unix security program
Andrew Josey
andrew at uel.uel.co.uk
Sat May 21 02:37:20 AEST 1988
In article <4625 at mcdchg.UUCP>, modla at atux01.ATT.COM (J. Modla) writes:
> The book, 'UNIX System Security', by Wood and Kochan, has a few security
> programs listed in the appendices. Has anyone tried these programs out?
> I'd be interested to hear about your results.
>
> Also, if anyone has one or more of these programs on-line, could you please
> send me a copy?
I have been running the programs on a 3B2 running UNIX System V Release 3.1.
I quote from the book:
"the secure program shown in this book is a very elementary auditing
program. It is meant to be a framework..."
Secure is a useful starting point and puts many checks into one program that
I used to have as a number of scripts.
The permissions check program requires you to set up a list
of permissions, the ones given are not the most secure, for example:
/bin 555 dr-xr-xr-x
If you want security why let users cd to or ls /bin, better to set
the permissions :
/bin 111 d--x--x--x
Does anybody out there have a definitive set of "secure" file protection
settings for System V (especially Release 3)?
I like the pwadmin and pwexp programs, and wonder why this feature has not
been provided for in 3B2 sysadm. It's much easier using pwadmin
than having to remember "password-ese" ( .=0, /=1, 0-9=2-11, A-Z=12-37...)
As for availability of the programs page 3 of the introduction
says they are available electronically from Pipeline Associates, Inc.
(I have not tried this, and don't know if it works...)
I won't give the address here as I'm sure they don't want to be deluged
with requests.
My overall impression is that the book is worth reading by anyone
responsible for system security. No, I am not on commission :-).
The programs alone will not secure your system. However, they are a good
start and I have added these to my security "toolpack"...
--
Andrew Josey, AT&T Unix Europe, a Division of AT&T (UK) Ltd.
International House, Ealing Broadway, London W5 5DB, England, UK
uucp:{ mcvax!ukc, attunix} uel!andrew
{ The usual disclaimer .... }
More information about the Comp.unix
mailing list