Elements of Security: AIX 4.1 Document Number GG24-4433-00 October 1994 International Technical Support Organization Poughkeepsie Center Take Note! Before using this information and the products it supports, be sure to read the general information under “Special Notices” on page ix. First Edition (October 1994) This edition applies to the initial releases of AIX Version 4.1 for RISC System/6000. Order publications through your IBM representative or the IBM branch office serving your locality. Publications are not stocked at the address given below. An ITSO Technical Bulletin Evaluation Form for reader¢s feedback appears facing Chapter 1. If the form has been removed, comments may be addressed to: IBM Corporation, International Technical Support Organization Dept 541 Mail Station P099 522 South Road Poughkeepsie, New York 12601-5400 When you send information to IBM, you grant IBM a non-exclusive right to use or distribute the information in any way it believes appropriate without incurring any obligation to you. (cid:211) Copyright International Business Machines Corporation 1994. All rights reserved. Note to U.S. Government Users — Documentation related to restricted rights — Use, duplication or disclosure is subject to restrictions set forth in GSA ADP Schedule Contract with IBM Corp. Abstract This document discusses many of the security-related elements of AIX 4.1. It is directed toward a reader who is a system administrator for one or more AIX systems, although much of the material may be useful to AIX users. Recommendations and suggestions for installation and day-to-day administration are included. Specialized topics, including DCE and NIS, are not discussed. Basic UNIX knowledge is assumed. (120 pages) (cid:211) Copyright IBM Corp. 1994 iii iv Elements of Security: AIX 4.1 Contents Abstract . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . iii Special Notices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi Chapter 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 1.1 Security Policy, Standards, Guidelines . . . . . . . . . . . . . . . . . . . . . 1 1.2 Who Needs Security? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 1.3 How Much Security? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.4 System Categories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 1.5 Common Security Exposures . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 1.6 Physical Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 1.6.1 † Power On† Hours . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 1.7 System Administrator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6 1.8 Computer Security Audits and Reviews . . . . . . . . . . . . . . . . . . . . 7 Chapter 2. AIX Security Structure . . . . . . . . . . . . . . . . . . . . . . . . . . 9 2.1 smit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 2.2 Visual System Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Chapter 3. User Accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 3.1 User Identification, UID . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 3.1.1 The root User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 3.2 Single-user Workstations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 3.3 Users . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 3.3.1 User Parameters in Smit . . . . . . . . . . . . . . . . . . . . . . . . . . . 17 3.3.2 System Defaults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 3.3.3 Shadow Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 3.3.4 Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 3.4 Search PATH For User . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 3.4.1 Timeouts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 3.4.2 Prompts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 3.4.3 Disabling the root Userid . . . . . . . . . . . . . . . . . . . . . . . . . . 26 3.5 Groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 3.5.1 AIX Group Usage and Administration . . . . . . . . . . . . . . . . . . . 27 Group Usage for Workstations . . . . . . . . . . . . . . . . . . . . . . . . . 29 3.6 Standard Userids . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29 3.7 Files Associated With User Accounts . . . . . . . . . . . . . . . . . . . . . . 30 3.7.1 Additional Authentication Methods . . . . . . . . . . . . . . . . . . . . . 33 3.8 Verifying the User Environment . . . . . . . . . . . . . . . . . . . . . . . . . 33 The grpck Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 The usrck Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 The pwdck Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 The lsgroup and lsuser Commands . . . . . . . . . . . . . . . . . . . . . . 34 The tcbck Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 3.9 Other Topics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 3.9.1 Repairing the root Userid . . . . . . . . . . . . . . . . . . . . . . . . . . 36 3.9.2 Password Cracker Programs . . . . . . . . . . . . . . . . . . . . . . . . 37 (cid:211) Copyright IBM Corp. 1994 v Chapter 4. AIX File Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 4.1 File Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 The mount Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41 4.1.1 Private File Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41 4.1.2 Inodes and Links . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42 4.1.3 Ownership . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 4.1.4 Permission Bits (Basic) . . . . . . . . . . . . . . . . . . . . . . . . . . . 44 4.2 Basic File Security Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . 45 4.2.1 The ls Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 4.2.2 Permission Bits (Advanced) . . . . . . . . . . . . . . . . . . . . . . . . . 49 Directory Permissions Summary . . . . . . . . . . . . . . . . . . . . . . . . 51 4.2.3 The umask Variable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52 4.2.4 File Timestamps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52 4.3 The ACL Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53 Base Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53 Extended Permissions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53 The chmod Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56 4.4 Files That Grow . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56 4.5 AIX Version 4 Error Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . 57 4.6 Other Comments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58 4.6.1 Unowned Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59 4.6.2 The /tmp Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59 Chapter 5. Network Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61 5.1 Physical Communication Security . . . . . . . . . . . . . . . . . . . . . . . . 61 5.2 Network Security Goals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62 5.3 The securetcpip Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63 5.3.1 Remote Login Controls . