Solaris Security Script

From: xyberpix (xyberpix_at_xyberpix.com)
Date: 12/10/04

  • Next message: Harry Hoffman: "Re: Solaris Security Script" 
    Date: Fri, 10 Dec 2004 10:37:12 -0000 (GMT)
To: focus-sun@securityfocus.com

    Hi All,

    I'm working on a rather large Solaris security script, could you please
    all post your idea's in here or mail me directly for things that you would
    recommend checking for. I will be releasing the script undel the GPL when
    it's finished, at the moment it is only in a development stage, but works,
    and is a right mess. At this point in time I am mainly concerned about
    functionality, I will do a lot of tidying up later on.
    So far here's what it's doing, checking for:

    - Does a complete filesystem search in all files for the word "password",
    as a load of developers tend to leave passwords lying around in scripts,
    etc. The output here is a mess, but as I said I will be tidying it up.

    - Check what files users have in their home directories, and what the
    permissions on these files are.

    - Check for the presence of SUID files

    - Get network information, IP's routes, netstat -a output.

    - Copy important configuration files to have a look at, inetd.conf,
    sshd2_conf, services, passwd

    - Checks what services are set to run automatically

    - Search for symbolic links

    - Check for known development tools, gcc, cc, jave, perl, etc

    - Check mount points, and what options they are mounted with

    - Check ftpusers file to make sure root is not allowed to ftp

    - Check various files executable permissions, snoop, sshd2, rlogin, rwho, etc

    - Check certain accounts for the presence of a shell, lp, nobody, sys,
    adm, etc

    - Check for programs that shouldn't be on a production box, nmap, tcpdump,
    nc, etc

    That's all I have for now, but any ideas would be really welcome. The idea
    is to run this script as root, so that as much information as possible can
    be obtained, so that it takes the grunt work out of checking a solaris
    box, and so that we can concentrate on more important things.
    As soon as the script gets to a decent level I will post links to it, so
    whoever wants it can grab it. If I get enough responses I may open up an
    area on sourceforge for it as well, and get a couple more people working
    on if anyone is willing.

    xyberpix

  • Next message: Harry Hoffman: "Re: Solaris Security Script"

    Relevant Pages

    • Re: __FILE__ vs. $_SERVER[DOCUMENT_ROOT] ?
      ... If your host is using any symbolic links, ... what's causing the discrepency. ... a constant for the script root. ...
      (comp.lang.php)
    • Re: Solaris Security Script
      ... xyberpix wrote: ... > I'm working on a rather large Solaris security script, ... > - Search for symbolic links ... > is to run this script as root, so that as much information as possible can ...
      (Focus-SUN)
    • IBM Informix Web DataBlade: Local root by design
      ... IBM Informix Web DataBlade: Local root by design ... Impact: Any user who can: 1) Save a Perl script anywhere on the server's ... admin right on any database can do it by loading the WDB module into ...
      (Bugtraq)
    • RE: Linux hacked
      ... I would also suggest using a simple script in the future that alerts ... Subject: Linux hacked ... To get back into your account you want to use, at the boot manager ... boot normally and you should be able to login as root with your new ...
      (Security-Basics)
    • Re: BSDstats v3.0 - The Security Rewrite
      ... The bsdstats script could easily pick up that entry and set ... a management machine, and that management machine only has ... Email is sent to root containing IDTOKEN= as generated by host, root forwards that to rpt@xxxxxxxxxxxx, rpt@xxxxxxxxxxxx sends back KEY= value ... second time, submits report values to root, root forwards that to rpt@xxxxxxxxxxxx ... ...
      (freebsd-questions)