Practical UNIX & Internet Security

Practical UNIX & Internet SecuritySearch this book
Previous: A.1 PrefaceAppendix BNext: B.2 Important Files in Your Home Directory
 

B. Important Files

Contents:
Security-Related Devices and Files
Important Files in Your Home Directory
SUID and SGID Files

This appendix lists some of the files on UNIX systems that are important from the perspective of overall system security. We have tried to make this as comprehensive a list as possible. Nevertheless, there are doubtless some system-specific files that we have omitted. If you don't see a file here that you think should be added, please let us know.

B.1 Security-Related Devices and Files

This section lists many of the devices, files, and programs mentioned in this book. Note that these programs and files may be located in different directories under your version of UNIX.

B.1.1 Devices

All UNIX devices potentially impact security. You should, however, pay special attention to the following entries. On many systems, including SVR4, these entries are links to files in the /devices directory, but the actual names in that directory depend on the underlying hardware configuration. Thus, we will reference them by the /dev.

Name

Description

/dev/audio

Audio input/output device

/dev/console

System console

/dev/*diskette*

Floppy disk device

/dev/dsk/*

System disks

/dev/fbs/*

Framebuffers

/dev/fd/*

File descriptors (/dev/fd/0 is a synonym for stdin, /dev/fd/1 for stdout, etc)

/dev/*fd*

Floppy disk drives

/dev/ip

IP interface

/dev/kbd

Keyboard device

/dev/klog

Kernel log device

/dev/kmem

Kernel memory

/dev/kstat

Kernel statistics device

/dev/log

Log device

/dev/mem

Memory

/dev/modem

Modem

/dev/null

Null device

/dev/pty*

Pseudo terminals

/dev/random

Random device

/dev/rdsk

Raw disk devices

/dev/rmt8

Tape device

/dev/*sd*

SCSI disks

/dev/*st*

SCSI tapes

/dev/tty*

Terminal devices

/dev/zero

Source of nulls

B.1.2 Log Files

Name

Description

/etc/utmp

Lists users currently logged into system

/etc/utmpx

Extended utmp file

/etc/wtmp

Records all logins and logouts

/etc/wtmpx

Extended wtmp file

/usr/adm/acct[1]

Records commands executed

/usr/adm/lastlog

Records the last time a user logged in

/usr/adm/messages

Records important messages

/usr/adm/pacct

Accounting for System V (usually)

/usr/adm/saveacct

Records accounting information

/usr/adm/wtmp

Records all logins and logouts

[1] /usr/adm may actually be a link to /var/adm.

B.1.3 System Databases

Name

Description

/etc/bootparams

Boot parameters database

/etc/cron/*

System V start-up files

/etc/defaultdomain

Default NIS domain

/etc/defaultrouter

Default router to which your workstation sends packets destined for other networks

/etc/defaults/su

Default environment for root after su

/etc/defaults/login

Default environment for login

/etc/dfs/dfstab

SVR4

/etc/dialup

List of dial-up lines

/etc/dumpdates

Records when a partition was dumped

/etc/d_passwd

File of dial-up passwords (some systems)

/etc/ethers

Mapping of ethernet addresses to IP addresses for RARP

/etc/exports

NFS exports list (Berkeley-derived systems)

/etc/fbtab

Login device permission (SunOS systems)

/etc/filesystems

List of AIX filesystems the computer supports

/etc/ftpusers

List of users not allowed to use FTP over the network

/etc/fstab

Filesystems to mount (Berkeley)

/etc/group

Denotes membership in groups

/etc/hostnames.xx

Hostname for interface xx

/etc/hosts

List of IP hosts and host names

/etc/hosts.allow

Hosts for which tcpwrapper allows connection

/etc/hosts.deny

Hosts for which tcpwrapper denies connection

/etc/hosts.equiv

Lists trusted machines

/etc/hosts.lpd

Lists machines allowed to print on your computer's printer

/etc/inetd.conf

Configuration file for /etc/inetd

/etc/init.d/*

System V start-up files

/etc/inittab

tty start-up information; controls what happens at various run levels (System V)

/etc/keystore

Used in SunOS 4.0 to store cryptography keys

/etc/login.access

Used to control who can log in from where (logdaemon and some more recent BSD systems)

/etc/logindevperm

Login device permissions (Solaris systems)

/etc/master.passwd

Shadow password file on some BSD systems

/etc/motd

Message of the day

/etc/mnttab

Table of mounted devices

/etc/netgroup

Netgroups file for NIS

/etc/netid

Netname database

/etc/netstart

Network configuration for some BSD systems

/etc/nodename

Name of your computer

/etc/ntp.conf

NTP configuration file

/etc/nsswitch.conf

For Solaris (files, NIS, NIS+), the order in which system databases for accounts, services, etc., should be read

/etc/passwd

Users and encrypted password

/etc/printcap

Printer configuration file

/etc/profile

Default user profile

/etc/publickey

Computer's public key

/etc/rc*

Reboot commands script

/etc/rc?.d/*

System V start-up files for each run level

/etc/remote

Modem and telephone-number information for tip

/etc/resolv.conf

DNS configuration file

/etc/security/*

Various operating system security files

/etc/security/passwd.adjunct

Shadow-password file for SunOS

/etc/services

Lists network services

/etc/shadow

Shadow password file

/etc/shells

Legal shells for FTP users and for legal shells to the chsh command

/etc/skeykeys

Used by S/Key

/etc/socks.conf

SOCKS configuration file

/etc/syslog.conf

syslog configuration file

/etc/tftpaccess.ctl

Access to TFTP daemon (AIX systems)

