yalovadaarsa.com buy cheap kamagra online uk spacecityparent.com zovirax ointment 15g price cialis online from canada topiramate sjogrens parameters for hctz lisinopril medications buy levitra new york leg pain with prednisone hydroxyzine 30 mg street value yalovadaarsa.com accutane side effects gastrointestinal bridgehousemedia.com gandhipucollege.com lawonline.co.il lawonline.co.il nsfrm.com class action lawsuit using zofran while pregnant seroquel xl and smoking weed tab augmentin 625 price zyprexa side effects pdf benicar oral tablet 20 mg information thyroxin sodium interaction with sildenafil citrate can zoloft be taken twice daily when-we-were-kings.com side effects prednisone skin will bactrim 800 for three days order zithromax online usa panoramainternetu.pl real cialis cheap levitra price at walgreens coumadin 5 mg nomogram doxycycline hyclate dr odt viagra brand name online proscar 1.25 puedo tomar cytotec con 25 semana tizanidine and paroxetine how does cyproheptadine hcl 4mg works apo acyclovir 400 mg uses orlistat tablete cena prozac withdrawal yzslk.com filmarray.com use of tizanidine tablets with levofloxacin tablets buy viagra tablets india estradiol 15000 best price singulair 10 mg quetiapine painkillers farmacias en honduras tegucigalpa que vendan cytotec lasix dose for p e craigslist erectile dysfucntion zovirax generic ointment is coughing a side effect of 40mg of coreg mytime99.com celebrex used for shingles phenergan for 15 month old flying ezberbozan.net how long do cymbalta withdrawal symptoms last viagra for sale to canada banners-and-skyscrapers.com is premarin on walmart discount list lipitor 20 mg price comparison what happens if you mix levitra and viagra metoprolol discount gambe-leonardo.eu ascbelfast.com generic viagra without prescription levitra 20 mg 4 tablet lawonline.co.il sonorapork.com dataminingweb.com propecia and panic attacks doxycycline and epilim amoxicillin rash vs allergy does boots sell acyclovir cerisdieventi.com cytotec nebenwirkung darm interaction between albuterol sulfate and guaifenesin dysmenorrhea after clomid clomipramine 10 mg side effects aml.ca focva.org is savella 50 as good as sertraline hcl 100 mg how long does telmisartan take to work can you take prilosec and antibiotics together celexa and zzquill indole 3 versus arimidex niopera.com seroquel xr 900 mg kamagra oral jelly best price fluconazole and depo provera how long does 40 mg of propranolol stay in your urine is 100 mg of levothyroxine a high dose konutturk.net bupropion sr will anxiety wear off purchase propecia drug doxycycline dosage for food poisoning escitalopram efectos colaterales sampiyonhaliyikama.com 50 miligramos de warfarin sirve el generico del captopril doxycycline to treat breast infection fungsi obat prostat amlodipine besylate 10 mg can i take chramphnicol after 5hrs of taken amoxil emraan hashmi aap ki adalat full episode watch online naproxen 100mg anastrozole uk zyprexa drug price onset time of amoxicillin himox septra ds for mrsa can you take wellbutrin sr 150 and effexor together kamagra and side effects gabapentin 300mg capsules instrucciones en espanol buy nexium medication prednisone 50 mg po cialis normal dosage lbc4help.org fehmierduran.com blackisbusiness.info does tamoxifen make women horny viagra discount retail prednisone betab side effects of metronidazole in dogs taking olanzapine 2.5 mg with weed can clomid cause breast milk discharge hoe long can you stay in buspar marashthermal.com azithromycin 500 dose for acne vulgaris metronidazole side effects for bv lexapro 28 mg signature for diflucan onlineslotssystems.com amoxicillin 500mg. show up in ua elusionist.com voltaren supp 12.5dose 3 estrogens lasix iv to po is keralaga eru have any interaction with cabergoline order flagyl er online azithromycin treatment of rheumatoid arthritis cytotec en estados unidos 15 yard adalat clopidogrel generico precio walmart mexico csipropertyservices.com do we have xenical in clicks stores south africa online apotheke viagra mit rezept viagra purchase uk valsartan vs clonidine reviews doxycycline 600 mg lamisil penile yeast infection lifesaverpoolfencesofnevada.com metformin side effects mayo clinic costa allegra cabins torsemide 20mg ingredients propranolol hydrochloride 20 mg side effects buspar social anxiety fluconazole aspergillus can i givemy dog metronidazole 500mg tab can i buy viagra for my boyfriend buy nolvadex pills ttc taking 50g of clomid 38 years old mifepristone dan misoprostol di malaysia maxalt mlt side effects austell fluconazole 40mg nexium citalopram mercury drugstore amoxicillin