Index: S

Search | Symbols | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

S/Key codebook scheme : 8.7.3. Code Books
sa command : 10.2. The acct/pacct Process Accounting File
sabotage : (see terrorism; vandalism)
salt
8.6.2. What Is Salt?
8.6.3. What the Salt Doesn't Do
sanitizing media : 12.3.2.3. Sanitize your media before disposal
SATAN package
17.6.1. SATAN
E.4.7. SATAN
savacct file : 10.2. The acct/pacct Process Accounting File
saved UID : 4.3.2. Saved IDs
saving backup media
7.1.5. How Long Should You Keep a Backup?
(see also archiving information; backups)
sbrk command : 23.2. Tips on Avoiding Security-related Bugs
scanf function : 23.2. Tips on Avoiding Security-related Bugs
scanning networks : 17.6. Network Scanning
SCCS (Source Code Control System)
7.3.2. Building an Automatic Backup System
17.3. Primary UNIX Network Services
Scherbius, Arthur : 6.3. The Enigma Encryption System
screen savers : 12.3.5.2. X screen savers
screens, multiple : 12.3.4.3. Multiple screens
script command : 24.1.2. Rule #2: DOCUMENT
scripts, CGI : (see CGI, scripts)
scytales : 6.1. A Brief History of Cryptography
search warrants
26.2.4. Hazards of Criminal Prosecution
26.2.5. If You or One of Your Employees Is a Target of an Investigation...
searching for .rhosts file : 17.3.18.5. Searching for .rhosts files
Seberry, Jennifer : 6.5.4.3. HAVAL
secrecy, Kerberos : 19.6.1.3. Authentication, data integrity, and secrecy
secret keys : 6.4.6. RSA and Public Key Cryptography
Secret Service, U.S.
26.2.2. Federal Jurisdiction
F.3.3. U.S. Secret Service (USSS)
Secure Hash Algorithm (SHA)
6.5.3. Digital Signatures
6.5.4.2. SHA
Secure HTTP : 18.4.1. Eavesdropping Over the Wire
Secure NFS : 19.3.2.4. Using Secure NFS
-secure option
19.3.2.4. Using Secure NFS
19.4.4.5. Spoofing NIS
secure option for /etc/exports : 20.2.1.1. /etc/exports
Secure RPC
19.3. Secure RPC (AUTH_DES)
19.3.4. Limitations of Secure RPC
with NIS/NIS+
19.3.2. Setting Up Secure RPC with NIS
19.3.4. Limitations of Secure RPC
NTP and : 19.3.1.3. Setting the window
reauthentication : 19.3.1.3. Setting the window
versus Kerberos : 19.6.2. Kerberos vs. Secure RPC
Secure Socket Layer : (see SSL)
secure terminals : 8.5.1. Secure Terminals
SecureID : 8.7.2. Token Cards
SecureNet key : 8.7.2. Token Cards
security
2.1. Planning Your Security Needs
9.1.2. Read-only Filesystems
12.1.1. The Physical Security Plan
(see also integrity; physical security; system administration; threats)
of CGI scripts
18.2.3. Writing Secure CGI Scripts and Programs
18.2.4.1. Beware mixing HTTP with anonymous FTP
changed detection
9.2. Detecting Change
9.3. A Final Note
checking arguments : 23.2. Tips on Avoiding Security-related Bugs
critical messages to log
10.5.3. syslog Messages
10.5.3.1. Beware false log entries
cryptography
6. Cryptography
6.7.2. Cryptography and Export Controls
definition of : 1.1. What Is Computer Security?
