The following uses openssl to generate a random binary sequence “N” bytes long encoded in hex or base64. The “N” is all important. If you use base64 you get uppercase characters in the string which some sites require, you can also use hex which makes for a more readable string but it will be longer and if the people cracking your password are using an offline database to crack the password longer random strings are better (this assumes they don’t know how you encoded you’re random bytes).
openssl -rand -base64 32
openssl -rand -hex 32
How long should “N” actually be? This table at wikipedia lists the given entropy in bits for various character sets. If using hex and you want 80 bits of entropy you need 16 bytes. Base64 is not listed but the character set has 64 symbols so the entropy is similar to the case sensitive with numbers which has 62 symbols so 80 bits would require 12 bytes. The number of bits you choose for entropy is up to you.
Is fairly straight forward.
You will need to be able to use the following commands with some confidence
Tips. When copying files make sure your umask is set to 022 and alias cp as follows:
alias cp=”cp -p”
If you are copying over any perl XS files ie *.so files make sure you also use ldd on these. As an example the PostgreSQL drivers require:
libpq.so.3 => /usr/lib/libpq.so.3 (0xb7fbf000)
libc.so.6 => /lib/tls/libc.so.6 (0xb7e89000)
libssl.so.0.9.7 => /usr/lib/i686/cmov/libssl.so.0.9.7 (0xb7e58000)
libcrypto.so.0.9.7 => /usr/lib/i686/cmov/libcrypto.so.0.9.7 (0xb7d59000)
libkrb5.so.3 => /usr/lib/libkrb5.so.3 (0xb7cf1000)
libcrypt.so.1 => /lib/tls/libcrypt.so.1 (0xb7cc4000)
libresolv.so.2 => /lib/tls/libresolv.so.2 (0xb7cb2000)
libnsl.so.1 => /lib/tls/libnsl.so.1 (0xb7c9d000)
libpthread.so.0 => /lib/tls/libpthread.so.0 (0xb7c8e000)
/lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x80000000)
libdl.so.2 => /lib/tls/libdl.so.2 (0xb7c8b000)
libk5crypto.so.3 => /usr/lib/libk5crypto.so.3 (0xb7c68000)
libcom_err.so.2 => /lib/libcom_err.so.2 (0xb7c65000)
A quick way to find your shared object files is as follows.
find /chroot_directory_name/usr/ | grep perl | grep “.*\.so$”
You will already have copied most of the shared object files over while copying squid and apache but there are most likely a few extra ones you are going to need in particular if you are using the DBI.