I want to periodically check if ASCII password/config files on Unix have 400 or 600 access. Folders and files are owned by designated group and user. Folders and Files do not have world write access.
Are there any tools/scripts available for this kind of auditing that I can use on Solaris? (7 Replies)
I read somewhere that you should make sure Apache is configured to not allow symbolic links to be followed outside the webroot, as this can compromise security.
I can imagine how this could lead to a security risk:
eg:
Is my assumption correct? -- Is it nothing more than: "its just... (0 Replies)
Hi,
I am doing a services audit on one of our servers at work and I notice that I sometimes have a service with two slightly different prefixes. For example,
S94httpd
K15httpd
Can one of them be safely deleted? (2 Replies)
secweb(1M)secweb(1M)NAME
secweb - invokes the HP-UX Auditing and Security Attributes Configuration tool
SYNOPSIS
[ ] [ ]
DESCRIPTION
The HP-UX Auditing and Security Attributes Configuration tool ( ) is used to configure suditing sub-system and, view and configure system-
wide and per-user (Local users and NIS users) values of security attributes. It also gives information about account locks.
The HP-UX Auditing and Security Attributes Configuration tool provides both Web-based and terminal user interface (for Security Attributes
Configuration only). The Web-based interface is launched through the HP System Management Homepage.
Superuser privileges are required to access the HP-UX Auditing and Security Attributes Configuration tool. A user who does not have supe-
ruser privileges has read-only access to the System Defaults area in the HP-UX Auditing and Security Attributes Configuration tool and can-
not modify or reset per-user values.
The terminal user interface is invoked if any of the following conditions are true:
o The command is invoked with option.
o The environment variable is not set.
The Web-based interface is launched if all the following conditions are true:
o The command is invoked with option.
o The environment variable is set.
o The command is available on the system.
If the Web-based interface cannot be launched, invokes the terminal user interface.
Options
recognizes the following options:
Forces a client browser to be used in less secure ways.
The option forces the client browser to be used or started, even when the X-traffic between the X-server and the Mozilla
browser is not secure.
Use this option only when you are sure the network traffic between the host where Mozilla is running and the host in the
DISPLAY variable is secure.
If cannot start the Web browser, the terminal interface is started.
When the HP-UX Auditing and Security Attributes Configuration Web interface is invoked by SAM, the option is used.
If a privileged user (root) executes the
command with the option, a temporary login bypass key is generated. The bypass key enables the user to access the Web
interface without having to provide login information again.
When the HP-UX Auditing and Security Attributes Configuration Web interface is invoked by SAM, the option is used.
Opens the terminal interface for setting system-wide and
per-user values of security attributes regardless of the current setting of the environment variable.
You can also start the HP-UX Auditing and Security Attributes Configuration tool using one of the following methods:
o Invoke and select the Auditing and Security Attributes Configuration (character mode) functional area to launch the terminal user
interface and the Auditing and Security Attributes Configuration (Web-based Interface) to launch the Web-based tool
o Invoke the HP-UX Auditing and Security Attributes Configuration tool Web interface by typing the URL in the address bar of your
browser, where hostname is the name of the server
o Launch the HP-UX Systems Insight Manager on the server and select the Auditing and Security Attributes Configuration tool from
Configure -> HP-UX Configuration menu
Online Help
After the HP-UX Auditing and Security Attributes Configuration tool is started, the online help provides details on how to use the tool.
RETURN VALUES
Upon completion, secweb returns one of the following values:
o 0 Successful
o 1 An error occurred
WARNINGS
o For increased security, paste the URL in your browser, click on the Tools menu in the menu bar, then the Auditing and Security
Attributes Configuration functional area.
o The default minimum values of the security attributes , , , and does not meet the requirements for passwd(1M) command. A password must
contain at least two letters and at least one numeric or special character. It is recommended to change the default values in for the
above mentioned security attributes as per passwd(1M) requirements. For more information on password construction requirements, refer
passwd(1M).
AUTHOR
was developed by Hewlett-Packard Company.
SEE ALSO sam(1M), security(4), userdb(4)secweb(1M)