"Practical Unix Security" by Simson Garfinkel and Eugene Spafford O'Reilly & Associates (the Nutshell Handbook people). 500 pages, 1991, $29.95. ISBN 0-937175-72-2 Quotes from reviewers: Cliff Stoll: Worried about who's in your Unix system? Losing sleep because someone might be messing with your computer? Having headaches from obscure computer manuals? Then _Practical_Unix_Security_ is for you. This handy book tells you where the holes are and how to cork 'em up. Moreover, you'll learn about how Unix security really works. Spafford and Garfinkel show you how to tighten up your Unix system without pain. No secrets here -- just solid computing advice. Buy this book and save on aspirin. Tom Christiansen, Convex Computer Corp: This book is the first I've seen that actually seemed to address the many security issues that I keep around on my own little list, and it did so well. Paul Clark, Trusted Information Systems: The book could easily become a standard desktop reference for anyone involved in system administration. In general, its comprehensive treatment of Unix security issues will enlighten anyone with an interest in the topic. Matt Bishop, Dartmouth ...I liked the book; it covers a lot of material not normally covered and provides practical instructions on how to do things. This will be very useful for practitioners...This book is far superior to any other I have seen on UNIX security. Laurie Sefton, Apple: Finally there is a UNIX security book that covers the BSD world as well as the SYS V version...The other aspect of UNIX security books that has been sorely lacking was the "rest of UNIX" security. All the other books had a very thin overview of "down and dirty" security, as if they were afraid of giving out too much information...As soon as this is out, I'm ordering copies for all my people, and extra copies for the library at Apple. Orders: 800-998-9938 (US & Canada) 707-829-0515 (Europe) nuts@ora.com (e-mail) Table of Contents: Preface Scope of this Book Which UNIX System? Conventions Used in this Book Acknowledgments Three Final Notes Chapter 1 Introduction What's Computer Security? What's an Operating System? History of UNIX Security and UNIX Security and Networks Types of Security Risk Assessment Assessing Your Risk Reacting to an Emergency Other Important Steps The Problem with Security Through Obscurity The First Step Chapter 2 Users and Passwords Usernames The /etc/passwd File The /etc/passwd File and Network Databases Passwords Why Use Passwords? Entering Your Password Changing Your Password Checking Out Your New Password UNIX'S Encrypted Password System The crypt() Algorithm What is Salt? The Care and Feeding of Passwords Bad Passwords: Open Doors Good Passwords: Locked Doors Passwords on Multiple Machines Writing Down Passwords Administrative Techniques Assigning Passwords to Users Password Generators Shadow Password Files Password Aging and Expiration Algorithm Changes Preventing Direct Logins to Accounts Account Names Revisited Summary Chapter 3 Users, Groups, and the Superuser Users and Groups User Identifiers (UIDs) Groups and Group Identifiers (GIDs) Special Users The Superuser Other Special Users Impact of the /etc/passwd and /etc/group Files on Security The su(1) Command: Changing Who You Are Becoming the Superuser Restricting su The Bad su Log Other Uses of su Summary Chapter 4 The UNIX File System Files Using the ls(1) command Understanding File Permissions File Permissions in Detail Using File Permissions chmod: Changing a File's Permissions Setting a File's Permissions Calculating Octal File Permissions Using Octal File Permissions The umask The umask command Common umask Values Using Directory Permissions SUID SUID, SGID, and Sticky Bits Problems With SUID Finding All of the SUID and SGID Files Turning off SUID and SGID in Mounted File Systems SGID and Sticky Bits on Directories (Berkeley UNIX and Sun OS Only) SGID Bit on Files (System V UNIX only) chown: Changing a File's Owner chgrp: Changing a File's Group Chapter 5 Defending Your Accounts Dangerous Accounts Accounts Without Passwords Default Accounts Accounts That Run a Single Command Open Accounts Group Accounts Dormant Accounts Changing an Account's Password Changing the Account's Login Shell Finding Dormant Accounts Protecting the Root Account Under Berkeley UNIX Secure Terminals The wheel Group Chapter 6 Securing Your Data File Backups Why Make Backups? What Should You Back up? Kinds of Backups How Long Should You Keep a Backup? Security for Backups Database Backups and Daily Checking Integrity Checking and Checklists Checklists File Protection Modes Read-Only Disks Comparison Copies Checklists Signatures Chapter 7 The UNIX Log Files The /usr/adm/lastlog File The /etc/utmp and /usr/adm/wtmp Files Last Program Pruning the wtmp File The /usr/adm/acct File The Berkeley System Log (syslog) Facility The syslog.conf Configuration File Where To Log Chapter 8 Protecting Against Programmed Threats Programmed Threats: Definitions Back Doors and Trap Doors Logic Bombs Viruses Worms Trojan Horses Bacteria and Rabbits Damage Authors Entry Protecting Yourself Shell Features