• Part I
  • sun managers I
• Part D
  • sun managers D
• Part L
  • sun managers L
• Part H
  • sun managers H
• Part B
  • sun managers B
• Part E
  • sun managers E
• Part J
  • sun managers J
• Part F
  • sun managers F
• Part C
  • sun managers C
• Part K
  • sun managers K

Improving security: who should own /etc ?

>Our local security guru has given us some very convincing arguments why

>the /etc directory should NOT be owned by user "bin", as it is

>installed by the default SunOS installation. It is all too easy to

>masquerade as user bin, and thereby get write-access to the /etc

>directory, with all sorts of nasty security implications. The

>recommended ownership of /etc is "root".

>

>Before doing this security measure on all of our machines, I would like

>to know if changing the ownership of /etc to "root" has any adverse

>effects ? Does anybody out there run their system in this mode ?

The answers were unanimous: Get the Sun patch 100103-10, which is a

script setting the permissions etc. of lots of files to more secure values.

I got my copy from princeton.edu in pub/sun-fixes/sunos4.1.1.

The README file goes like this:

Patch-ID# 100103-10

Keywords: security

Synopsis: SunOS 4.1.1, 4.1:script to change file permissions to a more secure mode

Date: 30-Sept-91

SunOS release: 4.1 4.1.1

Unbundled Product:

Unbundled Release:

Topic:

BugId's fixed with this patch: 1046817 1047044 1048142 1054480 1037153 1039292 1042662

Architectures for which this patch is available: sun3, sun3x, sun4, sun4c

Obsoleted by: 5.0

Problem Description:

        File permissions on numerous files were set incorrectly in the build

        tape of 4.1 FCS. This script changes them back to what they should

        be.

INSTALL::

MUST be run as root.

        # chmod 710 4.1secure.sh (restrict execution to root)

        # sh 4.1secure.sh (run the script)

My thanks go to these people:

ivan@fac.anu.edu.au (Ivan Dean)

bws900@cscgpo.anu.edu.au (Bede W P Seymour)

"John D. Barlow" <John.D.Barlow@arp.anu.edu.au>

pln@egret1.Stanford.EDU (Patrick L. Nolan)

Travis L Priest <travis@cs.odu.edu>

jonw@assip.csasyd.oz.au (Jon Gilbert Wright)

barron@cs.uchicago.edu (Tom Barron)

Steinar Haug <Steinar.Haug@delab.sintef.no>

Reino de Boer <sysrb@cs.few.eur.nl>

Thanks, once again, for this marvelous list !

Ole

Ole Holm Nielsen

Laboratory of Applied Physics, Building 307

Technical University of Denmark, DK-2800 Lyngby, Denmark

E-mail: Ole.Holm.Nielsen@ltf.dth.dk

Telephone: (+45) 42 88 24 88 ext. 3187

Telefax: (+45) 45 93 23 99

Permanent address:

UNI-C, Building 305

Technical University of Denmark, DK-2800 Lyngby, Denmark

E-mail: Ole.H.Nielsen@uni-c.dk

Telephone: (+45) 42 88 39 99 (dial-tone) 2404 or 2244

Comments

"sun managers J [Part J]" Sponsored Links

• "sun managers J [Part J]" New Questiones!

  • Improving security: who should own /etc ?
  • Illegible console text colour after quitting X
  • Illegal instructions, SS1 won't boot!
  • illegal instruction when attempting su
  • iinactive crash on 690
  • III - "Master" printcap/Tek 4693 DX printcap
  • II: SunPC and Solaris 2.3
  • II: snmpd for Solaris 2.2
  • II: sendmail net hang
  • II: sendmail - help needed
  • II: sendmail - help needed
  • II: Remote console problem
  • II: OW3 & SunOS 4.1.3
  • II: exchanging windows motif - openwin
  • II & Repost on cons8
  • II - Odd login process
  • II - "Master" printcap/Tek 4693 DX printcap
  • IGRP for a Sun
  • ifconfig:ioctl (SIOCGIFFLAGS) boot error?
  • ie1 ethernet controller under Solaris 2.3 in a 4/330

Copyright © 2008 thatsjava.com • All rights reserved • CMS Theme by WebmasterFund.com - 0.273