markb@stan.Solbourne.COM (Mark Bradley) (05/03/90)
With the latest flurry of concerns over security, networked or otherwise, I have reposted this without permission of the authors in hopes that some might benefit from it. Good luck. For the impoverished, underpaid, and overworked, I think this is free. :{) I especially like the section devoted to the "Wily Hacker". markb ================================================================ From: davy@itstd.sri.com Subject: "Improving the Security of Your UNIX System" Message-ID: <7285@brazos.Rice.edu> Date: 2 May 90 02:22:29 GMT A new white paper from SRI International's Information and Telecommunication Sciences and Technology Division is now available. The paper, "Improving the Security of Your UNIX System," describes measures that you as a system administrator can take to make your UNIX system(s) more secure. Oriented primarily at SunOS 4.x, most of the information covered applies equally well to any Berkeley UNIX system with or without NFS and/or Yellow Pages (NIS). Some of the information can also be applied to System V, although this is not a primary focus of the paper. An abbreviated Table of Contents: 1. INTRODUCTION The Internet Worm, the Wily Hacker, other break-ins 2. IMPROVING SECURITY 2.1 Account Security Passwords, expiration dates, guest accounts, group accounts, Yellow Pages 2.2 Network Security Trusted hosts, secure terminals, NFS, FTP, TFTP, mail, finger, modems and terminal servers, firewalls 2.3 File System Security Setuid shell scripts, sticky bit on directories, setgid bit on directories, umask values, encrypting files, devices 3. MONITORING SECURITY 3.1 Account Security lastlog, utmp, wtmp, acct 3.2 Network Security syslog, showmount 3.3 File System Security find, checklists, backups 3.4 Know Your System ps, who, w, ls 4. SOFTWARE FOR IMPROVING SECURITY 4.1 Obtaining Fixes and New Versions Sun fixes on UUNET, Berkeley fixes, SIMTEL-20 and UUNET, vendors 4.2 The npasswd Command 4.3 The COPS Package 4.4 Sun C2 Security Features 4.5 Kerberos 5. KEEPING ABREAST OF THE BUGS 5.1 CERT 5.2 DDN Management Bulletins 5.3 Security-related mailing lists 6. SUGGESTED READING 7. CONCLUSIONS REFERENCES APPENDIX A - SECURITY CHECKLIST In order to format the paper, the "troff" text formatter and the "-ms" macro package (available with any Sun or Berkeley UNIX system) are required. You *do not* need a PostScript printer, unless you want to print the cover page with the SRI logo on it. The paper is available via anonymous FTP from the host SPAM.ITSTD.SRI.COM (128.18.4.3) as the file "pub/security-doc.tar.Z". Be sure to remember to set "image" mode on the transfer. Sorry, UUCP access is not available - if you don't have Internet access, find a friend who does. Enjoy. Dave Curry SRI International Information and Telecommunications Sciences and Technology Division 333 Ravenswood Avenue Menlo Park, CA 94025 (415) 859-2508 davy@itstd.sri.com -- Mark Bradley Faster, faster, until the thrill I/O Subsystems of speed overcomes the fear of death. Solbourne Computer, Inc. --Hunter S. Thompson
kermit@BRL.MIL (Chuck Kennedy) (05/03/90)
I retrieved a copy of this paper. It is on vgr.brl.mil in arch/security-doc.tar.Z (note: not info-iris directory). Best, -Chuck Kennedy <info-iris-request@brl.mil>