home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
SGI Enlighten DSM 1.1
/
SGI EnlightenDSM 1.1.iso
/
sco5x
/
admin
/
help
/
C
/
online0353.hlp
< prev
next >
Wrap
Text File
|
1998-06-30
|
5KB
|
136 lines
SECURITY
Security is quickly becoming one of the administrator's primary
concerns as networks continue to grow in both numbers and diversity.
Enlighten helps you integrate security capabilities, thus insuring
system and network integrity. The Security menu contains the
following security auditing checks:
+ Vital Files
+ Filesystem Devices
+ Boot and Shutdown Script Checks
+ Crontab Contents
+ Password File Integrity
+ Group File Integrity
+ User Home Directories
+ Attempted Break-ins
+ Obvious Passwords
Each of these security checks, except for Obvious Passwords, appends
their findings to a security logfile, as shown in the example on the
following page. You can use the Clear Log button to flush the
logfile and the Print button to print the logfile as needed.
Vital Files
This program will check the system directories and their files for
easily breachable write permissions. It checks the following files
and directories:
+ /etc
+ /usr/adm
+ /usr/bin
+ /usr/etc
+ /usr/lib
+ /usr/local
+ /usr/spool
and creates a report listing any potential breaches it found.
File System Devices
This program will check that the raw device name of each mounted
filesystem is in order. It looks at:
+ The ownership of the device name (filesystem)
+ The user group ownership of the device name (filesystem)
+ Read and write permissions on the device name (filesystem)
and creates a report listing any potential problems it found.
Boot and Shutdown Script Checks
This program will check the contents of all files in the /etc/rc0.d
/etc/rc1.d /etc/rc2.d /etc/rc3.d /etc/rcS.d directories and the
/etc/rc files for potential back doors which could be activated at
boot or shutdown time. These files are executed at boot time to
initialize/shutdown the system.
All the start-up and shutdown files referenced within the boot and
shutdown scripts are checked for:
+ The existence of the file
+ Write permissions on the file
+ Write permissions on the directory containing the file
and a report listing any problems found is then created. This
process may be time consuming when a large number of files is being
checked.
Crontab Contents
This program will check the contents of the crontab files for
potential back doors via the cron utility. All executable programs
referenced in the cron tables are checked for:
+ The existence of the file
+ Write permission on the file
+ Write permission on the directory containing the file
+ crontab permissions on the file
and a report listing any problems found is then created.
Password File Integrity
This program will check the password file /etc/passwd for the
following security breaches:
+ No blank lines in the file
+ Each entry has seven fields separated by colons (`:')
+ The username is alphanumeric
+ The user has a password
+ The Userid is numeric
+ If the Userid is 0, the login name is root
+ The Groupid is numeric and exists in the group file
+ The HOME directory of each entry exists
+ The starting SHELL of each entry exists
and creates a report listing any problems it found.
Group File Integrity
This program will check the group file /etc/group for the following
security breaches.
+ No blank lines in the file
+ Each entry has four fields separated by colons (`:')
+ The groupname is alphanumeric
+ The GID is numeric
+ The user group does not have a password
+ Check each group member to see if:
+ The username is alphanumeric
+ They do not exist in duplicate within the group
+ They are valid users in the /etc/passwd file
and creates a report listing any problems it found.
User Home Directories
This program will check each user's HOME directory for the following
potential problems:
+ Checks to see if each user has a home directory
+ Checks to make sure the directory is not world writable
+ Checks start-up scripts for world write permission
+ Checks start-up scripts for group write permission
and creates a report listing any problems it found.
Attempted Break-ins
This program finds all the users who failed a second attempt to
become superuser or some other user through the su command. It then
creates a report listing any problems it found.