Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!zaphod.mps.ohio-state.edu!swrinde!cs.utexas.edu!sun-barr!newstop!texsun!letni!mic!ernest!shibaya!afc From: afc@shibaya.lonestar.org (Augustine Cano) Newsgroups: comp.sys.3b1 Subject: COPS security audit and the unix pc. Message-ID: <1991Mar23.004007.2024@shibaya.lonestar.org> Date: 23 Mar 91 00:40:07 GMT Organization: Multidisciplinary Designs Unlimited Lines: 74 When I first ran the COPS security package on my 3b1, I got a report more than 250 lines long. Most of the entries were about files and directories being world-writable. Surprisingly, the following few commands eliminated the vast majority. chmod o-w / /usr /usr/bin /usr/adm /usr/lib /usr/spool /usr/spool/news chmod o-w /usr/local /usr/local/bin /usr/local/lib /. /.. /etc/daemons chmod o-w /.phdir /etc/timedsply /usr/lib/cron /usr/lib/dwb /usr/lib/macros chmod o-w /usr/lib/me /usr/lib/ms /usr/lib/news /usr/lib/newsbin chmod o-w /usr/lib/nterm /usr/lib/spell /usr/lib/tabset /usr/lib/tmac chmod o-w /usr/lib/ua One directory that CANNOT be treated in this manner is /usr/spool/uucp. I tried it and kermit couldn't then set or clear locks. The COPS security report is now down to the following: (actual COPS output follows '>', my comments follow each (group of) entry(ies)) > Warning! Root does not own the following file(s): > found found found /bin Is this of any consequence? > Warning! /usr/spool/uucp is _World_ writable! This one has to be ignored; as I said above certain programs might not be able to access locks if this is changed. > Warning! /etc/drvtab is _World_ writable! > Warning! /etc/inittab is _World_ writable! > Warning! /etc/wtmp is _World_ writable! Does anybody know if this has to be so? (particularly for /etc/wtmp). > Warning! /usr/adm/NBS.log is _World_ writable! > Warning! /usr/adm/UNIX.log is _World_ writable! > Warning! /usr/adm/cronlog is _World_ writable! > Warning! /usr/adm/drv.log is _World_ writable! > Warning! /usr/adm/sulog is _World_ writable! > Warning! /usr/adm/unix.log is _World_ writable! Log files... the security risk coming from here is, even in the worst case, minimal. > Warning! /usr/lib/crontab is _World_ readable! > Warning! /usr/adm/sulog is _World_ readable! Should anybody care about these two? COPS output is looking more and more like lint... > Warning! File /dev/console (in /etc/rc*) is _World_ writable! > Warning! File /dev/window (in /etc/rc*) is _World_ writable! > Warning! File /usr/lib/ua/.blanktime (in /etc/rc*) is _World_ writable! > Warning! User uucp's home directory /usr/spool/uucppublic is mode 0777! > Warning! User nuucp's home directory /usr/spool/uucppublic is mode 0777! Of course, since all uucp accounts have the same home directory, the same message appeared once for each uucp-connected machine. > Warning! /usr/lbin/uudecode creates setuid files! This, according to the documentation, is pretty common, but without re-inforcing other problems, seems to be ok. Comments anyone? Most of these "problems" (corrected and remaining) originated with the standard installation of the standard unix pc software, so it's likely you also have them. Whether they can be safely ignored is up to you... Stay tuned for coming attractions: AT&T external monitor for the unix pc? -- Augustine Cano INTERNET: afc@shibaya.lonestar.org UUCP: ...!{ernest,egsner}!shibaya!afc