digital signatures : (see digital signatures)
disabling finger : 17.3.8.2. Disabling finger
disk quotas : 25.2.2.5. Using quotas
dormant accounts, finding : 8.4.3. Finding Dormant Accounts
drills : 24.1.3. Rule #3: PLAN AHEAD
/etc/passwd : (see /etc/group file; /etc/passwd file)
firewalls : (see firewalls)
four steps toward : 2.4.4.7. Defend in depth
guessable passwords
3.6.1. Bad Passwords: Open Doors
3.6.4. Passwords on Multiple Machines
identification protocol : 17.3.12. Identification Protocol (auth) (TCP Port 113)
improving DES algorithm
6.4.5. Improving the Security of DES
6.4.5.2. Triple DES
IP
16.3. IP Security
16.3.3. Authentication
laws and : (see laws)
legal liability
26.4. Other Liability
26.4.7. Harassment, Threatening Communication, and Defamation
levels of NIS+ servers : 19.5.5. NIS+ Limitations
link-level : 16.3.1. Link-level Security
message digests : (see message digests)
modems and
14.4. Modems and Security
14.4.4.2. Protection against eavesdropping
monitoring : (see logging)
multilevel (defense in depth)
1.3. History of UNIX
2.4.4.7. Defend in depth
2.5.3. Final Words: Risk Management Means Common Sense
17.2. Controlling Access to Servers
name service and : 16.3.2. Security and Nameservice
national : 26.2.2. Federal Jurisdiction
network services
17.4. Security Implications of Network Services
19.1. Securing Network Services
passwords
3.2. Passwords
3.8. Summary
personnel
13. Personnel Security
13.3. Outsiders
A.1.1.12. Chapter 13: Personnel Security
policy of
1.2. What Is an Operating System?
2. Policies and Guidelines
2.5.3. Final Words: Risk Management Means Common Sense
protecting backups
7.1.6. Security for Backups
7.1.6.3. Data security for backups
published resources on
D. Paper Sources
D.2. Security Periodicals
responding to breakins
24. Discovering a Break-in
24.7. Damage Control
restricting login : 8.3. Restricting Logins
.rhosts : (see .rhosts file)
sendmail problems : 17.3.4.1. sendmail and security
Skipjack algorithm : 6.4.1. Summary of Private Key Systems
SNMP and : 17.3.15. Simple Network Management Protocol (SNMP) (UDP Ports 161 and 162)
software piracy : 26.4.2.1. Software piracy and the SPA
standards of : 2.4.2. Standards
superuser problems : 4.2.1.5. The problem with the superuser
through obscurity
2.5. The Problem with Security Through Obscurity
2.5.3. Final Words: Risk Management Means Common Sense
8.8.9. Account Names Revisited: Using Aliases for Increased Security
18.2.4. Keep Your Scripts Secret!
tools for : 11.1. Programmed Threats: Definitions
Tripwire package
9.2.4. Tripwire
9.2.4.2. Running Tripwire
UNIX and
1. Introduction
1.4. Security and UNIX
1.4.3. Add-On Functionality Breeds Problems
user awareness of
1.4.1. Expectations
2. Policies and Guidelines
2.4.4.4. Concentrate on education
13.2.2. Ongoing Training and Awareness
UUCP : (see UUCP)
weakness-finding tools : 11.1.1. Security Tools
World Wide Web
18. WWW Security
18.7. Summary
X Window System
17.3.21.2. X security
17.3.21.3. The xhost facility
Security Emergency Response Team (SERT) : F.3.4.4. Australia: Internet .au domain
security file (UUCP) : 10.3.4. uucp Log Files
security holes
2.5. The Problem with Security Through Obscurity
(see also back doors; threats)
ftpd program : 6.5.2. Using Message Digests
mailing list for : E.1.3.3. Bugtraq
reporting : 2.5.1. Going Public
ruusend in L.cmds file : 15.4.3. L.cmds: Providing Remote Command Execution
SUID/SGID programs : 5.5.3.1. write: Example of a possible SUID/SGID security hole
/usr/lib/preserve : 5.5.3.2. Another SUID example: IFS and the /usr/lib/preserve hole
UUCP : 15.7. Early Security Problems with UUCP
sed scripts : 11.1.4. Trojan Horses
seeds, random number
23.6. Tips on Generating Random Numbers
23.8. Picking a Random Seed
select system call : 17.1.3. The /etc/inetd Program
selection lists : 18.2.3.1. Do not trust the user's browser!
