secure(1M) secure(1M)
NAME
secure - check security
SYNOPSIS
secure [options]
DESCRIPTION
The program secure tries to find out security problems of a Reliant
UNIX system and displays potential security risks on the screen.
The functional scope of secure depends on whether a non-privileged
user or the system administrator calls the command.
If the secure command is called by a non-privileged user, the informa-
tion is only output for the login name of the user executing the call.
A call by the system administrator checks the entire computer system.
secure offers the following functional scope to the non-privileged
user:
- It lists all files for which the set-user-id or set-group-id bit is
set. These files constitute a security risk, since anyone who
processes such a file has the permissions of the owner, with which
he/she can perform any actions.
- It lists all directories in the user's file tree for which all sys-
tem users have write permission.
- It searches for programs with the name su.
- It analyzes the shell variables. If there is no .profile file for
the login name being checked, it uses the /etc/profile file.
secure offers an extended functional range for the system administra-
tor. The following information is displayed:
- login names for which there is no password
- "pseudo login names" for which an invalid password is specified,
and which therefore do not permit login
- login names with a double user ID
- login names for which no login directory is defined
- login names which have not been used in the last 30 days
- files with the set-user-id or set-group-id bit set. If these are
text files (i.e. possibly shell scripts), an additional warning is
output
- directories for which all system users have write permission
Page 1 Reliant UNIX 5.44 Printed 11/98
secure(1M) secure(1M)
- files in the /dev directory which are not special files
- special files in the /dev directory for which all system users have
write permission
- special files which are not in the /dev directory
- copies of /bin/sh
- programs with the name su
- escape sequences in the mailbox
OPTIONS
-h Displays help texts.
-l secures attempts to determine the password for the login name in
order to establish whether the password assigned is too simple.
For this purpose, secure contains an internal password list. It
searches for the user's surname, forename, company name etc.
If this option is called by the system administrator, secure
examines all login names. This process can then take up a lot of
time.
-s Status of an already running secure -l. You get the user whose
password secure -l actually tries to encrypt and the percentage
of users checked so far.
The -s option is available to the system administrator only.
-t The -t option enables the system administrator to use secure to
analyze any login name in the status of a non-privileged user.
Once secure -t has been called, the system administrator is
requested to enter a password. With the help of this password,
he/she can then log in to any login name via login and can
analyze this name in the status of a non-privileged user with
secure.
The -t option is available to the system administrator only.
Page 2 Reliant UNIX 5.44 Printed 11/98
secure(1M) secure(1M)
FILES
Temporary files which are created while secure is running:
/dev/tmp/secst
/dev/tmp/nodev
/dev/tmp/outdev
/dev/tmp/sbit
/dev/tmp/tbit
/dev/tmp/wdev
/dev/tmp/shcp
/dev/tmp/fsu
/dev/tmp/maile
SEE ALSO
chmod(1), login(1), passwd(1), su(1).
Page 3 Reliant UNIX 5.44 Printed 11/98