Path: utzoo!utgpu!news-server.csri.toronto.edu!rpi!usc!elroy.jpl.nasa.gov!decwrl!sgi!mips!sysadmin!bjorn
From: bjorn@sysadmin.sysadmin.com (Bjorn Satdeva)
Newsgroups: comp.unix.admin
Subject: Re: Security audit programs
Message-ID: <21@sysadmin.sysadmin.com>
Date: 27 Mar 91 07:28:16 GMT
References: <40371@cup.portal.com> <612@minya.UUCP>
Organization: /sys/admin, inc., San Jose CA
Lines: 30

In <612@minya.UUCP> jc@minya.UUCP (John Chambers) writes:

>> [Question about periodic security audit deleted.]

>Hardly a need for a special program.  What I do is:

> [Solution using find deleted]

>(Actually, I wouldn't be very surprised to find that someone had written
>a separate program to duplicate this special case.  People do silly things
>like that all the time. ;-)

John,

Writing a program which does this kind of test is not necessary silly.
If you are responsible for a large number of systems, and run the test
automatically from cron, you only want to hear about the problems,
not all the OK stuff.

References to security audit programs are COPS (posted to comp.unix.sources),
SPY (LISA proceedings 1989 [I think]) and SECURE in the UNIX Security Book
by W&K.  The last is a good starting point for how to write your own sequrity 
audit (app. 60 pages shell scripts), but don't expect to use it as is, 
unless you run vanilla SYS V rel 2.

Bjorn
--
Bjorn Satdeva --  email: bjorn@sysadmin.com or uunet!sysadmin!bjorn	
/sys/admin, inc.  The Unix System Management Experts  (408) 241 3111
Send requests to the SysAdmin mailing list to sysadm-list-request@sysadmin.com