Path: utzoo!attcan!uunet!husc6!uwvax!oddjob!gargoyle!att!chinet!mcdchg!usenet From: andrew@uel.uel.co.uk (Andrew Josey) Newsgroups: comp.unix Subject: Re: unix security program Summary: unix security, kochan & wood Keywords: unix security Message-ID: <7971@mcdchg.UUCP> Date: 20 May 88 16:37:20 GMT References: <4625@mcdchg.UUCP> Sender: usenet@mcdchg.UUCP Organization: AT&T Unix Europe, London, UK Lines: 50 Approved: usenet@mcdchg.UUCP In article <4625@mcdchg.UUCP>, modla@atux01.ATT.COM (J. Modla) writes: > The book, 'UNIX System Security', by Wood and Kochan, has a few security > programs listed in the appendices. Has anyone tried these programs out? > I'd be interested to hear about your results. > > Also, if anyone has one or more of these programs on-line, could you please > send me a copy? I have been running the programs on a 3B2 running UNIX System V Release 3.1. I quote from the book: "the secure program shown in this book is a very elementary auditing program. It is meant to be a framework..." Secure is a useful starting point and puts many checks into one program that I used to have as a number of scripts. The permissions check program requires you to set up a list of permissions, the ones given are not the most secure, for example: /bin 555 dr-xr-xr-x If you want security why let users cd to or ls /bin, better to set the permissions : /bin 111 d--x--x--x Does anybody out there have a definitive set of "secure" file protection settings for System V (especially Release 3)? I like the pwadmin and pwexp programs, and wonder why this feature has not been provided for in 3B2 sysadm. It's much easier using pwadmin than having to remember "password-ese" ( .=0, /=1, 0-9=2-11, A-Z=12-37...) As for availability of the programs page 3 of the introduction says they are available electronically from Pipeline Associates, Inc. (I have not tried this, and don't know if it works...) I won't give the address here as I'm sure they don't want to be deluged with requests. My overall impression is that the book is worth reading by anyone responsible for system security. No, I am not on commission :-). The programs alone will not secure your system. However, they are a good start and I have added these to my security "toolpack"... -- Andrew Josey, AT&T Unix Europe, a Division of AT&T (UK) Ltd. International House, Ealing Broadway, London W5 5DB, England, UK uucp:{ mcvax!ukc, attunix} uel!andrew { The usual disclaimer .... }