MD5 and SHA512

A client was concerned that their password hash was MD5. A check of the /etc/shadow file showed: user:$6$UAxaIY9I$hAkj …   The first field annotated by a ‘$’ (: is the delimiter) is 6 = SHA256 (1 = MD5) And /etc/pam.d/common-password specifies it: ​ password        [success=1 default=ignore] obscure use_authtok try_first_pass[…]

FIPS 140-2 Testing

A client specified external testing of a Debian distro with another distro’s FIPS module compiled in. This was pretty interesting. We tested to make sure SSH1 doesn’t work at all and SSH2 does with the following cyphers: aes128-ctr, aes192-ctr, aes256-ctr, aes128-cbc, 3des-cbc, aes192-cbc, aes256-cbc, and the following keys: RSA, ECDSA, DSA

RedHat Linux

We’re becoming RHEL experts. This started when I wanted to install the terminator package. The terminator package is in the Extra Repositories for Enterprise Linux repository. Step 1: wget Step 2: yum install epel-release-latest-7.noarch.rpm Step 3: yum repolist Step 3 above shows all the repos you have loaded and access to: Loaded plugins: ulninfo[…]


Enable v3, disable v1 and v2c Need to use v3 only and disable v1 and v2c. In /etc/snmp/snmpd.conf delete or comment the community names that are used for v1 and v2c (for example): rocommunity public Your default community names may not exactly be called “public” Restart the snmpd daemon. # /etc/init.d/snmpd restart Verify that[…]