[CentOS] an actual hacked machine, in a preserved state

Tue Jan 3 15:47:51 UTC 2012
m.roth at 5-cent.us <m.roth at 5-cent.us>

Having been on vacation, I'm coming in very late in this....

Les Mikesell wrote:
> On Tue, Jan 3, 2012 at 4:28 AM, Bennett Haselton <bennett at peacefire.org>
> wrote:
<snip>
>> OK but those are *users* who have their own passwords that they have
>> chosen, presumably.  User-chosen passwords cannot be assumed to be
>> secure against a brute-force attack.  What I'm saying is that if you're
>> the only user, by my reasoning you don't need fail2ban if you just use a
>> 12-character truly random password.
>
> But you aren't exactly an authority when you are still guessing about
> the cause of your problem, are you?  (And haven't mentioned what your
> logs said about failed attempts leading up to the break in...).

Further, that's a ridiculous assumption. Without fail2ban, or something
like it, they'll keep trying. You, instead, Bennett, are presumably
generating that "truly random" password[1] and assigning it to all your
users[2], and not allowing them to change their passwords, and you will be
changing it occasionally and informing them of the change.[3]

Right?

        mark

1. How will you generate "truly random"? Clicks on a Geiger counter? There
is no such thing as a random number generator.
2. Which, being "truly random", they will write down somewhere, or store
it on a key, labelling the file "mypassword" or some such.
3. How will you notify them of their new password - in plain text?