SUMMARY: All around security package.

From: Morten Krabbe Barfoed (morten@copernicus.dsri.dk)
Date: Wed Jul 27 1994 - 22:28:06 CDT


Original posting:

:::::::::::::::::::::::::::::::::::::::::::::::::::::::::
:Dear sunmanagers.
:
:Does anybody know of an allaround security package,
:preferably publicly available ???
:
:System: SUN Server 470, SS2 and SS10
:OS: SUNOS 4.1.3.
:
:Summary will be posted.
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::

Thanks a lot to all who responded, here are the answers:

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
From: Harish Malneedi <harishm@pcsdnfs1.eq.gs.com>

Hi

Check the recent (last 4-7 days) sun managers archives, i pretty sure
remember somobody posted a sumamry on the comprehensive list of security
issues for a 4.1.3 system and made it publicly available.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
From: mnappi@lehman.com (Michael Nappi)
 
kerberos from mit - combine it with moira from mit and you
have a great security and file distribution system with rcs
control
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
From: jason andrade <jason@ctpm.uq.oz.au>

cops 1.0.4+
tiger 2.2.3

archie for both.

-jason
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
From: tap116@minsy.navy.mil (Tom Plesha)
  
Try anonymous ftp to FTP.CERT.ORG. They have tons of stuff and security
oriented software. Look for iss, cops, crack, tripwire, etc.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
From: Jonathan Loh <jloh@futon.SFSU.EDU>

Kerberos? that's available through anon-ftp use archie to find it.
Cops, is a collection of c programs and scripts that do a security check
on your system and gives you some recommendations. npasswd checks to
see if the password entered when changing passwd's or adding new users,
meets certain criteria, useful for assuring hard to guess passwords.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Morten,

I'm running both cops and tiger. They are available from many
ftp sites.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
From: jcsadmin!jc@eng.dowjones.com (John Ciesla)
 
Try tis.com server. It has a great firewall and other
thoughts about security.

                John
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
From: cheryl@nigel.tamu.edu (Cheryl Cato)
 
Try "tiger" - available via anonymous ftp from net.tamu.edu - in
pub/security/TAMU. This one has been recommended by CERT.

It's a good all-around security checking package. "tripwire" is
also there - in pub/security/archive, but I think you'll find it
a good bit more burdensome to administer.

Hope this helps!

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=

Thanks again; I'm looking into the different packages now. I found there
to be a lot of usefull information on the subject around.

Best regards to all:

Morten Krabbe Barfoed

Danish Space Research Institute phone: +45 42 88 22 77 (switch-board)
Gl. Lundtoftevej 7 phone: +45 45 87 40 77 - 161 (direct)
DK 2800 Lyngby FAX: +45 45 93 02 83
Denmark TELEX: 37 198

                                        e-mail: morten@dsri.dk



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:09:06 CDT