IT Baseline Protection Manual - The Information Warfare Site
19.12.2012 Views
Share Embed Flag

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

IT Baseline Protection Manual - The Information Warfare Site

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
iwar.org.uk

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

START NOW

Safeguard Catalogue - Hardware & Software Remarks<br />

____________________________________________________________________ .........................................<br />

S 4.26 Regular security checks of the UNIX system<br />

Initiation responsibility: Head of <strong>IT</strong> Section, <strong>IT</strong> Security Management<br />

Implementation responsibility: Administrators<br />

UNIX operating systems offer various security features as standard. However,<br />

these only work if they are used appropriately. <strong>The</strong> settings required for this<br />

purpose should be automatically checked by means of tools so that<br />

- it is possible to detect and remedy any inconsistencies within a UNIX<br />

system and<br />

- the System Administrator is able to manage the UNIX operating system by<br />

making optimum use of the existing security mechanisms.<br />

Such checks can be made with programs available in the given UNIX system,<br />

individually developed shell scripts or PD programs. For some UNIX variants,<br />

commercial programs are available as well.<br />

Examples<br />

- pwck<br />

This is one of the standard operating system commands. With this<br />

command, a consistency check is made of the /etc/passwd file. A check is<br />

performed as to whether all required entries have been made, whether there<br />

is a log-in directory for the user, and whether the log-in program is in<br />

existence. Similar functions are provided under Solaris by the logins<br />

command, which enables accounts without passwords to be located.<br />

- grpck<br />

With this command, a consistency check is made of the /etc/group file.<br />

This command is also one of the standard operating system commands. A<br />

check is performed as to whether all required entries have been made,<br />

whether the members of a group are actually included in the user password<br />

file and whether the group number tallies with the number given in that<br />

file.<br />

- tripwire<br />

This program enables integrity checks of files to be carried out. Checksums<br />

of files are created and stored in a database. Various free of charge versions<br />

of tripwire are available.<br />

- cops<br />

This public domain program serves to check the security of UNIX systems,<br />

for example various system settings, access rights, SUID files etc, are<br />

checked and potential security loopholes are identified.<br />

- tiger<br />

This public domain program enables UNIX systems to be checked for<br />

security weaknesses. <strong>The</strong> program is similar in operation to cops.<br />

____________________________________________________________________ .........................................<br />

<strong>IT</strong>-<strong>Baseline</strong> <strong>Protection</strong> <strong>Manual</strong>: Oktober 2000<br />

Use tools

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!