S 4.26 Regular security checks of Unix systems

Initiation responsibility: Head of IT, IT Security Officer

Implementation responsibility: Administrator

Unix operating systems offer various security features by default. These can only be successful if they are used sensibly. The settings required for this should be automatically verified by tools to

• identify and remove inconsistencies within a Unix systems; and
• enable the system manager to manage the Unix operating system with optimal use of the given security mechanisms.

This check can be done using programs available in the Unix system, self-created shell scripts, or public domain programs. For some Unix versions, commercial programs are also available.

Examples:

• pwck
  
  This command is one of the standard operating system commands. It performs a consistency check of the /etc/passwd file. It is checked that all required entries were made, the login directory exists for the user, and the login program is present. Under Solaris, the logins command includes similar functions; this can also be used to search for accounts without a password.
• grpck
  
  This command performs a consistency check of the /etc/group file. It also belongs to the standard operating system commands. It is checked that all required entries were made, all members of a group are actually present in the user password file, and the group number agrees with the number stated there.
• tripwire
  
  This program can be used to perform integrity checks of files. For this, checksums of files are created and stored in a database. tripwire is available in various free versions.
• cops
  
  This public domain program is used for verification of security of Unix systems; for example, various system settings, access rights, SUID data etc. are checked and potential security risks are shown.
• tiger
  
  This public domain program, similar to cops, can be used to check Unix systems for security gaps.
• SATAN
  
  This public domain program can be used to analyse the network security. It checks networked Unix systems for known weaknesses that are not removed often.
• crack
  
  This public domain program is used to check that the passwords are not too simple and too easy to guess.

Review questions:

• Are the security settings of a Unix system regularly checked automatically using tools?