self-destruct sequences : 27.2.1. Hardware Bugs
SENDFILES= command
15.5.1.3. A Sample Permissions file
15.5.2. Permissions Commands
sendmail
11.1.2. Back Doors and Trap Doors
11.5.2.5. .forward, .procmailrc
11.5.3.3. /usr/lib/aliases, /etc/aliases, /etc/sendmail/aliases, aliases.dir, or aliases.pag
17.3.4. Simple Mail Transfer Protocol (SMTP) (TCP Port 25)
17.3.4.3. Improving the security of Berkeley sendmail V8
24.2.4.2. How to contact the system administrator of a computer you don't know
(see also mail)
aliases : 11.5.3.3. /usr/lib/aliases, /etc/aliases, /etc/sendmail/aliases, aliases.dir, or aliases.pag
determining version of : 17.3.4.1. sendmail and security
.forward file : 24.4.1.6. Changes to startup files
improving Version 8 : 17.3.4.3. Improving the security of Berkeley sendmail V8
logging to syslog : 17.3.4.3. Improving the security of Berkeley sendmail V8
same Internet/NIS domain : 19.4.3. NIS Domains
security problems with : 17.3.4.1. sendmail and security
sendmail.cf file : 17.3.4. Simple Mail Transfer Protocol (SMTP) (TCP Port 25)
sensors : (see detectors)
separation of duties : 13.2.5. Least Privilege and Separation of Duties
sequence of commands : 23.2. Tips on Avoiding Security-related Bugs
serial interfaces : 14.2. Serial Interfaces
Serial Line Internet Protocol (SLIP) : 14.5. Modems and UNIX
serial numbers, logging : 10.7.1.2. Informational material
SERT (Security Emergency Response Team) : F.3.4.4. Australia: Internet .au domain
server-side includes
18.2.2.2. Additional configuration issues
18.3.2. Commands Within the <Directory> Block
servers
16.2.5. Clients and Servers
17.1. Understanding UNIX Internet Servers
17.1.3. The /etc/inetd Program
backing up : 7.2.2. Small Network of Workstations and a Server
checklist for bringing up : 17.4. Security Implications of Network Services
controlling access to : 17.2. Controlling Access to Servers
ftp : (see FTP)
http : (see http server)
load shedding : 23.3. Tips on Writing Network Programs
master/slave : (see NIS)
NIS+, security levels of : 19.5.5. NIS+ Limitations
overloading with requests : 25.3.1. Service Overloading
setting up for FTP
17.3.2.4. Setting up an FTP server
17.3.2.6. Setting up anonymous FTP with the standard UNIX FTP server
web : (see web servers)
WN : 18.3. Controlling Access to Files on Your Server
Xauthority : 17.3.21.4. Using Xauthority magic cookies
service overloading : 25.3.1. Service Overloading
services file : 17.1.1. The /etc/services File
Services table (NIS+) : 19.5.3. NIS+ Tables
SESAME (Secure European System for Applications in a Multivendor Environment) : 19.7.2. SESAME
session
hijacking : 17.3.3. TELNET (TCP Port 23)
IDs
4.3.3. Other IDs
C.1.3.4. Process groups and sessions
keys
6.4. Common Cryptographic Algorithms
19.3.1.1. Proving your identity
setgid function
4.3.3. Other IDs
23.4. Tips on Writing SUID/SGID Programs
setpgrp function : C.1.3.4. Process groups and sessions
setrlimit function : 23.2. Tips on Avoiding Security-related Bugs
setsid function : C.1.3.4. Process groups and sessions
setuid file : 4.3.1. Real and Effective UIDs
