SUMMARY - Security

From: Kes Masalaitis (kes@mtb.phil.mop.com)
Date: Thu Sep 08 1994 - 23:29:41 CDT


My original question was about places I could find out more about
security. Thanks to all those who replied (listed below). I have
also consolidated the responses and have listed them at the end.

Thanks again,
Kes

From: jason andrade <jason@qabc.uq.oz.au>
From: Dave Fetrow <fetrow@biostat.washington.edu>
From: peter.allan@aea.orgn.uk (Peter Allan)
From: "Schmidt, Jeff" <schmidtj@strasys.mdc.com>
From: Kes Masalaitis on Thu, Sep 1, 1994 10:51 PM
From: tmb@banjo.myxa.com (Tim Brown)
From: heasley@merl.com
From: rconybea@corpsyndev.ml.com (Roland Conybeare)
From: pamela@Legato.COM (Pamela Pledger)
From: odt@lci.com (Dan Transue)
From: David Mostardi <david@capmkt.com>
From: Dan Stromberg - OAC-DCS <strombrg@bingy.acs.uci.edu>
From: Gary Merinstein <gmerin@panix.com>
From: uunet!pstat1!crm

Here are the consolidated replies:

get cops tcp_wrappers_6.3 and perhaps tiger 2.2.3 too. Crack 4.1f might also
help. they should all be available on wuarchive.wustl.edu or ftp.uu.net.

Buy "Unix Security Handbook" from O'Reilly. It's worth it to have the
stuff in your hand.

There are some really dinky things like deleting /etc/hosts.equiv that
REALLY help a lot. The default SunOS version allows ANYONE on the network
be root on your system using nothing more than "rlogin".

Sun's paper manuals are not bad at that.

Have you got the ESSENTIAL Net + Sys Adm manual?
and the Doing More with SunOS ?
and stuff like this.

There are also published books. I saw one recently
in a bookshop. Spafford (a rather brilliant guy) was
one of the authors.

you might want to read the phrack archives - if you are not aware these are
"magizines" by hackers for hackers - there have been a lot of good
information on how they hack into the system, which in turn told me where I
needed more security

I will state the obvious first... There are several good books on
UNIX secrutiy that you may want to review. Some are:
        Computer Security Basics - O'Reilly & Associates
          ISBN 0-937175-71-4

        Practical UNIX Security - O'Reilly & Associates
          ISBN 0-937175-72-2

        Essential System Admistration - O'Reilly & Associates
          ISBN 0-937175-80-3

        UNIX System Adminstration Handbook - Prentice Hall
          ISBN 0-13-933441-6

There are news groups that deal with this thread lots. They include:
        comp.security.announce
        comp.security.misc
        comp.security.unix
        comp.sys.sun.admin

Each of these groups should have FAQ's that can be ftp'd (or I can
mail them to you if you would like). UUNET should have most of these
archived. Also you can get them from rtfm.mit.edu:/pub/usenet.
If you scan the uunet archive list (ls-lR, there are a number of
security related documents there as well).

Depending on what aspects of security you are interested in, there
are many other sources. These tend to be topical (i.e. network security,
secure Internet gateways, sendmail, etc.)

ftp to ftp.near.net. they have some security documents...originally from
rutger I think.

Do you have the O'Reilly book:

"Practical UNIX Security" by Simson Garfinkel & Gene Spafford, ?
ISBN 0-937175-72-2

I am happy with other books in the series.

You can mailorder from 1-800-998-9938

For internal security I suggest cops, crack and iss. I am not sure exactly
where to find them; ftp.cert.org, ftp.greatcircle.com, ftp.tamu.ut.edu and
ftp.uu.net are probably good places to start. Cops checks the system
you are on, is easily automated, and does a pretty good job < even though
the defaults are a little paranoid. changing everything it suggests may
cripple you system. >. Crack is just a password cracker. It runs for
almost a day on our sparc10, but cracks passwords on a regular basis. ISS
is available in both the old, free version which is about a third of the
comercial product. It will search for security holes on your whold net.

I also suggest looking at the security and automation parts of the most
popular sysadmin books. Looking for setuid files, etc. The O'Reilly
basic security book is good for a new admin but lacks the completeness and
tools required to really find stuff. TIStoolkit, Checkpoint, and
tripwire are for firewall security but would find what you are looking for.

Newsgroups like comp.unix.security ( and their archives available via ftp
from ftp.uu..net, etc ) is another good source. There is a firewalls
mailing list which discusses firewall security which may be helpful to
you. It would prepare you for your eventual full access to the internet,
and secure your site. The faq's for both would be helpful.

This is Kes talking here: I got a Postscript document (about 50 pages)
from Dan Transue (odt@lci.com) titled _Improving the Security of your UNIX
System_. There's some pretty good stuff in there, but I'm not sure I can
distribute it, so I recomend you mail to Dan if you want a copy. Sorry for
such a bold assumption Dan.

For basic systems administration, I'd recommend

        Unix System Administration Handbook
        by Nemeth, Snyder & Seebass
        Prentice-Hall, 1989

For more in-depth info, try:

        Practical Unix Security
        by Simson Garfinkel and Gene Spafford
        O'Reilly & Associates, 1991

Upgrade to Solaris 2.3. Run cops. Run crack.

O'reilly publishes one or two really good books on mostly-bsd type
security issues and how to resolve them.. you can pick them up at a good
bookstore (barnes & noble) or order them from ora.com (o'reilly &
associates) at 198.112.208.25

Sun has a security emial list with recommended patches that they send out.
Email mark.graff@east.sun.com to be added.

there is a PD program called "cops" thtat checks your system for security
holes. Its quite big - you may have trouble downloading it.

from an earlier SUMMARY:

My original question concerned the output from cops:-

> Among the report messages were the following:-

>> Warning! /usr/ucb/rdist could have a hole/bug! (CA-91:20)
>> Warning! /sys/sun4c/OBJ/cons.o could have a hole/bug! (CA-90:12)
>> Warning! /bin/sunview1/selection_svc could have a hole/bug! (CA-91:10a)
>> Warning! /bin/mail could have a hole/bug! (CA-91:01a)
>> Warning! /usr/etc/in.telnetd could have a hole/bug! (CA-91:02a)
>> Warning! /usr/etc/rpc.mountd could have a hole/bug! (CA-91:09)
>> Warning! /sys/sun4c/OBJ/crt.o could have a hole/bug! (CA-91:16)

> Could someone please tell me what is a hole/bug what it can do and how I
> can remedy the situation.

Thanks to all those who replied. Most passed on that the CA-?? references
are to CERT advisory numbers, the alerts for which are obtainable from

             ftp://info.cert.org/pub/cert_advisories

Patches can then be gained from sunsites like sunsite.unc.edu

Most warned that the holes enabled root access to the system.

and....

Look at info.cert.org/pub/tools. They have LOTS of security tools (and they
are free).



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:09:09 CDT