This page is a collection of pointers to information
that will help departmental and individual users
improve the security of their UNIX systems.
System Compromises
If you believe your system may have been broken into,
please review
the following information for actions to take:
System Configuration Guidelines
System Patches
One key element of system security is to be sure that your system
has the latest vendor patches applied, particularly those that
correct security problems.
Your system manufacturer provides these patches (and installation
instructions), likely via an anonymous ftp or web site
(see Vendor Security Support Sites).
Security Advisories
CERT Summaries --
periodic update on current security problems and solutions
See also Security Advisory Information
about receiving and reviewing other computer security alerts.
Vendor Security Support Sites
If you administer particular vendor(s) systems, you may
find helpful security advisory information and/or patches at a vendor site.
Tools
Some tools are available to help you administer a secure system.
We especially recommend the following, although not all will
be useful in all situations.
- cops and tiger
cops is a UNIX security toolkit that analyzes
your system security.
You may get cops from
ftp://coast.cs.purdue.edu/pub/tools/unix/scanners/cops.
tiger is a set of scripts that scan a UNIX system
looking for security problems.
Its function is similar to cops; we recommend using
either cops or tiger but not necessarily both.
Of the two, tiger is perhaps easier to install.
Tiger is available at
ftp://coast.cs.purdue.edu/pub/tools/unix/scanners/tiger.
- shadow passwords
This is a feature distributed with some systems that you should
enable--consult your system documentation.
(It is part of the "C2 security package" in SunOS.)
It protects the encrypted passwords in the system password file,
which would otherwise be accessible by anyone and thus subject
to Crack (see below).
- Crack
This program checks your users' passwords for "guessable" values.
It works by encrypting a list of likely passwords and seeing
if the result matches any of your user's encrypted passwords (which
must be provided to it--see shadow passwords above).
It is surprisingly effective.
You may get Crack at
ftp://coast.cs.purdue.edu/pub/tools/unix/pwdutils/crack/.
- tcp_wrappers
(also known as tcpd)
will log network connections to your machine
and optionally allows
you to control what hosts and users are permitted to connect.
It also logs remote user identification from remote hosts
running identd (see below).
You may get the tcp_wrappers from
ftp://ftp.porcupine.org/pub/security/index.html.
- identd will permit other hosts to identify the
user account used on your machine to connect to them.
This will help you identify compromised accounts when reported
by the administrator of another system.
You may get identd from
ftp://coast.cs.purdue.edu/pub/tools/unix/daemons/pidentd.
For most systems, the latest version of pidentd
(the portable ident daemon) is appropriate.
- Tripwire
Tripwire will checksum your system files, and later
detect if an intruder has made any modifications.
This is somewhat resource-intensive,
but the alternative (re-installing your system from scratch) is
quite costly.
You may get Tripwire from
http://www.tripwire.com/.
- ssh (secure shell) is a replacement for
rlogin, rsh, rcp, etc.
that provides complete encryption
of telnet-like interactive sessions. It also includes a more secure
.rhosts-like feature based on RSA public key cryptography.
For further information, see the
Ssh (Secure Shell) Home
Page.
Home : Information Security : Protection : System Administration 