setuid function : 23.4. Tips on Writing SUID/SGID Programs
setuid/setgid : (see SUID/SGID programs)
SGID bit
5.5.1. SUID, SGID, and Sticky Bits
5.5.7. SGID Bit on Files (System V UNIX Only): Mandatory Record Locking
(see also SUID/SGID programs)
clearing with chown : 5.7. chown: Changing a File's Owner
on directories : 5.5.6. SGID and Sticky Bits on Directories
on files : 5.5.7. SGID Bit on Files (System V UNIX Only): Mandatory Record Locking
SGID files : B.3.2.2. SGID files
sh (Bourne shell)
11.5.1. Shell Features
C.5.3. Running the User's Shell
(see also shells)
sh program : 5.5.3.2. Another SUID example: IFS and the /usr/lib/preserve hole
SUID and : 5.5.2. Problems with SUID
SHA (Secure Hash Algorithm)
6.5.3. Digital Signatures
6.5.4.2. SHA
shadow file
8.1.1. Accounts Without Passwords
8.8.5. Shadow Password Files
shadow passwords
3.2.1. The /etc/passwd File
8.4.1. Changing an Account's Password
8.8.5. Shadow Password Files
Shamir, Adi
6.4.2. Summary of Public Key Systems
6.4.6. RSA and Public Key Cryptography
shar format file : 11.1.4. Trojan Horses
shareware : 27.2.2. Viruses on the Distribution Disk
shell escapes
8.1.3. Accounts That Run a Single Command
8.1.4.6. Potential problems with rsh
in L.cmds list : 15.4.3. L.cmds: Providing Remote Command Execution
shell scripts, SUID
5.5.3. SUID Shell Scripts
5.5.3.2. Another SUID example: IFS and the /usr/lib/preserve hole
shells
1.2. What Is an Operating System?
3.2.1. The /etc/passwd File
11.1.4. Trojan Horses
11.5.1. Shell Features
11.5.1.4. Filename attacks
C.2. Creating Processes
C.5.3. Running the User's Shell
changing
8.4.2. Changing the Account's Login Shell
8.7.1. Integrating One-time Passwords with UNIX
history files : 10.4.1. Shell History
one-command accounts : 8.1.3. Accounts That Run a Single Command
restricted (rsh, ksh)
8.1.4.1. Restricted shells under System V UNIX
8.1.4.6. Potential problems with rsh
UUCP : (see uucico program)
shells file : 8.4.2. Changing the Account's Login Shell
Shimomura, Tsutomu : 23.3. Tips on Writing Network Programs
shoulder surfing
3.2.4. Passwords Are a Shared Secret
5.5.2. Problems with SUID
shredders : 12.3.3. Other Media
SHTTP : (see Secure HTTP)
shutdowns and wtmp file : 10.1.3. last Program
SIGHUP signal : C.4. The kill Command
SIGKILL signal : C.4. The kill Command
Signal Ground (SG) : 14.3. The RS-232 Serial Protocol
signal grounding : 25.3.3. Signal Grounding
signals : C.3. Signals
signature : 9.2. Detecting Change
signatures : (see digital signatures)
SIGSTOP signal : C.4. The kill Command
SIGTERM signal : 25.2.1.1. Too many processes
Simple Mail Transfer Protocol (SMTP)
17.3.4. Simple Mail Transfer Protocol (SMTP) (TCP Port 25)
17.3.4.3. Improving the security of Berkeley sendmail V8
Simple Network Management Protocol : (see SNMP)
single-user mode : C.5.1. Process #1: /etc/init
Skipjack algorithm : 6.4.1. Summary of Private Key Systems
slash (/)
IFS separator : 11.5.1.2. IFS attacks
root directory
5.1.1. Directories
(see also root directory)
Slave mode (uucico) : 15.1.4. How the UUCP Commands Work
slave server
19.4. Sun's Network Information Service (NIS)
(see also NIS)
SLIP (Serial Line Internet Protocol)
14.5. Modems and UNIX
16.2. IPv4: The Internet Protocol Version 4
Small Business Community Nationwide (SBA CERT) : F.3.4.31. Small Business Association (SBA): small business community nationwide
smap program : 17.3.4.1. sendmail and security
smart cards, firewalls : 21.5. Special Considerations
smit tool : 8.8.2. Constraining Passwords
smoke and smoking : 12.2.1.2. Smoke
SMTP (Simple Mail Transfer Protocol)
17.3.4. Simple Mail Transfer Protocol (SMTP) (TCP Port 25)
17.3.4.3. Improving the security of Berkeley sendmail V8
SNA (System Network Architecture) : 16.4.2. SNA
SNEFRU algorithm : 6.5.4.4. SNEFRU
sniffers
1.4.3. Add-On Functionality Breeds Problems
3. Users and Passwords
8.7. One-Time Passwords
17.3.3. TELNET (TCP Port 23)
(see also eavesdropping)
network : 16.3. IP Security
packet : 16.3.1. Link-level Security
SNMP (Simple Network Management Protocol) : 17.3.15. Simple Network Management Protocol (SNMP) (UDP Ports 161 and 162)
snoop program : 24.2.3. Monitoring the Intruder
SOCKS : E.4.8. SOCKS
soft disk quotas : 25.2.2.5. Using quotas
software
for backups
7.4. Software for Backups
7.4.7. inode Modification Times
bugs in : (see bugs)
for checking integrity : 19.5.5. NIS+ Limitations
checking new
8.1.5.2. Checking new software
11.1.2. Back Doors and Trap Doors
consistency of : 2.1. Planning Your Security Needs
distributing : (see FTP)
exporting : 26.4.1. Munitions Export
failure of : 7.1.1.1. A taxonomy of computer failures
hacker challenges : 27.2.4. Hacker Challenges
logic bombs : 11.1.3. Logic Bombs
operating system : (see operating systems)
patches for, logging : 10.7.2.2. Informational material
quality of
1.4.2. Software Quality
1.4.3. Add-On Functionality Breeds Problems
stolen (pirated)
17.3.2.6. Setting up anonymous FTP with the standard UNIX FTP server
26.4.2.1. Software piracy and the SPA
stored via FTP : 17.3.2.6. Setting up anonymous FTP with the standard UNIX FTP server
testing : 1.4.2. Software Quality
vendor license agreements : 18.5.2. Trusting Your Software Vendor
viruses : 11.1.5. Viruses
worms : 11.1.6. Worms
software patents : 6.7.1. Cryptography and the U.S. Patent System
Software Publishers Association (SPA) : 26.4.2.1. Software piracy and the SPA
Software Security Response Team (SSRT) : F.3.4.9. Digital Equipment Corporation and customers
Solaris
1.3. History of UNIX
8.7.1. Integrating One-time Passwords with UNIX
/etc/logindevperm : 17.3.21.1. /etc/fbtab and /etc/logindevperm
process limit : 25.2.1.1. Too many processes
Secure RPC time window : 19.3.1.3. Setting the window
/var/adm/loginlog file : 10.1.4. loginlog File
wtmpx file : 10.1.2. utmp and wtmp Files
Source Code Control System (SCCS) : 7.3.2. Building an Automatic Backup System
source code, keeping secret : 2.5. The Problem with Security Through Obscurity
SPA (Software Publishers Association) : 26.4.2.1. Software piracy and the SPA
Spaf's first principle : 2.4.4.5. Have authority commensurate with responsibility
spies
11.3. Authors
14.4.4.1. Kinds of eavesdropping
spoofing : 16.3. IP Security
network connection : 8.5.3.1. Trusted path
