COPS security audit and the unix pc.

Augustine Cano afc at shibaya.lonestar.org
Sat Mar 23 10:40:07 AEST 1991 

When I first ran the COPS security package on my 3b1, I got a report more
than 250 lines long.  Most of the entries were about files and directories
being world-writable.  Surprisingly, the following few commands eliminated
the vast majority.

chmod o-w  / /usr /usr/bin /usr/adm /usr/lib /usr/spool /usr/spool/news
chmod o-w /usr/local /usr/local/bin /usr/local/lib /.  /..  /etc/daemons
chmod o-w /.phdir /etc/timedsply /usr/lib/cron /usr/lib/dwb /usr/lib/macros
chmod o-w /usr/lib/me /usr/lib/ms /usr/lib/news /usr/lib/newsbin
chmod o-w /usr/lib/nterm /usr/lib/spell /usr/lib/tabset /usr/lib/tmac
chmod o-w /usr/lib/ua

One directory that CANNOT be treated in this manner is /usr/spool/uucp.
I tried it and kermit couldn't then set or clear locks.

The COPS security report is now down to the following:
(actual COPS output follows '>', my comments follow each (group of) entry(ies))

> Warning!  Root does not own the following file(s):
> found found found /bin

Is this of any consequence?

> Warning!  /usr/spool/uucp is _World_ writable!

This one has to be ignored; as I said above certain programs might not be
able to access locks if this is changed.

> Warning!  /etc/drvtab is _World_ writable!
> Warning!  /etc/inittab is _World_ writable!
> Warning!  /etc/wtmp is _World_ writable!

Does anybody know if this has to be so? (particularly for /etc/wtmp).

> Warning!  /usr/adm/NBS.log is _World_ writable!
> Warning!  /usr/adm/UNIX.log is _World_ writable!
> Warning!  /usr/adm/cronlog is _World_ writable!
> Warning!  /usr/adm/drv.log is _World_ writable!
> Warning!  /usr/adm/sulog is _World_ writable!
> Warning!  /usr/adm/unix.log is _World_ writable!

Log files... the security risk coming from here is, even in the worst case,
minimal.

> Warning!  /usr/lib/crontab is _World_ readable!
> Warning!  /usr/adm/sulog is _World_ readable!

Should anybody care about these two?  COPS output is looking more and more
like lint...

> Warning!  File /dev/console (in /etc/rc*) is _World_ writable!
> Warning!  File /dev/window (in /etc/rc*) is _World_ writable!
> Warning!  File /usr/lib/ua/.blanktime (in /etc/rc*) is _World_ writable!
> Warning!  User uucp's home directory /usr/spool/uucppublic is mode 0777!
> Warning!  User nuucp's home directory /usr/spool/uucppublic is mode 0777!

Of course, since all uucp accounts have the same home directory, the
same message appeared once for each uucp-connected machine.

> Warning! /usr/lbin/uudecode creates setuid files!

This, according to the documentation, is pretty common, but without
re-inforcing other problems, seems to be ok.

Comments anyone?  Most of these "problems" (corrected and remaining)
originated with the standard installation of the standard unix pc
software, so it's likely you also have them.  Whether they can be safely
ignored is up to you...

Stay tuned for coming attractions:  AT&T external monitor for the unix pc?

-- 
Augustine Cano		INTERNET: afc at shibaya.lonestar.org
			UUCP:     ...!{ernest,egsner}!shibaya!afc

More information about the Comp.sys.3b1 mailing list