Security-Links

Common Security Commands

rpcinfo
rusers
logger  send entries to syslogd from command line
prstat displays process info sorted by cpu utilization
sdtprocess precess info that can be sorted
vmstat virtual memory statistics
top provides continual info on state of system requires read access to all files in the
    /proc directory, memory files /dev/kmem, /dev/mem and system image /vmunix
    groupsys/top   
find /usr/bin -ls -type f -print | xargs sum > /var/security/filecheck  generates CRC for each file in /usr/bin
find /usr -mtime -1 -print find all files modified in last 24hrs.
find /people -user root -print find all files owned by root
find /usr/bin -user root -perm -4000 -print all set-user-id files owned by root
find / -user root \( -type f -o -type d \) -perm -2 -print files or dirs owned by root writable by others.
find / -user username -ls  find and list all files owned by username
find / -user username -exec -rm -f {} \;   find all files owned by username and delete
find . -exec chown newuser {} \pathtonewdir;  change owner ship and mv to new location.
find / -perm -o=w -print  find files that are world writeable
find / \( -perm -u=s -o -perm -g=s\) -type f -print locate all the plain file types of the SUID and SGID files
find / \( -type c -o ptype b \) -ls    find all character and block special device files
logins -s  lists system accounts
logins -u list user accounts
logins -d list duplicate accounts
logins -p list accounts without passwords
df -k -F tmpfs   list file systems mounted on swap space
ncheck -s checks for special files and SUID files in vfstab
chmod -t /work in world writeable directories user can only modify own files.
openssl enc -e -bf -in /pathtofile -out /pathtofile.bf     to encrypt files
openssl enc -d -bf -n /pathtofile.bf -out /pathtofile      to decrypt
To preathenticate and not have to enter the passphrase for your key
    shh-agent csh
    ssh-add  enter passphrase  you can now ssh and scp to machines without
                   entering your passphrase.
    ssh-add -l lists identities
    ( I have not been able to get this to work, yet. )

log files
/var/adm/utmpx provides info about users currently logged in.  who, whodo, w, users, finger.
/var/adm/wtmpx provides login and logout info, type of connection and remote hostname. last
/var/adm/sulog  provides all info on attempts to become another user. /etc/default/su is conifig file.
/var/adm/messages all messages that are sent to console.  /etc/syslog.conf  /usr/sbin/syslogd  
   also /etc/default/login  /etc/default/su
/var/adm/pacct Solaris OE Accounting log file.  scripts /usr/lib/acct.  data and reports /var/adm/acct
   Setting up accounting
    ln /etc/init.d/acct /etc/rc2.d/S22acct
    ln /etc/init.d/acct /etc/rc0.d/K22acct
    ln /etc/init.d/acct /etc/rc1.d/K22acct
    ln /etc/init.d/acct /etc/rcS.d/K22acct
    crontab -l root   30 22 * * 4 /usr/lib/acct/dodisk
    crontab -l adm   0 * * * * /usr/lib/acct/ckpacct
                                30 2 * * * /usr/lib/acct/runacct 2> /var/adm/acct/nite/fd2log
                                30 7 1 * * /usr/lib/acct/monacct
     /etc/init.d/acct start  or /usr/lib/acct/startup
     /usr/lib/acct/shutacct ["reason for stopping"] to stop



to probe for an account by telneting into the sendmail port
telnet host 25
expn login
quit