This page is a collection of pointers to information that will help departmental and individual users improve the security of their UNIX systems.
If you believe your system may have been broken into, please review the following information for actions to take:
One key element of system security is to be sure that your system has the latest vendor patches applied, particularly those that correct security problems.
Your system manufacturer provides these patches (and installation instructions), likely via an anonymous ftp or web site (see Vendor Security Support Sites).
The following are particularly important advisories regarding UNIX systems:
See also Security Advisory Information about receiving and reviewing other computer security alerts.
If you administer particular vendor(s) systems, you may find helpful security advisory information and/or patches at a vendor site. We keep links to these at: our vendor support site.
Some tools are available to help you administer a secure system. We especially recommend the following, although not all will be useful in all situations.
cops is a UNIX security toolkit that analyzes your system security. You may get cops from ftp://coast.cs.purdue.edu/pub/tools/unix/cops.
tiger is a set of scripts that scan a UNIX system looking for security problems. Its function is similar to cops; we recommend using either cops or tiger but not necessarily both. Of the two, tiger is perhaps easier to install. Tiger is available at ftp://coast.cs.purdue.edu/pub/tools/unix/tiger.
This is a feature distributed with some systems that you should enable--consult your system documentation. (It is part of the "C2 security package" in SunOS.) It protects the encrypted passwords in the system password file, which would otherwise be accessible by anyone and thus subject to Crack (see below).
This program checks your users' passwords for "guessable" values. It works by encrypting a list of likely passwords and seeing if the result matches any of your user's encrypted passwords (which must be provided to it--see shadow passwords above). It is surprisingly effective. You may get Crack at ftp://coast.cs.purdue.edu/pub/tools/unix/crack/.
These are two similar packages that force users to choose good passwords (thus reducing vulnerability to Crack--see above). However, note that they are generally incompatible with shadow passwords (also see above). You may get npasswd at ftp://coast.cs.purdue.edu/pub/tools/unix/password/.
Tripwire will checksum your system files, and later detect if an intruder has made any modifications. This is somewhat resource-intensive, but the alternative (re-installing your system from scratch) is quite costly. You may get Tripwire from http://www.tripwiresecurity.com/.