/etc/timezone

Your time zone

/etc/ttys, /etc/ttytab

Defines active terminals

/etc/utmp

Lists users currently logged into system

/etc/vfstab

Filesystems to mount at boot time (SVR4)

/etc/X0.hosts

Allows access to X0 server

/usr/lib/aliases or/etc/aliases

Lists mail aliases for /usr/lib/sendmail (maybe in /etc or/etc/sendmail)

/usr/lib/crontab

Scheduled execution file

/usr/lib/sendmail.cf

sendmail configuration file

/usr/lib/uucp/Devices

UUCP BNU

/usr/lib/uucp/L.cmds

UUCP Version 2

/usr/lib/uucp/L-devices

UUCP Version 2

/usr/lib/uucp/Permissions

UCP BNU

/usr/lib/uucp/USERFILE

UUCP Version 2

/var/spool/cron*

cron files include cron.allow cron.deny, at.allow, and at.deny

/var/spool/cron/crontabs/*

Individual user files (System V)

B.1.4 /bin Programs

Some of these programs may be found in other directories, including /usr/bin, /sbin, /usr/sbin, /usr/ccs/bin, and /usr/local/bin.

Name

Description

adb

Debugger; also can be used to edit kernel

cc

C compiler

cd, chdir

Built in shell command

chgrp

Changes group of files

chmod

Changes permissions of files

chown

Changes owner of files

chsh

Changes a user's shell

cp

Copies files

crypt

Encrypts files

csh

C-shell command interpreter

cu

Places telephone calls

dbx

Debugger

des

DES encryption/decryption program

ex3.7preserve, ex3.7recover

vi buffer recovery programs

find

Finds files

finger

Prints information about users

fsirand

Randomizes i-node numbers on a disk

ftp

Transfers files on a network

gcore

Gets a core file for a running process

kill

Kills processes

kinit

Authenticates to Kerberos

ksh

Korn-shell command interpreter

last

Prints when users logged on

lastcomm

Prints what commands were run

limit

Changes process limits

login

Prints password

ls

Lists files

mail

Sends mail

netstat

Prints status of network

newgrp

Changes your group

perl suidperl taintperl

System administration and programming language. SUID perl has special provisions for SUID programs; taintperl has special data-tainting features

passwd

Changes passwords

ps

Displays processes

pwd

Prints your working directory

renice

Changes the priority of a process

rlogin

Logs you into another machine

rsh, krsh, rksh

Restricted shell (System V)

rsh

Remote shell (named remsh on System V)

sh

Bourne-shell command interpreter

strings

Prints the strings in a file

su

Become the superuser, or change your current user ID

sysadmsh

System administrator's shell

telnet

Becomes a terminal on another machine

tip

Calls another machine

umask

Changes your umask (shell built-in)

users

Prints users logged in

uucheck

Checks UUCP security

uucico

Transfers UUCP files

uucp

Queues files for transfer by UUCP

uudecode

Decodes uu-encoded files

uux

Queues programs for execution by UUCP

w

Prints what people are doing

who

Prints who is logged in

write

Prints messages on another's terminal

xhost

Allows other hosts to access your X Window Server

XScreensaver

Clears and locks an X screen

yppasswd

Changes your NIS password

B.1.5 /etc Programs

The following programs are typically placed in the /etc, /sbin, /usr/sbin, or /usr/etc directories.

Name

Description

accton

Turns on accounting

arp

Address resolution protocol

comsat

Alerts to incoming mail

dmesg

Prints messages from system boot

exportfs

Export a filesystem (Berkeley)

fingerd or in.fingerd

Finger daemon

ftpd or in.ftpd

FTP daemon

fsck

Filesystem-consistency checker

getty

Prints login:

inetd

Internet daemon

init

First program to run

lockd

lock daemon

lpc

Line-printer control

makekey

Runs crypt() library routine (in /usr/lib)

mount

Mounts partitions

ntalkd

Talk daemon

ping

Network test program

rc?

Boot scripts

rc?.d

Directories containing boot scripts

rdump

Remote dump program

renice

Changes priority of programs

rexecd or in.rexecd

Remote execution daemon

rlogind or in.rlogind

Remote login daemon

routed

Route daemon

rshd

Remote shell daemon

sa

Processes accounting logs

sendmail

Network mailer program (may be in /lib or /lib/sendmail)

share

Export a filesystem (SVR4)

showmount

Shows clients that have mounted a filesystem

sockd

SOCKS daemon

syslogd

System log daemon

talkd or in.talkd

Talk daemon

tcpd

TCP wrapper

telnetd or in.telnetd

Telnet daemon

tftpd or in.tftpd

TFTP daemon

ttymon

Monitors terminal ports

uucpd

UUCP over TCP/IP daemon

yp/makedbm

Makes an NIS database


Previous: A.1 PrefacePractical UNIX & Internet SecurityNext: B.2 Important Files in Your Home Directory
A.1 PrefaceBook IndexB.2 Important Files in Your Home Directory