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64 The /etc/hosts.equiv File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64 The .rhosts Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65 The .netrc Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65 5.3.2 Other Important TCP/IP Files . . . . . . . . . . . . . . . . . . . . . . . . 66 The /etc/hosts File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 The /etc/inetd.conf File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 Name Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66 5.3.3 The netstat Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67 5.4 Network File System Overview . . . . . . . . . . . . . . . . . . . . . . . . . . 67 5.4.1 The /etc/exports File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68 5.4.2 NFS Support for ACLs (Access Control Lists) . . . . . . . . . . . . . . 69 5.4.3 Secure NFS Operations . . . . . . . . . . . . . . . . . . . . . . . . . . . 69 5.4.4 The Client - Server DES Interaction . . . . . . . . . . . . . . . . . . . . 71 5.5 Network Information Service (NIS) . . . . . . . . . . . . . . . . . . . . . . . . 71 5.6 Adapter Security Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73 Chapter 6. Logs and Accounting . . . . . . . . . . . . . . . . . . . . . . . . . . . 75 6.1 AIX Log Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75 Chapter 7. Trusted Computing Base . . . . . . . . . . . . . . . . . . . . . . . . . 77 7.1 TCB Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78 7.2 Using the tcbck Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78 7.3 Using the Trusted Login and Trusted Shell . . . . . . . . . . . . . . . . . . 79 Chapter 8. Auditing Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83 Audit Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83 Audit Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84 vi Elements of Security: AIX 4.1 Information Collection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84 Audit Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85 8.1 Audit Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85 8.2 Basic Audit Usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87 Basic BIN Auditing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87 Basic STREAM Auditing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88 Basic Object Auditing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88 Minor Comments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89 8.3 Recommendations for Auditing . . . . . . . . . . . . . . . . . . . . . . . . . 89 8.3.1 Audit Limitations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89 8.3.2 Auditing Products . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90 Chapter 9. Other Topics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91 9.1 Firewalls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91 9.2 X Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92 9.3 The skulker Script . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92 9.4 Controlling cron and at . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93 Chapter 10. Checklists and Reviews . . . . . . . . . . . . . . . . . . . . . . . . . 95 10.1 Planning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95 10.1.1 Initial Installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95 10.1.2 Continuing Activities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97 10.2 Reviewing a System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99 Appendix A. DoD Classes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105 A.1.1 Levels for Commercial Users . . . . . . . . . . . . . . . . . . . . . . . 107 A.1.2 Comments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108 Appendix B. Additional Authentication . . . . . . . . . . . . . . . . . . . . . . 111 B.1 Two-person Login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111 B.2 Password and Local Program . . . . . . . . . . . . . . . . . . . . . . . . . 111 Appendix C. Audit Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115 Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119 Contents vii viii Elements of Security: AIX 4.1 Special Notices This publication is intended to help you to understand and implement the basic security elements of AIX Version 4.1 The information in this publication is not intended as the specification of any programming interfaces that are provided by AIX Version 4 or by any subsystem or product used with AIX. See the PUBLICATIONS Section of the IBM Programming Announcements for AIX Version 4 or for associated products for more information about what publications are considered to be product documentation. References in this publication to IBM products, programs, or services do not imply that IBM intends to make these available in all countries in which IBM operates. Any reference to an IBM program product in this document is not intended to state or imply that only IBM¢s program product may be used. Any functionally equivalent program that does not infringe any of IBM¢s intellectual property rights may be used instead of the IBM product, program, or service. Information in this book was developed in conjunction with use of the equipment specified, and is limited in application to those specific hardware and software products and levels. IBM may have patents or pending patent applications covering subject matter in this document. The furnishing of this document does not give you any license to these patents. You can send license inquiries, in writing, to the IBM Director of Commercial relations, IBM Corporation, 500 Columbus Avenue, Thornwood, NY 10594, USA. The information contained in this document has not been submitted to any formal IBM test and is distributed AS IS. The information about non-IBM (VENDOR) products in this manual has been supplied by the vendor and IBM assumes no responsibility for its accuracy or completeness. The use of this information or the implementation of any of these techniques is a customer responsibility and depends on the customer¢s ability to evaluate and integrate them into the customer¢s operational environment. While each item may have been reviewed by IBM for accuracy in a specific situation, there is no guarantee that the same or similar results will be obtained elsewhere. Customers attempting to adapt these techniques to their own environments do so at their own risk. The following terms are trademarks of the IBM Corporation in the United States and/or other countries: AIX IBM InfoExplorer NetSP AIXwindows RISC System/6000 The following terms are trademarks of other companies: UNIX Developed and licensed by AT&T; the trademark is now controlled by X/Open. Network File System (NFS) Sun Microsystems, Inc. INed INTERACTIVE Systems Corporation. (cid:211) Copyright IBM Corp. 1994 ix x Elements of Security: AIX 4.1