Open System Services Management and Operations Guide (G06.29+, H06.07+)
Managing Security
Open System Services Management and Operations Guide—527191-005
8-30
Identifying Attempts to Break Security
•
Do not provide network services servers such as rshd where mechanisms such
as the hosts.equiv file can be used to bypass Safeguard validations.
•
For remote procedure call (RPC) applications, encourage your developers to use
the application program interface provided by the HP NonStop Distributed
Computing Environment (DCE). The authentication security is better than the
AUTH_UNIX (AUTH_SYS) level authentication used by the undocumented RPC
interfaces underlying such products as the Network File System (NFS) for Open
System Services.
Identifying Attempts to Break Security
Checking the file system for changes in the ownership and permissions of important
files and directories can reveal the presence of an intruder. You can monitor
permissions by entering the following OSS shell command periodically:
ls -alt pathname > file
pathname
is the OSS pathname for the mount-point directory of a fileset you want to monitor
(such as /bin and /etc).
file
is the OSS filename of a file to receive the output.
Use a different OSS filename each time you use this ls command, and use the diff
command to compare the different listings.
If a file on which only the super ID (255,255 in the Guardian environment, 65535 in the
OSS environment) had permissions has changed to have more general permissions
(and if this change was not authorized), a break-in might have occurred.