unix security program

[dan at coplex.UUCP]

In article <4625 at mcdchg.UUCP> you write:
>The book, 'UNIX System Security', by Wood and Kochan, has a few security 
>programs listed in the appendices.  One does security auditing (secure),
>another checks file permissions (perms), and then there are 2 that do
>password administration (pwadm and pwexp).
>
>Has anyone tried these programs out?  I'd be interested to hear about
>your results.

Hello,
   We have the book you speak of (a well written one at that) and we have two
of the programs you speak of on line.
   The secure program listed in the back of the book is one that we use from
time to time and does a rather good job of it.  Assuming you have access to
root, it will search for setuid programs that dont belong where they should,
globally writable files, stale login ids, etc.  It does a good job.  A few
local modifications and additions are probably going to be necessary to 
suit your taste however...  Of course it isnt necessary though.

   We also have the pwadm and pwexp programs on line.  Seeing that standard
system 5 doesn't (for some god awful reason) support any programs (that I
know of) that do this for you, it does a good job.  All of the time 
accounting done by /bin/login is handled.  You can either read the status
of a user or change his status (assuming you have root permissions).  
You can make him NOT be able to change his password (guest accounts are a good
example), FORCE him to change his password upon next login, make him change
his password every [n] weeks, etc.  This utility works very well if you have
a need for cuch things.

>Also, if anyone has one or more of these programs on-line, could you please
>send me a copy?  Thanks a bunch.

   If you want the sources without having to type them in, just drop a line
and I will gladly send you them.
   As far as the permission program, we didnt implement that one... Sorry.

				Take it easy,
			{mit-eddie}!bloom-beacon!coplex!dean