[Next] [Previous] [Up] [Top] [Contents]
CHAPTER 28 System Security
28.3 Security Programs
There are a number of PD programs you can get to help make your system more secure. Some packages you might consider installing are:
- COPS - checks system service and file access privileges
- TCP Wrapper or Xinetd - checks network service connections for access privileges
- Tripwire - maintains a checklist and signature for files in it's database to detect changes in these files
- Tiger - checks system and file permissions, including anonymous ftp (more up-to-date than COPS)
- Securelib - secures UDP and RPC connections
- lsof - list open files on your machine
- Swatch or Watcher - for active audit trail watching
- Crack - check password against dictionaries and simple algorithms
- PEM or PGP - for mail and file security and content verification
- SATAN - Security Analysis Network Tool for Auditing Networks, checks for commonly known network security holes
- SSH - Secure SHell, replaces rlogin, rsh, and rcp with secure, encrypted, connections
For any program of this type you need to make sure that you protect the programs and databases from tampering. It doesn't help if, e.g. with Tripwire, you compare an altered file against an altered database. The best way to prevent tampering is to store the master copies on a physically write-protected disk or off-line.
You might have logs sent to another machine, so that they can't be altered on this machine.
Many of these programs are archived on the COAST (Computer Operations, Audit, and Security Technology) archive at Purdue University, ftp://coast.cs.purdue.edu/pub, under the direction of Prof. Gene Spafford. Some can be found local to OSU on ftp://ftp.net.ohio-state.edu/pub/security.
Unix System Administration - 8 AUG 1996
[Next] [Previous] [Up] [Top] [Contents]