Port Number | Description |
---|---|
1 | TCP Port Service Multiplexer (TCPMUX) |
5 | Remote Job Entry (RJE) |
7 | ECHO |
18 | Message Send Protocol (MSP) |
20 | FTP -- Data |
21 | FTP -- Control |
22 | SSH Remote Login Protocol |
23 | Telnet |
25 | Simple Mail Transfer Protocol (SMTP) |
29 | MSG ICP |
37 | Time |
42 | Host Name Server (Nameserv) |
43 | WhoIs |
49 | Login Host Protocol (Login) |
53 | Domain Name System (DNS) |
69 | Trivial File Transfer Protocol (TFTP) |
70 | Gopher Services |
79 | Finger |
80 | HTTP |
103 | X.400 Standard |
108 | SNA Gateway Access Server |
109 | POP2 |
110 | POP3 |
115 | Simple File Transfer Protocol (SFTP) |
118 | SQL Services |
119 | Newsgroup (NNTP) |
137 | NetBIOS Name Service |
139 | NetBIOS Datagram Service |
143 | Interim Mail Access Protocol (IMAP) |
150 | NetBIOS Session Service |
156 | SQL Server |
161 | SNMP |
179 | Border Gateway Protocol (BGP) |
190 | Gateway Access Control Protocol (GACP) |
194 | Internet Relay Chat (IRC) |
197 | Directory Location Service (DLS) |
389 | Lightweight Directory Access Protocol (LDAP) |
396 | Novell Netware over IP |
443 | HTTPS |
444 | Simple Network Paging Protocol (SNPP) |
445 | Microsoft-DS |
458 | Apple QuickTime |
546 | DHCP Client |
547 | DHCP Server |
563 | SNEWS |
569 | MSN |
1080 | Socks |
My blog contains solutions of problems i have faced during working with computers and servers
Friday, November 8, 2013
Default port numbers
How to enforce password complexity on Linux
On most Linux systems, you can use PAM (the "pluggable authentication module") to enforce password complexity. If you have a file named /etc/pam.d/system-auth on RedHat (/etc/pam.d/common-password on Debian systems), look for lines that look like those shown below.
$ grep password /etc/pam.d/system-auth password requisite pam_cracklib.so try_first_pass retry=3 password sufficient pam_unix.so md5 shadow nullok try_first_pass use_authtok password required pam_deny.so
That's what you should expect to see on a new system.
By default, passwords must have at least six characters (see /etc/login.defs for possible changes). This is hardly long enough by current standards to consider passwords to be secure. You will have a much stronger password complexity policy if you change the first line to something like this, requiring longer passwords and ensuring a degree of complexity as well.
password requisite pam_cracklib.so try_first_pass retry=3 minlength=12 lcredit=1 ucredit=1 dcredit=1 ocredit=1 difok=4
Here's what each of the available parameters does:
try_first_pass = sets the number of times users can attempt setting a good password before the passwd command aborts minlen = establishes a measure of complexity related to the password length (more in a moment on this) lcredit = sets the minimum number of required lowercase letters ucredit = sets the minimum number of required uppercase letters dcredit = sets the minimum number of required digits ocredit = sets the minimum number of required other characters difok = sets the number of characters that must be different from those in the previous password
That said, minlen is actually a measure of complexity, not simply length. It specifies a complexity score that must be reached for a password to be deemed as acceptable. If each character in a password added one to the complexity count, then minlen would simply represent the password length but, if some characters count more than once, the calculation is more complex. So let's see how this works.
The minlen complexity measure is calculated in a number of steps:
- every character in a password yields one point, regardless of the type of character
- every lowercase letter adds one point, but only up to the value of lcredit
- every uppercase letter adds one point, but only up to the value of ucredit
- every digit adds one point, but only up to the value of dcredit
- every special character adds one point, but only up to the value of ocredit
If lcredit, ucredit, dcredit and ocredit were all set to 0, only the password length would be used to determine if it's acceptable. No characters would add extra points to the complexity score.
When you set any of the lcredit, ucredit, dcredit or ocredit parameters to a negative number, then you MUST have at least that number of characters for each character class for the password to pass the complexity test.