Startup File Attacks Abusing Automatic Mechanisms Unexpected Interactions Protecting Your System File Protections SUID and SGID Programs Notes on Writing a SUID Program SUID Shell Scripts Chapter 9 Modems Theory of Operation Serial Interfaces The RS-232 Serial Protocol Originate and Answer Modems and Security Modems and UNIX Hooking Up a Modem to Your Computer Setting Up the UNIX Device Checking Your Modem Physical Protection Additional Security for Modems Chapter 10 UUCP About UUCP The uucp Command The uux Command The mail Command How The uucp Commands Work Versions of UUCP UUCP and Security Assigning Additional UUCP Logins Establishing UUCP Passwords Security of the L.sys and Systems Files Security in Version 2 UUCP USERFILE: Providing Remote File Access A USERFILE Example L.cmds: Providing Remote Command Execution Security in BNU UUCP The Permissions File Permissions Commands uucheck(1): Checking Your Permissions File Additional Security Concerns Mail Forwarding for UUCP Automatic Execution of Cleanup Scripts Early Security Problems with UUCP Summary Chapter 11 Networks and Security The Internet Internet Addresses The /etc/hosts File Network Hostname Service Clients and Servers TCP/IP UDP/IP UNIX Network Servers The /etc/services File Starting the Servers The /etc/inetd Program Network Services TELNET rlogin and rsh rexec finger Electronic Mail FTP TFTP The X Window System Security Implications of Network Services Monitoring Your Network with netstat Summary Chapter 12 Sun's NFS NIS Netgroups Setting up Netgroups NFS How NFS Works The /etc/exports File The showmount Command Authentication and NFS Improving Basic NFS Security Limiting Exported File Systems Limit Exported Machines Use Root Ownership Export Read-only Do Not Export Server Executables The fsirand Program Summary: Security Implications of NFS Chapter 13 Kerberos and Secure RPC The Problem What's Wrong with LANs? Minimizing the Problems MIT's Kerberos What's It Like to Use Kerberos? How to Install Kerberos What's Wrong with Kerberos? Sun Microsystems' Secure RPC How Secure RPC Works What's It Like to Use Secure NFS? How to Install Secure RPC What's Wrong with Secure RPC? Chapter 14 Firewall Machines What's a Firewall? Internal Firewalls External Firewalls Setting Up a Firewall The Choke Choosing the Choke's Protocols Setting up the Gate Name Service Electronic Mail Netnews FTP Other Services An Alternate Method Special Considerations Chapter 15 Discovering a Break-in Prelude Discovering an Intruder Catching One in the Act What to Do When You Catch Somebody Tracing a Connection Getting Rid of the Intruder The Log Files: Discovering an Intruder's Tracks Cleaning Up After the Intruder New Accounts An Example A Last Note: Never Trust Anything Except Hard Copy Chapter 16 Denial of Service Attacks and Solutions Destruction Attacks Overload Attacks Process Overload Attacks Disk Attacks Swap Space Attacks Soft Process Limits: Preventing Accidental Denial of Service Network Denial of Service Attacks Service Overloading Message Flooding Signal Grounding Chapter 17 Computer Security and the U.S. Law Legal Options After a Break-in Criminal Prosecution The Local Option Federal Jurisdiction Federal Computer Crime Laws Hazards of Criminal Prosecution If You or One of Your Employees is a Target of an Investigation Other Tips Civil Actions Privacy and The Electronic Communications Privacy Act Chapter 18 Encryption Who Needs Encryption? Cryptographic Strength Types of Encryption Systems ROT13 crypt Enigma UNIX crypt Ways of Improving the Security of crypt Example The Data Encryption Standard (DES) DES Modes Use and Export of DES DES Strength Sun's des command RSA and Public Key Cryptography How RSA Works An RSA Example Strength of RSA Proprietary Encryption Systems Protect Your Key! Chapter 19 Physical Security Protecting Computer Hardware The Environment Accidents Physical Access Vandalism Acts of War and Terrorism Theft Related Concerns Protecting Data Eavesdropping Backups Local Storage Unattended Terminals Appendix A UNIX Security Checklist Appendix B Important Files System Files Important Files in your Home Directory SUID Files in Berkeley UNIX SGID Files in Berkeley UNIX SUID Files in System V R3.2 UNIX SGID Files in System V UNIX Appendix C UNIX Processes Processes Processes and Programs The ps Command Process Properties Creating Processes Signals The kill Command Starting Up UNIX and Logging In Process #1: /etc/init Letting Users Log In Running the User's Shell Appendix D How Kerberos Works Kerberos's Parts Using Kerberos Using a Service Appendix E Other Sources References General Computer Security UNIX Security Computer Viruses and Programmed Threats Computer Crime and Law Understanding the Computer Security 'Culture' Understanding and Using Networks Using and Programming UNIX Security Products and Services Information Miscellaneous References Organizations Association for Computing Machinery (ACM) IEEE Computer Society ASIS Computer Security Institute (CSI) NIST Computer Emergency Response Team (CERT) DOE's Computer Incident Advisory Capability (CIAC) Software Resources Getting Kerberos Getting COPS