price harga inhaler albuterol can you drink whilst taking 80mg propranolol baclofen 10 mg muscle relaxer generic prozac anxiety and propranolol use in first trimester tamoxifen citrate spray dosage should you take lisinopril in morning or night zyprexa velotab ta 4115 carvedilol y clopidogrel ascbelfast.com bridgehousemedia.com deserteichler.com adalat 30 mg dosis what is acyclovir 15 g for ondansetron accion terapeutica generic for singulair chewable side effects estradiol 1 mg can you take promethazine with buspar and paxil citalopram 40 mg tab amn bukitpinus.com can i take garlic and levofloxacin together does viagra adversely affect glaucoma patients zyprexa uk patent expiry gestodene 0.075mg ethinyl estradiol 0.02mg side effects coreg cr 20mg price clomid second round pregnancy anastrozole patient uk seroquel cost misoprostol 4 pills can i take a beta blocker with augmentin insurancetravelguide.com estradiol 2 mg rezeptfrei receding hairline finasteride ivermectin oral dosage rabbit decadron uses for weight loss nortriptyline mg cephalexin daily dosage wrse-modelling.org.uk accommodationmadeasy.com arr.czestochowa.pl arimidex ten year study kamagra for sale in durban nimsassociates.net web5.ict4b.eu worldtravelandtourservices.com purchase conjugated linoleic acid viagra price in uk levaquin antibiotic while pregnate augmentine 100 bebe7 meses alternative herbal medicine to montelukast bridgehousemedia.com bisenconsulting.com metronidazole dosage abscess cialis chew genesis finasteride usp tamoxifen 20 mg cost in india lasix 20 mg image marashthermal.com cheap prednisone 10 mg for dogs vet meth and zoloft best results taking cialis how to make cialis work faster overnight viagra orders synthroid equivalent in india buy nexium sachets septra vs streptococcus group a patogh98.ir doxycycline hyclate 75mg what is tamiflu what is tamoxifen creamost.com.py levaquin 500 mg cheap cialis generic tadalafil em2nt.net disabledinafghanistan.com taking naproxen with citalopram hbr 10 mg together all-html.net singulair 5 mg 10 mg trix pro dutasteride 0 15 mg bijwerkingen lasix vs spironolactone misoprostol online in india puedo tomar cytotec a las 12.5 semanas th600.com get propecia online uk 1 mg dutasteride comparable to 5mg finasteride clavet antibiotic mix with milk allergic reactions bupropion estradiol injection dosage meloxicam 5mg africanamericanimages.us THUMBUY.COM ciprofloxacin mild uti bactrim for meningitis what drug reverse the effects of digoxin brufen 400 same as naproxen 750 mg bupropion hcl xl 300 mg watson finasteride 40 mg cymbalta vs effexor side effects side effects onset of action lexapro deserteichler.com doxycycline hyclate 100mg interaction with alcohol can i take 15mg of norvasc theitrecruiters.com clopidogrel bisulfate bp certificate of analysis lisinopril and paracetomol bactrim extra strength side effects bmmpm.com out of date kamagra wellbutrin 500 cost of viagra from canada cost of viagra pills in india benazepril price balitoursclub.com nizoral 2 cream boots fehmierduran.com studioaec.it buy prazosin reviews of gabapentin ile-au-tresor.net xiyue028.com yalovadaarsa.com how long before hydrochlorothiazide takes effect ciprofloxacin online no prescription skale.it generic remeron how much gabapentin can oversdose does genairac azithromax cure chalmidia and gonneria healthpromotionadvocates.org fehmierduran.com thyroxine requiring elution does bluecross cover cialis 30 sertraline hcl 50 mg amoxicillin b.p 500mg how its work soft viagra tabs buy cheap tetracycline z tabs antibiotics NEOHAIRINDO.COM prnc.tv anafranil letale dosis side effects lexapro and racey buy cialis professional online canada doxycycline coverage compared to tetracycline coverage. bupropion uk licence ketoconazole with coaltar lotion raloxifene after breast cancer surgery can you eat a grapefruit while taking coreg cr metronidazole philippines price is prednisone safe for sinus infection during pregnancy amoxicillin 500mg for std does gabapentin stoppage cause insomnia cialis 300mg redcaymanmedia.com lamisil est bon pour plantar warts how long does phenergan take to dissolve in your buttox zovirax generic about costo viagra 100 in farmacia bactrim desensitization protocols cdfeorellana.com bd in augmentin means nizoral shampoo sachet online india para que se utiliza gabapentina g31 trazodone 25 mg pill side effects from taking 40mg of prednisone for 5 days flagyl suspension de 125 mg en francais zedd 500 azithromycin interaction remeron and transdermal estradiol cipromed 500 paroxetine mayo clinic lbc4help.org anyone died from gabapentin and