Setting minlen to 12 and difok to 4 are generally good settings. However, if you want to require 12 character passwords and complexity too, you will need a larger minlen setting. With minlen set to 12 and one point given for including each of a lowercase, uppercase, digit and special character (the defaults), you could get by with passwords that have only eight characters -- even with minlen set to 12! A stronger policy would be required by this:
password requisite pam_cracklib.so try_first_pass retry=3 minlength=16 lcredit=-1 ucredit=-1 dcredit=-1 ocredit=-1 difok=4
These settings would ensure that your passwords have 12 characters, including at least one characters in each of the four classes.
If you'd like to experiment with the password length and complexity settings, try the script below. It's a bit cumbersome, but it should capture all the requirements aside from the difok(differences) criteria. Change the settings in the first section to match those you want to evaluate.
#!/usr/bin/perl -w # -- set your complexity preferences here -- $minlen=16; $lcredit=-1; $ucredit=-1; $dcredit=-1; $ocredit=-1; # -- initialize the counters -- $score=0; $lcase=0; $ucase=0; $digits=0; $other=0; # -- set fail to false -- $fail=0; # -- check for argument -- if ( $#ARGV < 0 ) { print "argument expected\n"; exit; } else { $password=$ARGV[0]; } # -- determine if any character settings are mandatory (if negative) if ($lcredit < 0) { # needed # of lowercase characters $lneeded=-1 * $lcredit; $lextra=$lneeded; } else { $lneeded=0; $lextra=$lcredit; } if ($ucredit < 0) { # needed # of uppercase characters $uneeded=-1 * $ucredit; $uextra=$uneeded; } else { $uneeded=0; $uextra=$ucredit; } if ($dcredit < 0) { # needed # of digits $dneeded=-1 * $dcredit; $dextra=$dneeded; } else { $dneeded=0; $dextra=$dcredit; } if ($ocredit < 0) { # needed # of special characters $oneeded=-1 * $ocredit; $oextra=$oneeded; } else { $oneeded=0; $oextra=$ocredit; } $score=length($password); # 1 point for each character # -- count the characters of each type -- foreach $char (split //, $password) { if ($char =~ /\d/) { $digits++; # digits } elsif ($char !~ /\w/) { $other++; # special characters } elsif ($char eq lc($char)) { $lcase++; # lowercase } elsif ($char eq uc($char)) { $ucase++; # uppercase } else { print "Error: unrecognized character. Please fix this script!\n"; } } if ($lcase < $lneeded) { print "password failure: need $lneeded lowercase character(s)\n"; $fail=1; } if ($ucase < $uneeded) { print "password failure: need $uneeded uppercase character(s)\n"; $fail=1; } if ($digits < $dneeded) { print "password failure: need $dneeded digit(s)\n"; $fail=1; } if ($other < $oneeded) { print "password failure: need $oneeded special character(s)\n"; $fail=1; } if ($fail > 0) { exit; } # -- reduce credits to number allowed -- if ($lcase > $lextra) { $lcase=$lextra; } if ($ucase > $uextra) { $ucase=$uextra; } if ($digits > $dextra) { $digits=$dextra; } if ($other > $oextra) { $other=$oextra; } print "$score + $lcase + $ucase + $digits + $other\n"; $score=$score + $lcase + $ucase + $digits + $other; if ($score >= $minlen) { print "password passes with score of $score\n"; } else { print "password fails with score of $score\n"; }
Check out /etc/login.defs for password expiration parameters -- another component of good password security.
And please note that cracklib ensures that users can't just reverse their prior passwords or rotate letters to avoid making significant password changes. So, p4ssw0rd cannot be replaced with dr0wss4p or 4ssw0rdp.
Tuesday, November 5, 2013
Creating a app specifically for locating temples, churchs and mosques
The idea behid this is when you are going to a different town in which you don't what is nearby, so we enable this app to solve those kind of situations.
But I think google apps already have this feature but I want to create it different from that..!
Subscribe to:
Posts (Atom)
Task --> you need to create redis dbs, either single or multiple based on hiera data using puppet
Hi all, I know there is no post in past few weeks, sorry i was struck with my family issues and i got married recently . so come to our i...
-
Normaly we think if an ADS/LDAP user unable to login means , the problem is with ADS/LDAP server , Guess what it is not Login cou...
-
While doing that above task , you may end up getting this bellow error Error: /File[C:/ProgramData/PuppetLabs/puppet/cache/facts.d]: F...
-
I am happy to share that I finished excel automation for my official work.I actually used openpyxl for my xlsx automation. I feel great whe...