Suggestions for making your system secure
The security of any system is ultimately
the responsibility of all who have access to it.
As the administrator of your system,
do the following:
-
Restrict physical access to your computer (especially if it is a small
one) so that someone does not simply walk off with it.
-
Set access permissions to directories and files so they
can be accessed only as needed by the owner, group, or others.
Publicly writable directories are a security hazard.
Allow them only for a good reason.
-
Assign passwords to all logins and change them regularly.
You can force them to be changed by implementing password aging.
Pick nonobvious passwords:
six- to eight-character nonsense strings of letters and numbers
are recommended over real words.
Remove or lock unused logins.
-
Do not keep sensitive information on a system with dial-up ports;
the security of any system with dial-up ports is
difficult to guarantee.
For more information on network security and dial-up passwords,
see
``Setting passwords for dial-in lines''.
-
Record all use of the
su(1M)
command.
See
``Recording su use''
for two methods of doing this.
-
Keep in mind that login directories, user profile files, and files in
/sbin, /usr/sbin,
and /etc that are writable by others are
security give-aways.
-
Encrypt sensitive data files.
The
crypt(1)
command together with the encryption capabilities of
the editors ed and vi protect
sensitive information.
The Encryption Utilities package
(domestic customers only) must be installed
before you can run
crypt(1).
-
Do not leave a logged-in terminal unattended, especially if you are
logged in as
root or any
privileged user as defined in the TFM database.
-
Place an appropriate umask command in the system profile
(/etc/profile) to set a default
security level for file creation.
-
Use full pathnames
for critical commands (for example, /usr/bin/su instead of su).
-
Do not mount a removable
medium (such as a floppy disk or cartridge tape),
or add packages or programs
unless the contents are trusted.
These filesystems may contain set-user-ID or
Trojan horse programs.
These are the most common ways of spreading computer viruses.
Next topic:
Login logging
Previous topic:
Security procedures
© 2004 The SCO Group, Inc. All rights reserved.
UnixWare 7 Release 7.1.4 - 22 April 2004