RFC1244 - Page 50

• Title: Site Security Handbook
• Author: J.P. Holbrook, J.K. Reynolds
• Date: July 1, 1991

Page Navigation:

1  2  3  4  5  6  7  8  9  10  11  12  13  14  15  16  17  18  19  20  21  22  23  24  25  26  27  28  29  30  31  32  33  34  35  36  37  38  39  40  41  42  43  44  45  46  47  48  49  50  51  52  53  54  55  56  57  58  59  60  61  62  63  64  65  66  67  68  69  70  71  72  73  74  75  76  77  78  79  80  81  82  83  84  85  86  87  88  89  90  91  92  93  94  95  96  97  98  99  100  101 

Printable Version: RFC1244.PDF

RFC 1244                 Site Security Handbook                July 1991


            something useful, or merely something interesting.  It
            always does something unexpected, like steal passwords or
            copy files without your knowledge [25].  Imagine a Trojan
            login program that prompts for username and password in the
            usual way, but also writes that information to a special
            file that the attacker can come back and read at will.
            Imagine a Trojan Editor program that, despite the file
            permissions you have given your files, makes copies of
            everything in your directory space without you knowing about
            it.

            This points out the need for configuration management of the
            software that runs on a system, not as it is being
            developed, but as it is in actual operation.  Techniques for
            doing this range from checking each command every time it is
            executed against some criterion (such as a cryptoseal,
            described above) or merely checking the date and time stamp
            of the executable.  Another technique might be to check each
            command in batch mode at midnight.

      3.9.8.2  Tools

         COPS is a security tool for system administrators that checks
         for numerous common security problems on UNIX systems [27].
         COPS is a collection of shell scripts and C programs that can
         easily be run on almost any UNIX variant.  Among other things,
         it checks the following items and sends the results to the
         system administrator:

            - Checks "/dev/kmem" and other devices for world
              read/writability.

            - Checks special or important files and directories for
              "bad" modes (world writable, etc.).

            - Checks for easily-guessed passwords.

            - Checks for duplicate user ids, invalid fields in the
              password file, etc..

            - Checks for duplicate group ids, invalid fields in the
              group file, etc..

            - Checks all users' home directories and their ".cshrc",
              ".login", ".profile", and ".rhosts" files for security
              problems.

            - Checks all commands in the "/etc/rc" files and "cron"



Site Security Policy Handbook Working Group                    [Page 50]