adderall finasteride 5 mg. cost in india seenonstage.pl mutien.be buy propecia online now openbangladesh.org bupropion mayo clinic chatcopii.com hydroxyzine hcl 10mg tablet side effects roywalker-ifa.com dosage of prednisone for allergic reaction how many mg do i need of celebrex to get high disabledinafghanistan.com flagyl 125 uses prednisone dosage to treat asthma allcoinreviews.org buy accutane now playbookmanagement.com fluconazole cream for ringworm hoe vertrouwelijk is de kamagra jelly can i take finasteride and testosterone shots gold viagra pill side effects over three counter substitute fir doxycycline for cats walgreens flavoring for azithromycin viagra pricing mexico effects of not taking synthroid gandhipucollege.com can lamisil and c difficile generic brands of tamsulosin in the philippines warfarin relora naproxen sodium over the counter instead of 500 cipro for uti generic levitra vardenafil canada libido increase taking synthroid doxycycline hyclate 100mg capsules can they be cut dosis para 15 semanas cytotec can the medicine cyproheptadine used for bipolar combination of keflex and zithromax metronidazole yahoo answers buy esomeprazole online 100mg clomid pcos prednisone 4 mg daily worldtravelandtourservices.com miriamandtom.com prednisone 40 mg for poison ivy wikipedia baclofen avapro hct 300 mg misoprostol presentacion farmaceutica cost of generic lexapro without insurance feifan8.net generic benazepril hcl atomoxetine starter pack celecoxib indication in drug study prednisone for singers weaning off prednisone eye drops nimsassociates.com deserteichler.com fluconazole funzela 200mg michalchrzanowski.com valtrex 1000 mg infarmed buy doxycycline for pigeons simplebonsai.info diltiazem tachycardia lupus symptoms trazodone forum doza nimsassociates.com 8nxw.com bukitpinus.com feldene flash piroxicam 20 mg obat apa paroxetine with 20mg ritalin accutane 40 mg 3 times a week viagra plus canada kamagra generic viagra disabledinafghanistan.com misoprostol cytotec aborto allcoinreviews.org benazepril 341 ascbelfast.com aneyron.com audiomaximus.com will welbutin help stop sugar cravings from zoloft duloxetine p30mg. price costco. gelernt.net gelernt.net what do i say to get viagra script effect of cialis and red wine on the body can 30 pills of 20 mg citalopram kill yoi insurancetravelguide.com lbc4help.org mans boobs propecia amoxicillin oral suspension dosage for dogs teva brand finasteride taking cenox and doxycycline loylogic.com how should amoxicillin 50g be taken while pregnant amitriptyline trapped wind can fluconazole be used for anal itching bodybuilding and warfarin dosage of fluconazole for intestinal candida does metformin make you stink best viagra to buy online on south beach diet can i loose with taking remeron generic colchicine prices tamoxifen online apotheke allcoinreviews.org switching from trazodone to seroquel 555fs.com effective dose elavil for depression can you take aleve with wellbutrin xl anaheimangelsjersey.com jpsager.com piroxicam 20 mg obat untuk apa when antidepressants make you throw up shapirogalvinlaw.com buy viagra softtabs misoprostol puede dejarte esteril clopidogrel sales worldwide does cialis work after prostatectomy buy ventolin inhaler online no prescription weaning off low dose lexapro buy nolvadex in the united states prices viagra uk purple round synthroid 75 pill teva fluconazole is it good for cold sores dutasteride sale order propecia cod how much does propecia cost in australia novo naproxen 375 takin with a muscle relaxer ciprofloxacin salut selaput paten shof3qar.com amoxil for babies philippines tmedia.com misoprostol 500 mg price in india paladardigital.com finasteride 37 sampiyonhaliyikama.com yzslk.com buy clomid no prescription negative ovulation tests while taking augmentin mixing trazodone and lisinopril large amount overdose valtrex generic brand 54356 cialis and colonoscopy cialis en los angeles buy zofran online australia what of diflucan doesnt work bupropion xl side effects twitching iphone5sreview.nl 600mg gabapentine and 60mg duloxetine dr effects can you take metformin and berberine together amoxicillin for tattoo infection cerisdieventi.com cipro ear drops mirtazapine 15 mg and hydrocordon 5th week on accutane reviews is nexium better than peploc cocopazzoristorante.com bovikalc.co.uk capoten mg how much septra do i give dog for parvo obat atenolol can you buy fish antibiotics in canada how many grams those azithromycin topamax topiramate 25mg cause itch sildenafil lysto expray como se utiliza lamisil cream price in rs fredpaulino.com nizoral anti oily shampoos

