Manualshelf

User's Manual

ManualsBrandsSolaris ManualsSoftwareCX-310-301
51525354555657585960
Solaris 9 Security CX-310-301 53
It should also be remembered that password authentication is only one method of gaining access to a
system. If the system is not secured in other ways, then an attacker can often gain privileged access without
even entering a password.
One popular method of circumventing the password procedure is for an attacker to install a trojaned version
of the login program. It performs the same function as the legitimate login program, but captures the input
from a user, i.e. the username and password, then exits (making it look like the user has entered an
incorrect password) and then calls the real login program. It is easy for a user to be duped by such a
program as it appears exactly like the genuine program.
Another more effective method is for an attacker to install a “sniffer” on the network, allowing the capture
of packets traveling across the network. In this instance, say, when a user runs telnet to connect to a remote
host, the password entered will be in clear text and not encrypted – something the sniffer will pick up! The
solution to this problem is to always use a secure program, such as SSH (secure shell) for connecting to
remote hosts. Using SSH, the traffic between the hosts is always encrypted, preventing a plain text
password from being captured by an intruder.
Non-Login Accounts
Solaris 9 makes use of several system accounts that are used as part of the normal running of the Operating
environment, these include:
¾ daemon
¾ bin
¾ sys
¾ adm
¾ uucp
¾ lp
¾ nobody
These user accounts are potentially insecure and are rarely checked by administrators to ensure they have
not been used. It is advisable to do two things to these accounts:
¾ Lock each account using passwd –l
¾ Change the login shell to an invalid shell, such as /usr/bin/false by running passwd –e
<username> and entering a new value
User Security with SU
When a user executes the su command, whether it is to the root account or any other account, the operation
should be logged and controlled.
The file /etc/default/su achieves this and contains several variables that configure the behavior. The
following variables can be set: