Security-Links
Common Security Commands
rpcinfo
rusers
logger send entries to syslogd from command line
prstat displays process info sorted by cpu utilization
sdtprocess precess info that can be sorted
vmstat virtual memory statistics
top provides continual info on state of system requires read access to all files in the
/proc directory, memory files /dev/kmem, /dev/mem and system image /vmunix
groupsys/top
find /usr/bin -ls -type f -print | xargs sum > /var/security/filecheck generates CRC for each file in /usr/bin
find /usr -mtime -1 -print find all files modified in last 24hrs.
find /people -user root -print find all files owned by root
find /usr/bin -user root -perm -4000 -print all set-user-id files owned by root
find / -user root \( -type f -o -type d \) -perm -2 -print files or dirs owned by root writable by others.
find / -user username -ls find and list all files owned by username
find / -user username -exec -rm -f {} \; find all files owned by username and delete
find . -exec chown newuser {} \pathtonewdir; change owner ship and mv to new location.
find / -perm -o=w -print find files that are world writeable
find / \( -perm -u=s -o -perm -g=s\) -type f -print locate all the plain file types of the SUID and SGID files
find / \( -type c -o ptype b \) -ls find all character and block special device files
logins -s lists system accounts
logins -u list user accounts
logins -d list duplicate accounts
logins -p list accounts without passwords
df -k -F tmpfs list file systems mounted on swap space
ncheck -s checks for special files and SUID files in vfstab
chmod -t /work in world writeable directories user can only modify own files.
openssl enc -e -bf -in /pathtofile -out /pathtofile.bf to encrypt files
openssl enc -d -bf -n /pathtofile.bf -out /pathtofile to decrypt
To preathenticate and not have to enter the passphrase for your key
shh-agent csh
ssh-add enter passphrase you can now ssh and scp to machines without
entering your passphrase.
ssh-add -l lists identities
( I have not been able to get this to work, yet. )
log files
/var/adm/utmpx provides info about users currently logged in. who, whodo, w, users, finger.
/var/adm/wtmpx provides login and logout info, type of connection and remote hostname. last
/var/adm/sulog provides all info on attempts to become another user. /etc/default/su is conifig file.
/var/adm/messages all messages that are sent to console. /etc/syslog.conf /usr/sbin/syslogd
also /etc/default/login /etc/default/su
/var/adm/pacct Solaris OE Accounting log file. scripts /usr/lib/acct. data and reports /var/adm/acct
Setting up accounting
ln /etc/init.d/acct /etc/rc2.d/S22acct
ln /etc/init.d/acct /etc/rc0.d/K22acct
ln /etc/init.d/acct /etc/rc1.d/K22acct
ln /etc/init.d/acct /etc/rcS.d/K22acct
crontab -l root 30 22 * * 4 /usr/lib/acct/dodisk
crontab -l adm 0 * * * * /usr/lib/acct/ckpacct
30 2 * * * /usr/lib/acct/runacct 2>
/var/adm/acct/nite/fd2log
30 7 1 * * /usr/lib/acct/monacct
/etc/init.d/acct start or /usr/lib/acct/startup
/usr/lib/acct/shutacct ["reason for stopping"] to stop
to probe for an account by telneting into the sendmail port
telnet host 25
expn login
quit