previous  next  Title  Contents  Index        Previous     Next      Top   Detailed TOC  


Securing UNIX: Part 1/2


Overview

UNIX was not designed to be a secure operating system. It was designed to be flexible, "open", portable and simple in concept. Now, at 28 years of age, UNIX is one of the major server operating systems and looks likely to remain so in the coming years. However it is causing major security headaches. Most vendors have improved security over the years, with the result that the current systems are better than their precedents, but vendors still don't put nearly enough effort into cleaning the UNIX source code, or can't (for compatibility). Technical innovation seems to be the major selling point for UNIX systems and security is being neglected. It requires significant system administrator know-how to run UNIX systems securely. [The same applies for VMS and NT incidentally]

UNIX has many variations, for example: Next, SGI, AIX, HP-UX, AUX, SunOS, Solaris, SCO, Ultrix, Digital UNIX (OSF/1) and Unixware. The UNIX trademark now belongs to X/Open Ltd. UNIX has two principal flavours: BSD (developed at Berkeley University) and SYSV (System 5 from AT&T, later USL, Novell and now SCO).

SVR4 and OSF are based on both BSD and SYSV with SVR4 being the defacto standard today. Most commercial systems are based on SVR4 or have certain components from SVR4. DEC, IBM and HP systems have lots of OSF features.

BSD: SunOS (Solaris 1.x), BSDI, Ultrix, OSF/1, NeXTstep, HP-UX, OpenBSD, NetBSD, FreeBSD.
SVR4: Solaris 2.x, HP-UX, Unixware and (sort of) IRIX5, HP-UX10
OSF: Digital Unix
Weird: AIX (SVR3+BSD+OSF+IBM). AIX is a mixture between BSD, System V release 3 and major non-standard changes. Hardly any subsystem in AIX is managed in the same way as on BSD or SVR4. Lot's of fun to administer.

In this section SunOS (Solaris 1.x) and Solaris 2.x are mainly considered. AIX, Digital UNIX, IRIX and HP-UX will also be added bit-by-bit. However, most of these systems are similar to either SunOS or Solaris, so this chapter should be useful for non-Sun admins.

A quick guide to securing UNIX

General

Documentation

Ref. Document number  Title Date Author
[unix1] ISBN 1-56592-148-8  "Practical UNIX Security", O'Reilly & Associates. 
2nd Edition in April 1996 (much bigger) 
June 1991  Garfinkel / Spafford 
[unix2] Unixworld magazine  Encrypting Shell Scripts  Sept. 1992  R. Schwartz 
[unix3] ISBN 0-201-63357-4  Firewalls and Internet Security  1994 Cheswick / Bellovin 
[unix4] ISBN 0-13-149386-8  Panic! UNIX system crash dump analysis.  1995 Drake / Brown 
[unix5]   Solaris 2.5 Documentation: 
"System Administration Guide, Vol2" 
1995 SunSoft
    Solaris 2.5 Documentation: 
"System Administration Guide, Vol1" 
1995 SunSoft
  ISBN 0-13-151051-7  UNIX System Administration Handbook, 
Prentice Hall 
1995 Nameth /Snyder.... 
  ISBN 1-56592-124-0  "Building Internet Firewalls", O'Reilly & Associates  1995 Chapman / 
Zwicky 
    Solaris 2.5 Documentation: 
"SunSHIELD BSM Guide" 
1995 SunSoft
  SunWorld The Solaris Security FAQ (online)
SunWorld security columns
1998
1995-9
Peter Galvin
P.Galvin/Carole Fennelly

Assurance

For assurance choose an OS version which has been certified to ITSEC or TCSEC levels. See the "Operating System Overview" chapter. Most UNIX versions are available with C2. 

"C2" for SunOS4

This package should allow a solaris1 machine to conform to C2 level security. Practical experience shows that it is difficult to administer, requires many patches, is complex, provides huge logs and even writes clear text passwords to these logs. It is recommended to upgrade to Solaris 2, rather than use this package. 

Principal dangers / problems

Accountability

Identification / authorisation

Introduction

Standard UNIX identifies users through user ids (UID), which are a number attributed to the user's login name. Users are authenticated by use of a password.

Standard UNIX authentication methods (telnet, ftp, "r" commands, NIS) are easy to cheat on a network of UNIX machines, if a user has root access to his own workstation. 

UNIX accounts: General Guidelines

Most of the following guidelines are tested by utilities such as COPS, TAMU Tiger, ESM and SecureMax:

Solaris 2: /etc/default/passwd, /etc/shadow, commands nispasswd, passwd, admintool
Solaris 1: passwd, yppasswd
HP-UX:  In trusted mode, see /tcb/files/auth/..
AIX:       /etc/security/login.cfg
Other PD utilities, proactive: npasswd, passwd+. reactive: COPS, scripts to check for empty or bad passwords (with crack).

The following are not necessarily check by the tools mentioned above:

NIS

NIS +

passwd: compat
passwd_compat: nisplus
group: compat
group _compat: nisplus

Then each user to be allowed login access requires an entry in /etc/passwd and /etc/shadow of the form:
+fred:x:::::: /etc/passwd
+fred::::::: /etc/shadow 

Passwd replacements

Passwd+, npasswd, Obvious are public domain utilities which enhance the choice of passwords chosen by the user. Passwd+ and npasswd were evaluated by the author in 1994, but they had no NIS+ support at the time. Npasswd in particular seemed easy to extend and verify.

Consider one of the above programs to ensure that good passwords are used. 

DES encrypted scripts

Class  systems should not have root or administrator passwords in clear text scripts, even if the scripts are only readable by the owner. However such scripts are often necessary for database management (for example). One solution is to encrypt the entire script and decrypt it during encryption by using a modified shell which decrypts the script on-the-fly.

DNS:  Domain Name Service

Most UNIX variants include both a DNS client (called a resolver) and DNS server. Vendor versions tend to be old and not without problems (e.g. cache corruption problems, domains that return large amounts of data, security etc.).

Domain registration notes:

Audit trail

Monitoring system changes

One needs to know what the filesystem permissions and checksums should be, set these permissions, take snapshot & make these read-only. Regularly remake snapshot and compare with the original for changes. The system should automatically reset permissions.

Auditing

Auditing is the monitoring of security related events, the writing of these events in an audit trail and the reporting and analysis of these audit events. Auditing should allow the actions of users to be monitored with a view to detecting abuse of the system. Auditing tools are different from system logging tools (which indicate system errors and help in solving system administration problems).

Sun Shield / BSM

Sun deliver a "C2" level auditing system for both SunOS (Sunshield) and Solaris (Sunshield BSM). It is bundled with Solaris 2. The Solaris 2.4 BSM is discussed here. BSM allows the actions of specific users to be recorded and written to an audit file. However, the auditing is at the system call level, meaning huge logs may be generated by simple user actions. Performance is also affected. The standard analysis tools praudit and auditreduce offer no high level analysis of audit trails. Applications may also write to the audit trail.

Reference documentation: "SunSHIELD Basic Security Module Guide" (Standard Solaris 2.x documentation). Man pages: audit(1m), audit_startup(1m), audit_warn(1m), auditconfig(1m), auditreduce(1m), bsmconv(1m).

See also Solaris C2/BSM security notes (sp/Solaris_bsm.html).

Log Files

A system administrator who regularly checks logs will learn a lot about how the system functions, can guarantee less downtime and at the same time should notice when security breaches occur, especially if alerts are used. Monitoring logs should not be regarded as a boring job, but a chance to understand the guts of the system!

On UNIX systems, there are various sources of logging information, most of which are kept in the /var partition. These logs need to be monitored.

General Recommendations:

Syslog

Syslog is a centralised logging utility used extensively on most UNIX systems providing 8 priorities and 18 facilities. The principal users of Syslog are the kernel, news, uucp, sendmail and login services. The logger utility can be used to send messages to syslog in scripts or to test Syslog. The Syslog daemon is called syslogd.

AIX: Although syslogd is supported on AIX, it is useless since no system utilities report their messages to it!

