Thanks to all who responded to my question. It really helped and
I have clear view on things now.
Special thanks to
Casper Dik
Brown, Melissa
Danny Cox
Answers given by Casper Dik is as follow:
>Hi,
>some problems with login account was reflected when we ran a security
>checking software on our servers
>The problems reflected are as follows :
>
>1.) These login IDs are disabled and should be removed,
> Can we remove them from our server?
> daemon
> bin
> sys
> adm
> lp
> smtp
> uucp
> nuucp
> listen
> nobody
> noaccess
> nobody4
Your security checking software is flawed; the accounts are there to
provide uid->name mappings for installed filed; system maintenance
(pkg/patch installation) may break if these accounts are removed.
>2.) The 'smtp' account and 'root' account is having the same usid, is it a
>default from SUN Solaris?
Yes, upto Solaris 2.6; the smtp account serves no purpose and should
be removed.
>3.) The current owner of this file "/opt/totalnet/" is totalnet, is there
>any implication if we change the file owner to tnnobody?
Nobody is a uid that results from mapping certain privileged remote
operations to local operations; it is not advised that "nobody" owns
anything as it gives the "nobody" users some rights on the system
it shouldn't have.
>4.) The following files are advised to change from a directory to file, is
>it necessary?
> /usr/lib/locale/de/LC_MONETARY/
> /usr/lib/locale/de/LC_NUMERIC/
> /usr/lib/locale/de/LC_TIME/
> /usr/lib/locale/fr/LC_MONETARY/
> /usr/lib/locale/fr/LC_NUMERIC/
> /usr/lib/locale/fr/LC_TIME/
> /usr/lib/locale/it/LC_MONETARY/
> /usr/lib/locale/it/LC_NUMERIC/
> /usr/lib/locale/it/LC_TIME/
> /usr/lib/locale/sv/LC_MONETARY/
> /usr/lib/locale/sv/LC_NUMERIC/
> /usr/lib/locale/sv/LC_TIME/
> /usr/lib/locale/C/LC_MONETARY/
> /usr/lib/locale/C/LC_NUMERIC/
> /usr/lib/locale/C/LC_TIME/
Who advised this? Are they completely confused?
Those are supposed to be directories. If they are not, the
localization code will not work.
>5.) The following files are advised to change from a soft link to file, is
>it necessary?
> /etc/opt/SUNWleo/bin/leo.ucode
> /etc/opt/SUNWleo/bin/leoconfig
> /sbin/bpgetfile
> /sbin/su
> /usr/bin/disable
> /usr/openwin/bin/rpc.cmsd
> /usr/sbin/reject
> /usr/sbin/swmtool
> /usr/ucb/hostid
> /usr/ucb/hostname
> /usr/ucb/logger
> /usr/ucb/lpq
> /usr/ucb/lpr, etc.
>( There are more files under /usr/ucb/*, /var/sadm/*,
>/opt/SUNWits/Graphics-sw/xil/lib/*, /usr/lib/*, /usr/openwin/*.)
Come again? Why? This is how Solaris is installed; there is no
risj.
>6.) The following files are advised to change from a soft link to
>directory, is it necessary?
> /usr/share/src/uts/sun4c/sys
> /usr/share/src/uts/sun4c/vm
> /usr/share/src/uts/sun4d/sys
> /usr/share/src/uts/sun4d/vm
> /usr/share/src/uts/sun4m/sys
> /usr/share/src/uts/sun4m/vm
They are installed as softlinks; there is no reason to change this.
7.) The following files are advised to remove the SUID and GUID, is it
>necessary?
> /opt/totalnet/bin/tnpasswd
> /opt/totalnet/lib/login.cgi
> /opt/totalnet/lib/tnas.cgi
> /opt/totalnet/sbin/refresh
> /opt/totalnet/sbin/tnkill
> /opt/totalnet/sbin/tnprinter
> /opt/totalnet/sbin/tnshut
> /opt/totalnet/sbin/tnvolume
I don't know. Who is advising this? Some functionality may break if you
change these.
Casper
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:13:33 CDT