UNISOL SysAdmin
System Security
The security functions available under this menu enable the System
Administrator to establish and maintain a secure and consistent
environment by attempting to close filesystem-based common security
holes.
Functions available under the menu produce reports as to the state of the
system, or as to the state of the system against the benchmark time
(normally installation time). In addition, the System Administrator has
the option of automatically correcting some of the problems at the time
of the audit.
Available functions are:
- Auditing of Default File Protections:
Compares the present state of the files defined under the benchmark state
(earlier generated list) and reports on the differences found and optionally
resets the present state of the file to the benchmark state.
- Auditing of Set-Uid Files:
Generates a list of set-uid files which is compared with the control list
and reports or corrects (removes the set-uid bit) the state of unauthorized
set-uid files.
- Auditing of Super-User Accounts:
Reports or removes existing super-user accounts not authorized by
the system administrator.
- Check Obvious User Passwords:
Attempts to guess each user's password and reports on the
results. Can optionally send mail to users asking them to change their
passwords.
- User Directory Check:
Examines directories for acceptable match criteria and audits or reports
the directories violating the specified defaults, while optionally sending
mail to the owners of the examined directories informing them of any
infractions.
- Restrict Command Execution:
Restricts execution of commands by user id, group id, or date and time.
Generates audit logs of restricted command executions and attempts.
- General System Audit:
Performs the following phases of vulnerability tests while
optionally creating a script of the system audit. Generally, english
messages (customizable) are printed to explain the implications of the
(potential) security holes/problems encountered.
- General System Audit
- Duplicate UID Check
- Check for Abandoned Logins
- User File Security Check
- Check for Failed "su" Attempts
- Check for UUCP security holes
© Copyright 1995, UniSolutions Associates.
SysAdmin, JobAcct, BART and UniMenu are trademarks and UniSolutions and UNISOL a
re registered trademarks of UniSolutions Associates.
All other trademarks and company names are property of their respective owners.