network services : 17.5. Monitoring Your Network with netstat
NIS : 19.4.4.5. Spoofing NIS
RPCs : 19.4.4.4. Spoofing RPC
spool file : 15.1.4. How the UUCP Commands Work
spoolers, printer : 12.3.4.1. Printer buffers
sprinkler systems
12.2.1.1. Fire
(see also water)
Sprint response team : F.3.4.32. Sprint
sprintf function
23.1.1. The Lesson of the Internet Worm
23.2. Tips on Avoiding Security-related Bugs
sscanf function : 23.2. Tips on Avoiding Security-related Bugs
SSL (Secure Socket Layer) : 18.4.1. Eavesdropping Over the Wire
SSRT (Software Security Response Team) : F.3.4.9. Digital Equipment Corporation and customers
Stallman, Richard : 1. Introduction
start bit
14.1. Modems: Theory of Operation
14.2. Serial Interfaces
startup command : 10.2.1. Accounting with System V
startup files
attacks via
11.5.2. Start-up File Attacks
11.5.2.7. Other initializations
intruder's changes to : 24.4.1.6. Changes to startup files
stat function : 5.4. Using Directory Permissions
state law enforcement : 26.2.1. The Local Option
stateless : 20.1.4.3. Connectionless and stateless
static electricity : 12.2.1.8. Electrical noise
static links : 23.4. Tips on Writing SUID/SGID Programs
stdio : (see portable I/O library)
Steele, Guy L. : 1. Introduction
sticky bits : 5.5.1. SUID, SGID, and Sticky Bits
on directories : 5.5.6. SGID and Sticky Bits on Directories
stolen property : (see theft)
stop bit
14.1. Modems: Theory of Operation
14.2. Serial Interfaces
storage
12.3.4. Protecting Local Storage
12.3.4.5. Function keys
strcpy routine : 23.1.1. The Lesson of the Internet Worm
streadd function : 23.2. Tips on Avoiding Security-related Bugs
strecpy function : 23.2. Tips on Avoiding Security-related Bugs
strength, cryptographic : 6.2.3. Cryptographic Strength
of DES algorithm
6.4.4.3. DES strength
6.4.5.2. Triple DES
of RSA algorithm : 6.4.6.3. Strength of RSA
string command : 12.3.5.2. X screen savers
strtrns function : 23.2. Tips on Avoiding Security-related Bugs
su command
4.2.1.2. Superuser is not for casual use
4.3. su: Changing Who You Claim to Be
4.3.8. Other Uses of su
becoming superuser : 4.3.4. Becoming the Superuser
log of failed attempts : 4.3.7. The Bad su Log
sulog file
10.1. The Basic Log Files
10.3.2. sulog Log File
utmp and wtmp files and : 10.1.2.1. su command and /etc/utmp and /var/adm/wtmp files
subnetting : 16.2.1.2. Classical network addresses
substitution (in encryption) : 6.1.2. Cryptography and Digital Computers
SUID/SGID programs
4.3.1. Real and Effective UIDs
5.5. SUID
5.5.7. SGID Bit on Files (System V UNIX Only): Mandatory Record Locking
B.3. SUID and SGID Files
back door via : 11.1.2. Back Doors and Trap Doors
chown command and : 5.7. chown: Changing a File's Owner
chroot call and : 8.1.5.2. Checking new software
created by intruders : 24.4.1.3. New SUID and SGID files
on directories : 5.5.6. SGID and Sticky Bits on Directories
disabling (turning off) : 5.5.5. Turning Off SUID and SGID in Mounted Filesystems
finding all files
5.5.4. Finding All of the SUID and SGID Files
5.5.4.1. The ncheck command
shell scripts
5.5.3. SUID Shell Scripts