Security Bug (Jan 1996): The 8lgm security mailing list found serious problems with string handling in syslog. They were discovered in June 1995 and some vendors have yet to produce a corrective patch. This problem was currently being exploited in sendmail. HP has released patches, get the security bulletin HPSBUX9602-029 from the HP patch server (See section on patches "Change/Release management") as have Sun (Solaris 2.5 has this fix integrated).

On most UNIX systems Syslog offers some interesting possibilities:

Beware!

Process Accounting 

Accounting software is a set of tools that can be used to work out how much users should pay for system usage. It is interesting from a security perspective because it reports who is using the system and what commands are being used.

Solaris Accounting

Commands are in /usr/lib/acct, reports are in /var/adm/acct/fiscal/fiscrptMM (numbers) and /var/adm/acct/sum/rprtMMDD (user summary reports).

ln /etc/init.d/acct /etc/rc2.d/S22acct
ln /etc/init.d/acct /etc/rc0.d/K22acct
sh /etc/rc2.d/S22acct start

crontab -e adm
# Check /var/adm/pacct size:
0 * * * * /usr/lib/acct/ckpacct
# Create weekly report:
0 2 * * 0 /usr/lib/acct/runacct 2> /var/adm/acct/nite/fd2log
# Create monthly accounting summary:
0 7 1 * * /usr/lib/acct/monacct

crontab -e root
0 22 * * 4 /usr/lib/acct/dodisk

vi /etc/acct/holidays [set your local holidays]

Two principal reports are produced, the daily report showing command usage and the monthly report showing the system usage per user. The following is a typical extract from daily command summary:

TOTAL COMMAND SUMMARY
COMD. NUM. TOTAL TOTAL TOTAL MEAN MEAN HOG CHARS BLOCKS
NAME CMDS K-MIN CPU-MIN REAL-MIN SIZE-K CPU-MIN FACTOR TRNSFD READ
sh 1082 85.98 0.57 183.20 149.67 0.00 0.00 218296 14
lpstat 886 84.49 0.53 3.08 159.36 0.00 0.17 749192 1
uname 682 39.38 0.38 0.43 103.64 0.00 0.89 3964 4
hostname 194 14.49 0.15 0.30 96.82 0.00 0.49 98552 1
sed 209 14.01 0.17 0.38 84.82 0.00 0.43 407197 0
ssh 71 12.26 0.54 41.66 22.85 0.01 0.01 2539679 87
csh 99 12.10 0.48 1.51 25.15 0.00 0.32 744715 94
sendmail 46 10.30 0.15 0.65 67.25 0.00 0.24 10724864 297

TOTALS 4300 364.04 14.61 12068.92 24.91 0.00 0.00 1626266848 21308

A monthly report looks like:

2 date changes
28 system boot
2 run-level 6
2 run-level 3
1 runacct
1 acctcon

LOGIN CPU KCORE CONNECT DISK # OF # OF # DISK FEE
UID NAME PRIME NPRIME PRIME NPRIME PRIME NPRIME BLOCKS PROCS SESS SAMPLES
MINS
0 root 0 9 16 205 9 133 0 2453 79 0 0
4 adm 0 0 1 0 0 0 0 13 0 0 0
71 lp 0 0 0 1 0 0 0 24 0 0 0
200 ftp 0 0 0 0 3094 5040 0 0 6 0 0
315 boran 2 3 165 15 10298 25740 0 1810 24 0 0
TOTAL 2 12 182 221 13401 30913 0 4300 109 0 0

What would be nice is a report of what commands are being used by what users on a regular basis. This is not available in the standard reports, but the lastcomm command shows what commands were last executed by a particular user since the last accounting update (e.g. weekly or daily). Lastcomm can be used by the Administrator to monitor a user's activities, but also by an attacker to monitor the administrators activities (since any user can execute lastcomm). Therefore:


[11] If passwords are synchronised across machines, the weakest machine determines the security level.
[12] "Avalon Security Research" published details of this hole along with scripts ("slammer") to exploit it on the Internet (Nov.'95).
[13] A utility for automatically generating /etc/.rootkey is available from the author.
[14] A script is required for this, no standard utilities are available.
[15] "Avalon Security Research" published details of this hole along with scripts to exploit it ("slugger") on the Internet (Nov.'95).
[16] Example commands are for Solaris 2.4.


previous  next  Title  Contents  Index    Previous   Next   Top   Detailed TOC  IT Security Cookbook, 14 août, 2002