Xref: utzoo comp.unix.questions:5781 comp.unix.wizards:6670 news.sysadmin:570 Path: utzoo!mnetor!uunet!lll-winken!lll-lcc!ames!ll-xn!mit-eddie!necntc!ima!trb From: trb@ima.ISC.COM (Andrew Tannenbaum) Newsgroups: comp.unix.questions,comp.unix.wizards,news.sysadmin Subject: Re: Usenet Security Message-ID: <893@ima.ISC.COM> Date: 24 Feb 88 18:02:40 GMT References: <108@tron.UUCP> Reply-To: trb@ima.UUCP (Andrew Tannenbaum) Organization: Interactive Systems, Boston, MA Lines: 59 Keywords: usenet uucp security access intruders I'll address dial-in security and uucp security here. I don't quite know what usenet security problem is in question. It's wise to buy a cheap UNIX box and make it your uucp/mail/news gateway. Don't put any vital info on the machine, and you'll have nothing to lose. If you are concerned about security, the minimal expense will we well invested. Connect the gateway to your work machines with ethernet, and remove any dangerous programs (like rlogin, for instance) from the gateway machine. If you're serious about security, you don't put phones on your machine. With the cost of hardware and the cost of security these days, it's silly to put uucp lines on a machine that you are worried about. uucp systems other than BNU (aka honey danber, or the latest AT&T uucp) use USERFILE, which, while it may be used to restrict access to remote users, is hard to customize on a per system/per user basis. The code and documentation is arcane, and has been rewritten many times by many people in an attempt to get it to work. You longtime uucp users might say "it works for me..." I suggest that you spend some time fiddling with the USERFILE setting up different sites and users at different levels of security, and read the chkpth() code, and see how goofy it is. It might work in 4.3bsd, but in general, USERFILE processing is buggy, and most sites simply put , / or , /usr/spool/uucp in there. Actually, I think ", /" doesn't work in most older uucp's, you have to put the line in twice because of weird parsing problems with null USERFILE descriptors. The BNU Permissions file takes some getting used to. It's more verbose, more flexible, and cleaner. The Permissions file has been one of the major selling points for BNU uucp. I have never had a problem bringing up BNU under new UNIX system, AT&T or BSD based. If you don't have dial-ins, you don't have intruders logging in over them. Assuming you want uucp dial-ins, there is a way to make them quite secure. (I learned this method from Brian Redman - ber of honey danber fame.) Hack up a copy of login that only allows uucp's to log in, and only forks uucico. You could post your /etc/passwd to usenet, and no one would be able to log in over those uucp-only lines. It would be wise to keep your user dial-in phone numbers secret ("security through obscurity," as I've heard Karl Heuer, the Walking Lint, call it). Segregating your user dial-ins from your uucp dial-ins only involves the base cost of phone lines, it isn't changing the i/o load any. It's a good idea to give your uucp dial-in users separate /etc/passwd entries. This makes it easier to monitor per-user access, both using the uucp log files and the "last" command to peruse the wtmp records. If you want to monitor use of uucp or netnews posting, you can use the log files provided by these systems, or if you find them unsatisfactory, you can easily write front-end shell scripts to provide your own logging. Andrew Tannenbaum Interactive Boston, MA +1 617 247 1155