I want to periodically check if ASCII password/config files on Unix have 400 or 600 access. Folders and files are owned by designated group and user. Folders and Files do not have world write access.
Are there any tools/scripts available for this kind of auditing that I can use on Solaris? (7 Replies)
I read somewhere that you should make sure Apache is configured to not allow symbolic links to be followed outside the webroot, as this can compromise security.
I can imagine how this could lead to a security risk:
eg:
Is my assumption correct? -- Is it nothing more than: "its just... (0 Replies)
Hi,
I am doing a services audit on one of our servers at work and I notice that I sometimes have a service with two slightly different prefixes. For example,
S94httpd
K15httpd
Can one of them be safely deleted? (2 Replies)
secsetup(8) System Manager's Manual secsetup(8)Name
secsetup - enable the enhanced security features
Syntax
/usr/etc/sec/secsetup
Description
The command is an interactive facility that allows you to enable the enhanced security features on your system. You must first have loaded
the enhanced security subset onto your system before running the command.
The command allows you to configure your system either for security auditing, trusted path, enhanced login, or any combination of those
features. In addition, the command may add lines to the file. To remove entries from the you must edit it by hand. The command only adds
lines to this file if they aren't already present. You can run while the system is in multiuser mode (however, some inconsistencies may
result from this. See the Security Guide for Administrators for more information). To run type the following and then answer the ques-
tions that follow:
# /usr/etc/sec/secsetup
Depending on the security features chosen, when completes you may need to replace your system's kernel and reboot the system. For example,
chosing either the security auditing or trusted path feature may require you to re-build your kernel.
FilesSee Alsoset_audit_mask(8), auth(5), svc.conf(5)
Security Guide for Administrators
secsetup(8)