security - OpenBSD

· Home

+ man pages

-> Linux

-> FreeBSD

-> OpenBSD

-> NetBSD

-> Tru64 Unix

-> HP-UX 11i

-> IRIX

· Linux HOWTOs

· FreeBSD Tips

· *niX Forums

man pages->OpenBSD man pages -> security (8)

SECURITY(8)

NAME [Toc] [Back]

     security - periodic system security check

SYNOPSIS [Toc] [Back]

     /etc/security

DESCRIPTION [Toc] [Back]

     security is a command script that examines  the  system  for
some signs of
     security weaknesses.  It is only a security aid and does not
offer complete
 protection.  The security script is normally run  from
the
     /etc/daily  script (see daily(8) for further details), which
sends mails
     to root on a daily basis.

     The security script carries out the following list of simple
checks:

     +o    Check  the master passwd(5) and group(5) files for syntax, empty passwords,
 partially closed accounts, suspicious UIDs,  suspicious GIDs,
         and duplicate entries.

     +o    Check  root's  home directory and login environment for
insecure permissions,
 suspicious paths, and umask  commands  in  the
dotfiles.

     +o   Check that root and uucp are in /etc/ftpusers.

     +o   Check for suspicious commands in /etc/mail/aliases.

     +o   Check for insecurities in various trust files such as
         /etc/hosts.equiv, /etc/shosts.equiv, and /etc/hosts.lpd.

     +o   Check user .rhosts and .shosts files for open access.

     +o   Check user home directory permissions.

     +o   Check many user dotfile permissions.

     +o   Check user mailbox permissions.

     +o   Check NFS exports(5) file for global export entries.

     +o   Check for changes in setuid/setgid files and devices.

     +o   Check disk ownership and permissions.

     +o   Check for changes in the device file list.

     +o   Check for permission changes in special files and system
binaries
         listed  in  /etc/mtree/special  and /etc/mtree/*.secure.
Note: This is
         not complete protection against Trojan horsed  binaries,
as the miscreant
  can  modify  the tree specification to match the
replaced binary.
  For details on really protecting  yourself  against
modified binaries,
 see mtree(8).

     +o   Check for content changes in those files specified by
         /etc/changelist.  See changelist(5) for further details.

     The intent of the security script is to point out some obvious holes to
     the system administrator.

FILES [Toc] [Back]

     /etc/changelist
     /etc/daily
     /etc/mtree
     /var/backups

BUGS [Toc] [Back]

     The  name  of  this  script  may  provide  a  false sense of
security.

     There are perhaps an infinite number of ways the system  can
be compromised
 without this script noticing.

OpenBSD      3.6                           July      1,      2000

[ Back ]

Similar pages

Name	OS	Title
weekly	OpenBSD	periodic system maintenance
periodic	FreeBSD	run periodic system functions
daily	OpenBSD	periodic system maintenance
monthly	OpenBSD	periodic system maintenance
ckfsec	Tru64	Check file and directory security
is_starting_ruid	Tru64	Get or check user or group IDs (Enhanced Security)
check_auth_parameters	Tru64	Get or check user or group IDs (Enhanced Security)
is_starting_rgid	Tru64	Get or check user or group IDs (Enhanced Security)
starting_rgid	Tru64	Get or check user or group IDs (Enhanced Security)
is_starting_egid	Tru64	Get or check user or group IDs (Enhanced Security)

newsletter delivery service

SECURITY(8)

Contents

NAME [Toc] [Back]

SYNOPSIS [Toc] [Back]

DESCRIPTION [Toc] [Back]

FILES [Toc] [Back]

SEE ALSO [Toc] [Back]

BUGS [Toc] [Back]