is there, not with the security model of your system, Ubuntu or Linux in general.Īs long as your sudo password is yours you will/should be fine. And in general guessing is not worth the trouble. By the way: if they do it like that they must have knowledge of your system first (like your password).īut then there is an issue with that (and any other method): how did they get your password? They can NOT get it from your system itself. If you have "ssh" running on that machine and they can "ssh" to your system, and get a hand on your username and password for that user (and as it is an admin user your sudo password too) they can access your machine and mess it up. Note that it is possible to abuse a service. "root" mode is disabled and you can not directly log in to a "#" prompt. They first need to connect, then provide the sudo password. A router should kill that connection and enforce a waiting period before accepting new requests from that connection.Ĭan anybody access my computer in root mode using my sudo password with no physical access to the computer, on a standard Ubuntu desktop installation ? Basically what you have here is a DOS attack (or a DDOS if 2+ computers attacking you). Here comes something else in play: a ROUTER should be smart enough to lock access from the outside if it is a repeated request asking for the same information over a short period of time. By the way: this method is considered valid and a feature, and an accepted security risk (otherwise you would never be able to fix your system in case the password did get compromised).īut I know that it is not strong enough if someone can brute-force it remotely. It will take 1 reboot by someone for that someone to be able change your root password (can be done from "grub rescue" without the need to supply your current password). I do not want to scare you too much, but if someone has physical access you handed access over to them regardless of how strong your password is. Mainly because the requested action needs super user privileges which need to be enabled on your user account.I know that the sudo password protects my computer from being locally hacked by someone having physical access to it. Such an error may be annoying to someone starting out hacking code on Linux Installation of software in Linux such as installing MongoDB database locally, without the correct permissions, Linux will deny to perform this action as such an action needs jumped up privileges. You may as well need to edit configuration files of installed softwares. ![]() Most of the times as a programmer using Linux, you will use the command line to perform operations like moving and renaming files, install software, etc. Many programmers and developers tend to choose Linux OS over the other OSes because it allows them to work more effectively and quickly, considering that, Linux just gives you much more control over your tools, hardware and overall work environment.Įvery developer must not use Linux as there are distributions that are really user friendly and you don’t need to have intricate knowledge of the system, but with the mentioned advantages of Linux including its malleability, It will surely be a good reason to give Linux a try. Linux has, in recent years, become the leading operating system on servers.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |