📄 unix computer security checklist.0
字号:
/tmp/.NeWS-unix; you may have to set these manually or through the system startup files.------------------------------------------------------------------------------Appendix A: Other AUSCERT information sourcesA.1 AUSCERT advisories Past AUSCERT advisories can be retrieved via anonymous ftp from ftp://ftp.auscert.org.au/pub/auscert/advisory/* A.2 AUSCERT's World Wide Web server AUSCERT maintains a World Wide Web server. Its URL is http://www.auscert.org.au------------------------------------------------------------------------------Appendix B: Useful security tools There are many good tools available for checking your system. The list below is not a complete list, and you should NOT rely on these to do ALL of your work for you. They are intended to be only a guide. It is envisaged that you may write some site specific tools to supplement these.B.1 Crack Crack is a fast password cracking program designed to assist site administrators in ensuring that users use effective passwords. Available via anonymous ftp from: ftp://ftp.auscert.org.au/pub/cert/tools/crack/*B.2 COPS and Tiger These packages identify common security and configuration problems. They also check for common signs of intrusion. Though there is some overlap between these two packages, they are different enough that it may be useful to run both. Both are available via anonymous ftp. COPS: ftp://ftp.auscert.org.au/pub/cert/tools/cops/1.04 tiger: ftp://ftp.auscert.org.au/pub/mirrors/net.tamu.edu/tiger*B.3 npasswd and passwd+ These programs are proactive password checkers. They run a series of checks on passwords at the time users set them and refuse password that fail the tests. Note that these programs are not designed to work with shadow password systems. Both are available via anonymous ftp. npasswd: ftp://ftp.auscert.org.au/pub/mirrors/ftp.cc.utexas.edu /npasswd/npasswd.tar.Z passwd+: ftp://ftp.auscert.org.au/pub/mirrors/dartmouth.edu /security/passwd+.tar.ZB.4 tcp_wrapper This software gives logging and access control to most network services. It is available via anonymous ftp from: ftp://ftp.auscert.org.au/pub/mirrors/ftp.win.tue.nl /tcp_wrappers_7.2.tar.gz B.5 Tripwire This package maintains a checksum database of important system files. It can serve as an early intrusion detection system. It is available via anonymous ftp from: ftp://ftp.auscert.org.au/pub/coast/COAST/Tripwire/*B.6 cpm cpm checks to see if your network interfaces are running in promiscuous mode. If you do not normally run in this state then it may be an indication that an intruder is running a network sniffer on your system. This program was designed to run on SunOS 4.1.x and may also work on many BSD systems. It is available via anonymous ftp from: ftp://ftp.auscert.edu.au/pub/cert/tools/cpm/*B.7 Vendor supplied C2 security packages Consult manuals supplied by your vendor as to installing C2 security. The SunOS manual is "SunOS System & Network Administration Guide".B.8 Vendor supplied security auditing packages Sun provides an additional security package called SUNshield. Please direct enquiries about similar products to your vendor.B.9 smrsh The smrsh(8) program is intended as a replacement for /bin/sh in the program mailer definition of sendmail(8). smrsh is a restricted shell utility that provides the ability to specify, through a configuration, an explicit list of executable programs. When used in conjunction with sendmail, smrsh effectively limits sendmail's scope of program execution to only those programs specified in smrsh's configuration. It is available via anonymous ftp from: ftp://ftp.auscert.org.au/pub/cert/tools/smrshB.10 md5 md5 is a message digest algorithm. An implementation of this is available via anonymous ftp from: ftp://ftp.auscert.org.au/pub/cert/tools/md5/* ftp://ftp.auscert.org.au/pub/cert/tools/md5check/*------------------------------------------------------------------------------Appendix C: ReferencesC.1 Practical UNIX Security Simson Garfinkel and Gene Spafford (C) 1991 O'Reilly & Associates, Inc.C.2 UNIX Systems Security Patrick Wood and Stephen Kochan (C) 1986 Hayden BooksC.3 UNIX system security: A Guide for Users and System Administrators David A. Curry Addison-Wesley Professional Computing Series May 1992.C.4 X Windows System Administrators Guide Chapter 4 (C) 1992 O'Reilly & Associates, Inc.C.5 Information Security Handbook William Caelli, Dennis Longley and Michael Shain (C) 1991 MacMillan Publishers Ltd.C.6 Firewalls and Internet Security William R. Cheswick & Steven M. Bellovin (C) 1994 AT&T Bell Laboratories Addison-Wesley Publishing CompanyC.7 CERT advisories can be found via anonymous FTP from ftp://ftp.auscert.org.au/pub/cert/cert_advisories/*C.8 UNIX System Administration Handbook Nemeth, Evi, Garth Snyder and Scott Seebas Prentice-Hall, Englewood Cliffs(NJ), 1989C.9 Essential System Administration Aeleen Frisch O'Reilly & Associates, Inc.-----------------------------------------------------------------------------Appendix D: Abbreviated Checklist It is intended that this short version of the checklist be used in conjunction with the full checklist as a progress guide (ie. check the sections off as you go so that you remember what you have done so far). 1.0 Patches [ ] Installed latest patches?2.0 Network security [ ] Filtering [ ] "r" commands [ ] /etc/hosts.equiv [ ] $HOME/.rhosts [ ] NFS [ ] /etc/hosts.lpd [ ] /etc/ttytab [ ] /etc/inetd.conf [ ] Trivial ftp (tftp) [ ] /etc/services [ ] tcp_wrapper (also known as log_tcp) [ ] /etc/aliases [ ] /etc/sendmail.cf [ ] majordomo [ ] fingerd [ ] UUCP 3.0 ftpd and Anonymous ftp [ ] Versions [ ] SITE EXEC [ ] Configuration of your ftp server [ ] Permissions [ ] Writable directories [ ] Disk mounting4.0 Password and account security [ ] Policy [ ] Proactive Checking [ ] Root Password [ ] NIS and /etc/passwd entries [ ] Password shadowing and C2 security [ ] Administration [ ] Special accounts [ ] Root account5.0 File system security [ ] General [ ] /etc/rc.local [ ] /usr/lib/expreserve [ ] External file systems/devices [ ] File Permissions [ ] Files run by root [ ] Bin ownership [ ] Tiger/COPS6.0 SUNOS specific security [ ] IP forwarding [ ] Framebuffers /dev/fb [ ] /usr/kvm/sys/* [ ] /dev/nit (Network Interface Tap)7.0 IRIX specific security [ ] /usr/lib/vadmin/serial_ports8.0 X windows security [ ] Problems with xdm [ ] X security - General-----------------------------------------------------------------------------Appendix E: Shell ScriptsE.1 Script for printing the umask value for each user.#!/bin/shPATH=/bin:/usr/bin:/usr/etc:/usr/ucbHOMEDIRS=`cat /etc/passwd | awk -F":" 'length($6) > 0 {print $6}' | sort -u`FILES=".cshrc .login .profile"for dir in $HOMEDIRSdo for file in $FILES do grep -s umask /dev/null $dir/$file donedone-----------------------------------------------------------------------------The AUSCERT team have made every effort to ensure that the information contained in this checklist is accurate. However, the decision to use the tools and techniques described is the responsiblitiy of each user or organization. The appropriateness of each item for an orgaization or individual system should be considered before application. AUSCERT takes no responsibility for the consequences of applying the contents of this document. Please feel free to copy and distribute this document provided you acknowledgeAUSCERT copyright.(C) Copyright 1995-----------------------------------------------------------------------------If you believe that your system has been compromised, contact AUSCERT or yourrepresentative in FIRST (Forum of Incident Response and Security Teams).Internet Email: AUSCERT@AUSCERT.org.auAUSCERT Hotline: (07) 365 4417 Facsimile: (07) 365 4477 AUSCERT personnel answer during business hours (AEST - GMT+10:00), on call after hours for emergencies. Australian Computer Emergency Response Teamc/- Prentice CentreThe University of QueenslandBrisbane, AustraliaQld. 4072.⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -