Quick Tip: SUDO timeout

--Originally published at TC2027 – Blog will Tear us Apart

So, you’ve been playing with your Ubuntu distribution around, and suddenly you require sudo privileges in order to change or install a special feature. Thus, you enter your password and grant that privilege access to your computer.

I believe I don’t have to remind you that being logged as root is dangerous and you should only run commands and programs as root when you’re 100% sure of what you’re doing. In the default terminal, after you enter the password once, it allows you to run the next commands with the root privileges without password prompt.

On my Linux experience I have typed commands that weren’t mean to be on root access or finding someone (my hacker girlfriend) accessing my root folders without having to input any password.

After digging around I found a, surprisingly easy, way to modify the default sudo settings in order to change the timeout of the root access.

Let us access the configuration file.

 user@pc~$sudo visudo

This command is absolutely necessary in order to modify the file, even on the file it says so:

#This file MUST be edited with the 'visudo' command as root.

Don’t worry, the editor is not vim, it opens it with nano. Almost at the beginning of the file one can see preformed default variables, the one that matters to us is the following:

Defaults env_reset

This is where we can modify the value of timeout, notice that the variable is not even defined at the file. On the same line, we need to append the timeout variable with the following syntax:

timestamp_timeout=x

Now, instead of the x we can add any integer value. This value represent the time in seconds that the terminal will wait before asking for the password again.

If you want the computer to ask for the password

Continue reading "Quick Tip: SUDO timeout"

My penguin has no armor?

--Originally published at The shield of the world

So let’s start with this…

What is security in OS?

Is when you have issues external to OS and you would ask, why external? Because is the authentication of you, the user, validation of messages, malicious or accidental introduction of flaws, etc. So is not really about the OS.

200w

And what is Protection in OS?

Mechanisms and policies to keep programs and users from accessing or changing stuff they should not do. AND is internal to OS. The OS has to provide this.

So…Protection and Security

An Operating System (OS) is an interface between a computer user and computer hardware. An operating system is a software which performs all the basic tasks like file management, memory management, process management, handling input and output, and controlling peripheral devices such as disk drives and printers. We will call this objects.

And each object has a unique name and can be accesses through a well-defined set of operations.

Protection and security ensure that each object is accessed correctly and only by those processes of authorized users that are allowed to do so.
giphy

OS designers faces challenge of creating a protection scheme that cannot be bypasses by any software that may be created in the future.

Networking adds to the problem as it allows access to a computer and its resources without being in the same physical location.

captura

This is the correct way to access and use Resources.

OS have goals like:

  • Data confidentiality
  • Data integrity
  • System availability

And each of this has a threat:

  • Exposure of data
  • Tampering with data
  • Denial of service

One of the solutions is user authentication…you know when you type “password” to actually enter your PC and if you don’t type anything and just has all his information without any little layer of protection should use at least a

security-protection-in-operating-system-22-1024
zvybh28
uac-prompt
giphy1
Continue reading "My penguin has no armor?"