Re: Who knows the BUGs or Backdoors of SunOS 5.6 ?

[budke () budke com (Eric Budke)]

To hopefully avoid any confusion that the below might cause. Having the 
CONSOLE=/dev/console line uncommented prevents direct logins to root on 
THAT host (it has no bearing on the other hosts). With that line, root can 
only login directly from the console of that machine.

As for backdoor? No it isn't really a back door. But if your environment 
has more than one admin, how exactly do you figure out who was on you 
system making changes. Do you honestly "trust" your employees, possibly due 
to some 5 year old background check?

The ability to login directly as root (with the help of rhosts files and r* 
services being active) helps turn a break-in of one system, into control 
over a whole network. Think this doesn't happen?

At 04:23 PM 11/11/99 , Lamb Donald wrote:
> I would look at http://www.securityfocus.com for security vulnerabilities 
> (there
> are several other sites as well).  Oftentimes not all have patches to 
> correct the
> problem.  Ensure that you have installed all released patches that apply 
> to your
> operating environment!  I would also look at the inetd.conf file in /etc for
> enabled exploitable services (tftp and the "r" commands immediately come 
> to mind).
> Changing account passwords and restricting access to suid and sgid executables
> would also be highly encouraged.  Unless Sun has changed their philosophy, 
> remote
> login by root is enabled (#CONSOLE=/dev/console disables the command; 
> removing the
> "#" will prevent remote login to another host as root).  Although I would not
> recommend allowing remote login by root, I do not consider it a 
> backdoor.  Sun has
> published some security guidelines.  I believe it is still available at
> http://sunsolve.sun.com.  I hope it helps.  Take care.
>
> Don
>
> ColFlagg () chubb com wrote:
>
> > FAQ: See http://www.ticm.com/kb/faq/idsfaq.html
> > IDS: See http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
> > HELP: Having problems... email questions to ids-owner () uow edu au
> > NOTE: Remove this section from reply msgs otherwise the msg will bounce.
> > SPAM: DO NOT send unsolicted mail to this list.
> > ---------------------------------------------------------------------------
> > ---
> >
> > By default, SunOS 5.6 restricts root logins to the console.  It is a common
> > security
> > practice to leave this as is.  However, if you don't care you can edit the
> > following file:
> >
> > /etc/default/login
> >
> >      # To allow root login from anywhere comment out the following line:
> >      CONSOLE=/dev/console
> >
> > I am not sure about the anonymous thing.  Again, I think it is a 
> default.  Good
> > Luck
> >
> > Jim Lemieux
> >
> > snow_man <snow_man () cmmail com> on 11/08/99 12:19:32 AM
> >
> > Please respond to snow_man () cmmail com
> >
> >
> >
> >
> >
> >
> >
> >  To:      "ids () uow edu au" <ids () uow edu au>
> >
> >  cc:      (bcc: ColFlagg/ChubbMail)
> >
> >
> >
> >  Subject: IDS: Who knows the BUGs or Backdoors of SunOS 5.6
> >           ?
> >
> >
> > FAQ: See http://www.ticm.com/kb/faq/idsfaq.html
> > IDS: See http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
> > HELP: Having problems... email questions to ids-owner () uow edu au
> > NOTE: Remove this section from reply msgs otherwise the msg will bounce.
> > SPAM: DO NOT send unsolicted mail to this list.
> > ---------------------------------------------------------------------------
> > ---
> > Who knows the BUGs or Backdoors of SunOS 5.6  ?
> > Its "root" and "anonymous"   can not be logined outside its keyboard.
> >
> > end
> > quit
> >    From :  snow_man () cmmail com
> > -----------------------------------------

--
PGP Key can be found at http://www.budke.com/pgp/budke_budke_com.txt