Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!mailrus!sharkey!b-tech!zeeff
From: zeeff@b-tech.ann-arbor.mi.us (Jon Zeeff)
Newsgroups: comp.unix.wizards
Subject: Re: What should go into a security-checking shell script?
Message-ID: <9689@b-tech.ann-arbor.mi.us>
Date: 27 Oct 89 18:00:10 GMT
References: <363@nisca.ircc.ohio-state.edu> <MONTNARO.89Oct23142449@sprite.crd.ge.com> <1TDnkx#VBnsh=greg@cheers.UUCP>
Reply-To: zeeff@b-tech.ann-arbor.mi.us (Jon Zeeff)
Organization: Branch Technology, Ann Arbor, MI
Lines: 26

>	- Compare checksums of all vendor-supplied executables
>	  with known-correct checksums.
>	- Use find(1) to search the disks for set-uid
>	  and set-gid executables as well as special 
>	  devices (since they can only be made by root).
>	- Validate the permissions of all important 
>	  configuration files (/etc/passwd, /etc/group,
>	  /etc/{tty,ini}tab, UUCP L.sys/Systems files,
>	  etc).


I have a couple of small programs that do this if anyone is interested.












-- 
Branch Technology  <zeeff@b-tech.ann-arbor.mi.us>