Museum

Home

Lab Overview

Retrotechnology Articles

Online Manuals

⇒ secure(1M) — Reliant UNIX 5.44c4

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

chmod(1)

login(1)

passwd(1)

su(1)

secure(1M)                                                       secure(1M)

NAME
     secure - check security

SYNOPSIS
     secure [options]

DESCRIPTION
     The program secure tries to find out security problems of a Reliant
     UNIX system and displays potential security risks on the screen.

     The functional scope of secure depends on whether a non-privileged
     user or the system administrator calls the command.

     If the secure command is called by a non-privileged user, the informa-
     tion is only output for the login name of the user executing the call.
     A call by the system administrator checks the entire computer system.

     secure offers the following functional scope to the non-privileged
     user:

     -  It lists all files for which the set-user-id or set-group-id bit is
        set. These files constitute a security risk, since anyone who
        processes such a file has the permissions of the owner, with which
        he/she can perform any actions.

     -  It lists all directories in the user's file tree for which all sys-
        tem users have write permission.

     -  It searches for programs with the name su.

     -  It analyzes the shell variables. If there is no .profile file for
        the login name being checked, it uses the /etc/profile file.

     secure offers an extended functional range for the system administra-
     tor. The following information is displayed:

     -  login names for which there is no password

     -  "pseudo login names" for which an invalid password is specified,
        and which therefore do not permit login

     -  login names with a double user ID

     -  login names for which no login directory is defined

     -  login names which have not been used in the last 30 days

     -  files with the set-user-id or set-group-id bit set. If these are
        text files (i.e. possibly shell scripts), an additional warning is
        output

     -  directories for which all system users have write permission



Page 1                       Reliant UNIX 5.44                Printed 11/98

secure(1M)                                                       secure(1M)

     -  files in the /dev directory which are not special files

     -  special files in the /dev directory for which all system users have
        write permission

     -  special files which are not in the /dev directory

     -  copies of /bin/sh

     -  programs with the name su

     -  escape sequences in the mailbox

OPTIONS
     -h   Displays help texts.

     -l   secures attempts to determine the password for the login name in
          order to establish whether the password assigned is too simple.

          For this purpose, secure contains an internal password list. It
          searches for the user's surname, forename, company name etc.

          If this option is called by the system administrator, secure
          examines all login names. This process can then take up a lot of
          time.

     -s   Status of an already running secure -l. You get the user whose
          password secure -l actually tries to encrypt and the percentage
          of users checked so far.

          The -s option is available to the system administrator only.

     -t   The -t option enables the system administrator to use secure to
          analyze any login name in the status of a non-privileged user.

          Once secure -t has been called, the system administrator is
          requested to enter a password. With the help of this password,
          he/she can then log in to any login name via login and can
          analyze this name in the status of a non-privileged user with
          secure.

          The -t option is available to the system administrator only.












Page 2                       Reliant UNIX 5.44                Printed 11/98

secure(1M)                                                       secure(1M)

FILES
     Temporary files which are created while secure is running:

     /dev/tmp/secst

     /dev/tmp/nodev

     /dev/tmp/outdev

     /dev/tmp/sbit

     /dev/tmp/tbit

     /dev/tmp/wdev

     /dev/tmp/shcp

     /dev/tmp/fsu

     /dev/tmp/maile

SEE ALSO
     chmod(1), login(1), passwd(1), su(1).































Page 3                       Reliant UNIX 5.44                Printed 11/98

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026