5.5.3.2. Another SUID example: IFS and the /usr/lib/preserve hole
uucp access : 15.3. UUCP and Security
writing : 23.4. Tips on Writing SUID/SGID Programs
SUID/SGID programs:writing:programming:writing:zzz] : 23. Writing Secure SUID and Network Programs
suing : (see civil actions)
sulog file
4.3.7. The Bad su Log
10.3.2. sulog Log File
sum command
6.5.5.1. Checksums
9.2.3. Checksums and Signatures
Sun Microsystem's NIS : (see NIS)
Sun Microsystems : F.3.4.34. Sun Microsystems customers
SUN-DES-1 authentication : 17.3.21.3. The xhost facility
SunOS operating system : 1.3. History of UNIX
authdes_win variable : 19.3.1.3. Setting the window
/etc/fbtab file : 17.3.21.1. /etc/fbtab and /etc/logindevperm
TFTP sand : 17.3.7. Trivial File Transfer Protocol (TFTP) (UDP Port 69)
trusted hosts and : 17.3.18.5. Searching for .rhosts files
superencryption : 6.4.5. Improving the Security of DES
superuser
4. Users, Groups, and the Superuser
4.2.1. The Superuser
4.2.1.5. The problem with the superuser
(see also root account)
abilities of : 27.1.3. What the Superuser Can and Cannot Do
becoming with su : 4.3.4. Becoming the Superuser
changing passwords
8.4.1. Changing an Account's Password
8.8.8. Disabling an Account by Changing Its Password
encryption and : 6.2.4. Why Use Encryption with UNIX?
logging attempts to become : (see sulog file)
problems with : 4.2.1.5. The problem with the superuser
restrictions on : 4.2.1.4. What the superuser can't do
TCB files : 8.5.3.2. Trusted computing base
using passwd command : 3.5. Verifying Your New Password
web server as : 18.2.1. The Server's UID
SURFnet : F.3.4.25. Netherlands: SURFnet-connected sites
surges : (see power surges)
SVR4 (System V Release 4) : 1.3. History of UNIX
swap partition : 5.5.1. SUID, SGID, and Sticky Bits
swap space : 25.2.3. Swap Space Problems
Swatch program
10.6. Swatch: A Log File Tool
10.6.2. The Swatch Configuration File
E.4.9. Swatch
SWITCH : F.3.4.35. SWITCH-connected sites
symbolic links and permissions : 5.1.7. File Permissions in Detail
symbolic-link following
18.2.2.2. Additional configuration issues
18.3.2. Commands Within the <Directory> Block
SymLinksIfOwnerMatch option : 18.3.2. Commands Within the <Directory> Block
symmetric key : (see private-key cryptography)
SYN bit : 16.2.4.2. TCP
sync system call
5.6. Device Files
8.1.3. Accounts That Run a Single Command
sys (user) : 4.1. Users and Groups
syslog facility
4.3.7. The Bad su Log
10.5. The UNIX System Log (syslog) Facility
10.5.3.1. Beware false log entries
23.1.1. The Lesson of the Internet Worm
false log entries : 10.5.3.1. Beware false log entries
where to log
10.5.2. Where to Log
10.5.2.3. Logging everything everywhere
syslog file : 17.3.4.3. Improving the security of Berkeley sendmail V8
syslog.conf file : 10.5.1. The syslog.conf Configuration File
systat service : 17.3.1. systat (TCP Port 11)
system
auditing activity on : 2.1. Planning Your Security Needs
backing up critical files
7.3. Backing Up System Files
7.3.2. Building an Automatic Backup System
control over : (see access control)
database files : 1.2. What Is an Operating System?
overload attacks : 25.2.1.2. System overload attacks
performance : (see performance)
remote, commands on : 15.1.2. uux Command
summarizing usage per user : 25.2.2.2. quot command
transfering files to other : 15.1.1. uucp Command
system (in swatch program) : 10.6.2. The Swatch Configuration File
system administration : 2.4.4.5. Have authority commensurate with responsibility
avoiding conventional passwords
8.8. Administrative Techniques for Conventional Passwords
8.8.9. Account Names Revisited: Using Aliases for Increased Security
change monitoring : 9.3. A Final Note
changing passwords
8.4.1. Changing an Account's Password
8.8.8. Disabling an Account by Changing Its Password
cleaning up /tmp directory : 25.2.4. /tmp Problems
contacting administrator : 24.2.4.2. How to contact the system administrator of a computer you don't know
controlling UUCP security : 15.3. UUCP and Security
detached signatures (PGP) : 6.6.3.6. PGP detached signatures
disabling finger system : 17.3.8.2. Disabling finger
discovering intruders
24.2. Discovering an Intruder
24.2.6. Anatomy of a Break-in
dual universes and : 5.9.1. Dual Universes
errors by : 7.1.1.1. A taxonomy of computer failures
finding largest files : 25.2.2.1. Disk-full attacks
immutable files and : 9.1.1. Immutable and Append-Only Files
locked accounts : 3.3. Entering Your Password
message authentication : 6.5.2. Using Message Digests
monitoring phantom mail : 17.3.4.2. Using sendmail to receive email
new passwords : 3.4. Changing Your Password
read-only filesystems and : 9.1.2. Read-only Filesystems
references on : D.1.11. UNIX Programming and System Administration
removing automatic backups : 18.2.3.5. Beware stray CGI scripts
sanitizing media : 12.3.2.3. Sanitize your media before disposal
trusting : 27.3.2. Your System Administrator?
weakness-finding tools : 11.1.1. Security Tools
system call : 5.1.7. File Permissions in Detail
system clock
changing
5.1.5. File Times
9.2.3. Checksums and Signatures
17.3.14. Network Time Protocol (NTP) (UDP Port 123)
for random seeds : 23.8. Picking a Random Seed
Secure RPC timestamp : 19.3.1.3. Setting the window
system files : 11.6.1.2. Writable system files and directories
initialization files : 11.5.3.5. System initialization files
system function
5.5.3.2. Another SUID example: IFS and the /usr/lib/preserve hole
18.2.3.2. Testing is not enough!
18.2.3.3. Sending mail
23.2. Tips on Avoiding Security-related Bugs
system functions, checking arguments to : 23.2. Tips on Avoiding Security-related Bugs
System Network Architecture (SNA) : 16.4.2. SNA
System V UNIX
Which UNIX System?
1.3. History of UNIX
accounting with : 10.2.1. Accounting with System V
chroot in : 8.1.5. Restricted Filesystem
default umask value : 5.3. The umask
groups and : 4.1.3.2. Groups and older AT&T UNIX
inittab program : C.5.1. Process #1: /etc/init
modems and : 14.5.1. Hooking Up a Modem to Your Computer
passwords : 8.1.1. Accounts Without Passwords
ps command with : C.1.2.1. Listing processes with systems derived from System V
random number generators : 23.7.3. drand48 ( ), lrand48 ( ), and mrand48 ( )
recent login times : 10.1.1. lastlog File
Release 4 (SVR4) : 1.3. History of UNIX
restricted shells : 8.1.4.1. Restricted shells under System V UNIX
SGI bit on files : 5.5.7. SGID Bit on Files (System V UNIX Only): Mandatory Record Locking
su command and : 4.3.6. Restricting su
SUID files, list of : B.3. SUID and SGID Files
utmp and wtmp files : 10.1.2. utmp and wtmp Files
UUCP : 15.4.1.3. Format of USERFILE entry without system name
/var/adm/loginlog file : 10.1.4. loginlog File
wtmpx file : 10.1.2. utmp and wtmp Files
Systems file : 15.3.3. Security of L.sys and Systems Files


Search | Symbols | A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z

Copyright © 1999 O'Reilly & Associates, Inc. All Rights Reserved.

[ Library Home | DNS & BIND | TCP/IP | sendmail | sendmail Reference | Firewalls | Practical Security ]



Practical Unix and Internet Security
Practical Unix and Internet Security, 2nd Edition
ISBN: B00009B1UZ
EAN: N/A
Year: 1995
Pages: 28

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net