Whoops, sorry, thought this was offlist.
mark, not reading closely enough.
m.roth@5-cent.us wrote:
Ljubomir,
Ljubomir Ljubojevic wrote:
On 01/03/2012 04:47 PM, m.roth@5-cent.us wrote:
Having been on vacation, I'm coming in very late in this....
Les Mikesell wrote:
On Tue, Jan 3, 2012 at 4:28 AM, Bennett Haseltonbennett@peacefire.org wrote:
<snip> >> OK but those are *users* who have their own passwords that they have >> chosen, presumably. User-chosen passwords cannot be assumed to be >> secure against a brute-force attack. What I'm saying is that if >> you're the only user, by my reasoning you don't need fail2ban if >> you just use a 12-character truly random password. > > But you aren't exactly an authority when you are still guessing about > the cause of your problem, are you? (And haven't mentioned what your > logs said about failed attempts leading up to the break in...).
Further, that's a ridiculous assumption. Without fail2ban, or something like it, they'll keep trying. You, instead, Bennett, are presumably generating that "truly random" password[1] and assigning it to all your users[2], and not allowing them to change their passwords, and you will be changing it occasionally and informing them of the change.[3]
Right?
- How will you generate "truly random"? Clicks on a Geiger counter?
There is no such thing as a random number generator. 2. Which, being "truly random", they will write down somewhere, or store it on a key, labelling the file "mypassword" or some such. 3. How will you notify them of their new password - in plain text?
Bennet was/is the only one using those systems, and only as root. No
Ohhhh....
additional users existed prior to breach. And he is very persisting in placing his own opinion/belief above those he asks for help. That is why
So he's not only not wanting to accept that he blew it, but wants "validation" for that wrongheadedness.
we have such a long long long thread. It came to the point where I am starting to believe him being a troll. Not sure yet, but it is getting there.
As long as no one's giving him support in his ideas, he's now got someone outside himself (and the intruder) to be against. Just like the US right wing....
I am writing this for your sake, not his. I decided to just watch from no on. This thread WAS very informative, I did lear A LOT, but enough is enough, and I spent far to much time reading this thread.
Thanks for the offlist email. Happy new year to you.
mark
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos