White paper available: "Improving the Security of Your UNIX System"

davy at itstd.sri.com davy at itstd.sri.com
Wed May 2 12:22:29 AEST 1990 

A new white paper from SRI International's Information and
Telecommunication Sciences and Technology Division is now available.

The paper, "Improving the Security of Your UNIX System," describes
measures that you as a system administrator can take to make your UNIX
system(s) more secure.  Oriented primarily at SunOS 4.x, most of the
information covered applies equally well to any Berkeley UNIX system with
or without NFS and/or Yellow Pages (NIS).  Some of the information can
also be applied to System V, although this is not a primary focus of the
paper.

An abbreviated Table of Contents:

	1. INTRODUCTION
		The Internet Worm, the Wily Hacker, other break-ins
	2. IMPROVING SECURITY
	   2.1 Account Security
	   	Passwords, expiration dates, guest accounts, group accounts,
		Yellow Pages
	   2.2 Network Security
		Trusted hosts, secure terminals, NFS, FTP, TFTP, mail,
		finger, modems and terminal servers, firewalls
	   2.3 File System Security
		Setuid shell scripts, sticky bit on directories, setgid
		bit on directories, umask values, encrypting files,
		devices
	3. MONITORING SECURITY
	   3.1 Account Security
	   	lastlog, utmp, wtmp, acct
	   3.2 Network Security
	   	syslog, showmount
	   3.3 File System Security
	   	find, checklists, backups
	   3.4 Know Your System
	   	ps, who, w, ls
	4. SOFTWARE FOR IMPROVING SECURITY
	   4.1 Obtaining Fixes and New Versions
	  	Sun fixes on UUNET, Berkeley fixes, SIMTEL-20 and UUNET,
		vendors
	   4.2 The npasswd Command
	   4.3 The COPS Package
	   4.4 Sun C2 Security Features
	   4.5 Kerberos
	5. KEEPING ABREAST OF THE BUGS
	   5.1 CERT
	   5.2 DDN Management Bulletins
	   5.3 Security-related mailing lists
	6. SUGGESTED READING
	7. CONCLUSIONS
	REFERENCES
	APPENDIX A - SECURITY CHECKLIST

In order to format the paper, the "troff" text formatter and the "-ms"
macro package (available with any Sun or Berkeley UNIX system) are
required.  You *do not* need a PostScript printer, unless you want to
print the cover page with the SRI logo on it.

The paper is available via anonymous FTP from the host SPAM.ITSTD.SRI.COM
(128.18.4.3) as the file "pub/security-doc.tar.Z".  Be sure to remember to
set "image" mode on the transfer.  Sorry, UUCP access is not available -
if you don't have Internet access, find a friend who does.

Enjoy.

Dave Curry

SRI International
Information and Telecommunications
Sciences and Technology Division
333 Ravenswood Avenue
Menlo Park, CA 94025
(415) 859-2508

davy at itstd.sri.com

More information about the Comp.sys.sun mailing list