Summary : Security and other info

From: JOSEPH AAJ Chackompally (AAJ@necsin.nec.com.sg)
Date: Tue Dec 16 1997 - 04:54:30 CST


Hello Managers.

My Sincere Thanks to the following Sun Managers

Mike Chang <machang@pfoo.com>
MARK SAYER <MSAYER@cuscal.com.au>
Steve Boyko <SBoyko@nbpower.com>
Jim Harmon <jharmon@telecnnct.com>
Jay Morgan <jmorgan@qualix.com>

Here are the questions and the answers

Q1. Is there any method by which I can monitor my machine's status
(up/down) from a remotes site or to get a paging? Please give details.

write a script to do ping.
http://www.vix.com/hylafax (fax/paging program)

http://www.stokely.com/stokely/unix.sysadm.resources/autosysmgm.backup.h
there are some scripts featured in the February 1997 issue of Sys Admin
magazine. The article was "Automating Basic System Activity
Monitoring", by Bruce Alan Wynn.

There are three things that these utilities monitor: free disk space,
hosts up/down, and critical processes. On failure, they can be
configured to e-mail, page, etc. (since they're all scripts, they're
easily configurable).

You could do a number of things, including using SNMP management (HP
OpenView, SunNetManager or something like that) if you want to
monitor processes, you could use cron commands that run every
once-in-a-while that check status. You could also use High Availability
software that would allow you to have another system standing by to
take over in the event of a failure. There are a few implementations of
HA software, including Veritas FirstWatch, Sun Solstice HA, and Qualix
HA+ (my [ Jay's ] favorite :-). Now that I think about it, you could
probably use HA+ in a single host environment where essentially QHAP
was just monitoring processes and restarting when necessary.

Q2. Is there a feature in the exisiting Sun machines for automatic restart
of the machine immediately after it went down, if so in which model ?

Check the auto-boot parameter at the OK prompt
This should NOT be set to FALSE

Q3. Where is the details about the time the system went down stored, if
it is stored somwhere how can I read that or forward the same to me by
a pager.

in /var/adm/messages

using a program like swatch
(ftp://ftp.stanford.edu/general/security-tools/swatch)
you can have it watch your /usr/adm/message file for certain strings.
When those strings appear you can have swatch do any number of
actions -from running a program (like a paging program), to emailing you,
to just beeping .....

also make the proper entries in /etc/syslog.conf

System reboot time is recorded by the OS and is stored in the file
/var/adm/wtmpx (which holds login information).

The command:
last reboot -n 1
will give you the time of the most recent reboot. Change -n 1 to -n 50
to see the last 50 reboots, etc.

Q4. I also would like to know about the security details for files.
If some body try to access or modify any files, how can I get a report of
that. I have heard about ACL, C2, ASET etc, can some one provide me
some details.

Tripwire is a standard security program which monitors changes in
system binaries... (ftp://coast.cs.purdue.edu/pub/COAST/Tripwire)

do a CRC check on all your system special files...this will find any trojan
replacements or modifications to text config files. Also run a setuid check
like the following line:

find / -user root -perm 4000 -perm 2 -print

This will find all setuid files on your system which are world
writeable. use some scripts from COPS.

Check your root .profile and .cshrc (depending on which shell you are
using). Make sure they aint wrtieable. Make sure you don't have a . in
your $path.

Investigate the AUDIT utility that is part of SunOS/Solaris.

Thanks and Regards
Aaj



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:12:11 CDT