Path: utzoo!attcan!uunet!husc6!uwvax!oddjob!gargoyle!att!chinet!mcdchg!usenet From: dan@coplex.UUCP Newsgroups: comp.unix Subject: Re: unix security program Message-ID: <7970@mcdchg.UUCP> Date: 20 May 88 16:37:09 GMT References: <4625@mcdchg.UUCP> Sender: usenet@mcdchg.UUCP Organization: Copper Electronics Inc. Louisville, KY Lines: 38 Approved: usenet@mcdchg.UUCP In article <4625@mcdchg.UUCP> you write: >The book, 'UNIX System Security', by Wood and Kochan, has a few security >programs listed in the appendices. One does security auditing (secure), >another checks file permissions (perms), and then there are 2 that do >password administration (pwadm and pwexp). > >Has anyone tried these programs out? I'd be interested to hear about >your results. Hello, We have the book you speak of (a well written one at that) and we have two of the programs you speak of on line. The secure program listed in the back of the book is one that we use from time to time and does a rather good job of it. Assuming you have access to root, it will search for setuid programs that dont belong where they should, globally writable files, stale login ids, etc. It does a good job. A few local modifications and additions are probably going to be necessary to suit your taste however... Of course it isnt necessary though. We also have the pwadm and pwexp programs on line. Seeing that standard system 5 doesn't (for some god awful reason) support any programs (that I know of) that do this for you, it does a good job. All of the time accounting done by /bin/login is handled. You can either read the status of a user or change his status (assuming you have root permissions). You can make him NOT be able to change his password (guest accounts are a good example), FORCE him to change his password upon next login, make him change his password every [n] weeks, etc. This utility works very well if you have a need for cuch things. >Also, if anyone has one or more of these programs on-line, could you please >send me a copy? Thanks a bunch. If you want the sources without having to type them in, just drop a line and I will gladly send you them. As far as the permission program, we didnt implement that one... Sorry. Take it easy, {mit-eddie}!bloom-beacon!coplex!dean