Re: AIX Security

From: Ulrich--nO--(dot)-sPAM--Link (_at_Epost.de)
Date: 08/30/03

  • Next message: Marrek: "Re: "who" output - IP not resolved" 
    Date: Sat, 30 Aug 2003 12:35:50 +0200

    > SH> 1. What would be the file contain the list of network services?
    > SH> 2. Does the permission for /var/adm/utmp and /var/adm/utmpx have to be
    > SH> equal 644? Why?
    > SH> 3. What is a umask? Does the umask value have to be 27? Why?
    > SH> 4. In AIX, would it provide a better security to access root only through su
    > SH> command?
    > SH> 5. Run awk -F: '{if ($2 == "") print $1}' /etc/passwd
    > SH> Can the command be used to see users without a password?
    > SH> 6. Run awk -F: ' {if ($3 ==0) print $1}' /etc/passwd Can the command be
    > SH> used to see whose UID is zero?
    > SH> 7. find .-type f -perm -o+w -print
    > SH> Can the command be used to see permissions for a file or directory?
    > SH> Would above items be considered good security related questions in AIX?
    > SH> 8. How similar of the commands between Solaris and AIX?
    >
    > Sherman,
    >
    > Is this homework?
    >

    You can easily find most of the answers with
    man passwd, man find, man awk and perhaps man login.
    If you don't have access to an AIX box, the answers of
    Linux/FreeBSD/OSF1/Solarix/HPUX or whatever *NIX you can get your hands
    on will explain the basics of the login process, awk and find.

    Your questions are not really AIX related.

    But to give you a few hints:
    When you check for accounts with no passwd set, check also that those
    accounts are locked.
    The passwords are not stored in /etc/passwd. The file with the passwords
      is usually only readable by root. If you find a *NIX system with the
    encrypted/hashed passwds in /etc/passwd you've found a relict of the
    *NIX stone age when real programmers debugged their programs buy holding
    paper strips against the light.

    The question about forcing "su" instead of a direct login, is a question
    of network security and accounting.
    "su" is usually logged, so you can see who which user su-ed to root, but
      root can purge this log.

    Good Luck with *NIX! 

    ---
Uli
  • Next message: Marrek: "Re: "who" output - IP not resolved"

    Relevant Pages

    • Re: 10 Immutable Laws of Security
      ... implement the security, but because any change of user, and hence ... A simple example is the way in which typing 'su root' on Linux ... - press uparrow-enter to repeat the failed command.. ...
      (microsoft.public.security)
    • Re: whats the meaning of...
      ... Security security! ... especially if run as superuser (root) could be exceedingly hazardous ... Also, unless one has a very large number of core files, the overhead ... > to do this job with this command. ...
      (comp.unix.admin)
    • Re: apt-get install as root or su -c apt-get install as user
      ... apt-get install needs to be executed as root. ... What is the difference regarding security of my computer of the both ... /var/log/auth.log shows what command was executed, ... instead of just showing when someone logged in as root. ...
      (comp.os.linux.security)
    • Re: Date set?
      ... > It doesn't void any security because it still requires the knowledge of the ... > root PW. ... But then the password is in your command line history file. ...
      (comp.unix.shell)
    • Re: Apple recommending anti-virus software for Macs?
      ... > To be ultra-safe with the 'rm' command, ... Not a bad idea for root, It would drive me nuts in my user account. ... downloads directory and executing it. ... That I type an EOF is a trivial difference versus 'sudo' exiting ...
      (comp.sys.mac.system)