I recently posted a question asking for advice about a new Tru64 v5.0a
installation I am doing. I'm in a college environment and I was
wondering if I should use enhanced security (full text of the original
message below).
I received several replies and the concensus was a resounding "yes". The
replies also cleared up some misconceptions I had about enhanced
security in reference to some points that I included in my original
message. In particular:
1. It is possible to remove users (and not just retire them) from a
Tru64 enhanced security system. This can be done two ways. The first
involves using "vipw" to remove the users from the password file
(vipw or equivalent must be used) and then "convuser -d" to
sychronize the trusted computing base with the updated password file.
Users in the TCB that are not in the password file are removed. This
method can take a while if there are a large number of accounts on
the system. In my environment I'm not likely to have more than about
200 accounts at any one time so that's not a major problem.
Another method is to use "edauth -r" to remove the user from the TCB
explicitly after using vipw to remove the user from the password
file. This is faster than the first method because the entire TCB is
not sychronized.
I will review man pages for these commands before I actually try to
use them. Apparently the ability to remove users from an enhanced
security system has been brought out to the GUI in dxaccounts as of
Tru64 v5.1.
2. In the recent releases of Tru64, enhanced security is now much more
configurable. In particular, it is possible to activate shadow
passwords and not much else... if that is my desire. Several people
suggested that I activate more than just shadow passwords.
3. I was concerned about ssh not working well with enhanced security. As
it turns out, ssh1 v1.2.27 or later use SIA for authentication on
Tru64 and thus work fine with enhanced security enabled. I will
download the latest ssh1 for this system and use that.
4. One person questioned the policy of having an authoritative name
server on a machine that students will be using. He noted that from a
security point of view that was a bad idea. I appreciate his senti-
ments and may look into getting the name server moved. It exists on
(the earlier version) of this machine for non-technical reasons and
it will have to be moved using non-technical techniques.
Many thanks to:
Mike Iglesias <iglesias_at_draco.acs.uci.edu>
"Clegg, Larry" <Larry_Clegg_at_intuit.com>
Colin Walters <walters_at_zk3.dec.com>
John P Speno <speno_at_isc.upenn.edu>
Steve VanDevender <stevev_at_hexadecimal.uoregon.edu>
William H. Magill <magill_at_isc.upenn.edu>
Ken Kleiner <ken_at_cs.uml.edu>
Ann Majeske USG <Ann.Majeske_at_compaq.com>
Bobby <bobby_at_du.edu>
Eskil.Swahn_at_LDC.lu.se
Original post:
>From pchapin_at_lunchtime.vtc.vsc.edu Thu Sep 28 08:21:26 2000
Date: Wed, 27 Sep 2000 13:14:33 -0400 (EDT)
From: Peter Chapin <pchapin_at_lunchtime.vtc.vsc.edu>
To: Tru64 Unix Managers <tru64-unix-managers_at_ornl.gov>
Followup-To: poster
Subject: Enhanced security... or not?
I'm in the process of setting up a new Tru64 system running v5.0A. This
system will be used primarly by students in a college setting for
programming classes, web page development classes, networking classes,
and other such things. I am trying to decide if I should configure the
system to use enhanced security or not and I'm looking for suggestions
or thoughts on the matter. Here are some issues as I see them.
1. Although the machine will not carry any "mission critical" services
(except that it will be the campus's secondary name server) a similar
machine has been attacked in the past and I can only assume this new one
will be attacked in the future. College students are often interested in
breaking into systems just to see if they can... and cause other
problems as well (or in the process).
2. Enhanced security might be overkill for the machine, but on the other
hand there is educational value in showing students some of the
associated features of enhanced security.
3. By default Tru64 does not use shadow passwords. This is the biggest
security loophole that I'm worried about. Is there any way to implement
shadow passwords without going all the way to enhanced security?
4. In enhanced security users can't be removed... only retired. In my
environment users come and go at a great rate. Many users have active
accounts for only one week (they sign up for a class and then drop it
and then are never seen again). I don't feel good about accumulating a
large number of retired accounts on the machine "for no reason". Is
there a way of running with enhanced security and yet still be able to
fully remove accounts.
5. The ssh daemon I've used in the past doesn't work well with enhanced
security. It either (a) allows password controls to be bypassed or (b)
breaks X forwarding and causes oddness in the log files... depending on
how it is configured. This was with ssh v1.2.26 (I believe). Are there
other options for ssh that work properly with Tru64's enhanced security?
Peter
Received on Thu Sep 28 2000 - 12:44:50 NZST