Contents:
Security-Related Devices and Files
Important Files in Your Home
Directory
SUID and SGID Files
This appendix lists some of the files on UNIX systems that are important from the perspective of overall system security. We have tried to make this as comprehensive a list as possible. Nevertheless, there are doubtless some system-specific files that we have omitted. If you don't see a file here that you think should be added, please let us know.
This section lists many of the devices, files, and programs mentioned in this book. Note that these programs and files may be located in different directories under your version of UNIX.
All UNIX devices potentially impact security. You should, however, pay special attention to the following entries. On many systems, including SVR4, these entries are links to files in the /devices directory, but the actual names in that directory depend on the underlying hardware configuration. Thus, we will reference them by the /dev.
Name | Description |
---|---|
/dev/audio | Audio input/output device |
/dev/console | System console |
/dev/*diskette* | Floppy disk device |
/dev/dsk/* | System disks |
/dev/fbs/* | Framebuffers |
/dev/fd/* | File descriptors (/dev/fd/0 is a synonym for stdin, /dev/fd/1 for stdout, etc) |
/dev/*fd* | Floppy disk drives |
/dev/ip | IP interface |
/dev/kbd | Keyboard device |
/dev/klog | Kernel log device |
/dev/kmem | Kernel memory |
/dev/kstat | Kernel statistics device |
/dev/log | Log device |
/dev/mem | Memory |
/dev/modem | Modem |
/dev/null | Null device |
/dev/pty* | Pseudo terminals |
/dev/random | Random device |
/dev/rdsk | Raw disk devices |
/dev/rmt8 | Tape device |
/dev/*sd* | SCSI disks |
/dev/*st* | SCSI tapes |
/dev/tty* | Terminal devices |
/dev/zero | Source of nulls |
Name | Description |
---|---|
/etc/utmp | Lists users currently logged into system |
/etc/utmpx | Extended utmp file |
/etc/wtmp | Records all logins and logouts |
/etc/wtmpx | Extended wtmp file |
/usr/adm/acct[1] | Records commands executed |
/usr/adm/lastlog | Records the last time a user logged in |
/usr/adm/messages | Records important messages |
/usr/adm/pacct | Accounting for System V (usually) |
/usr/adm/saveacct | Records accounting information |
/usr/adm/wtmp | Records all logins and logouts |
[1] /usr/adm may actually be a link to /var/adm.
Name | Description |
---|---|
/etc/bootparams | Boot parameters database |
/etc/cron/* | System V start-up files |
/etc/defaultdomain | Default NIS domain |
/etc/defaultrouter | Default router to which your workstation sends packets destined for other networks |
/etc/defaults/su | Default environment for root after su |
/etc/defaults/login | Default environment for login |
/etc/dfs/dfstab | SVR4 |
/etc/dialup | List of dial-up lines |
/etc/dumpdates | Records when a partition was dumped |
/etc/d_passwd | File of dial-up passwords (some systems) |
/etc/ethers | Mapping of ethernet addresses to IP addresses for RARP |
/etc/exports | NFS exports list (Berkeley-derived systems) |
/etc/fbtab | Login device permission (SunOS systems) |
/etc/filesystems | List of AIX filesystems the computer supports |
/etc/ftpusers | List of users not allowed to use FTP over the network |
/etc/fstab | Filesystems to mount (Berkeley) |
/etc/group | Denotes membership in groups |
/etc/hostnames.xx | Hostname for interface xx |
/etc/hosts | List of IP hosts and host names |
/etc/hosts.allow | Hosts for which tcpwrapper allows connection |
/etc/hosts.deny | Hosts for which tcpwrapper denies connection |
/etc/hosts.equiv | Lists trusted machines |
/etc/hosts.lpd | Lists machines allowed to print on your computer's printer |
/etc/inetd.conf | Configuration file for /etc/inetd |
/etc/init.d/* | System V start-up files |
/etc/inittab | tty start-up information; controls what happens at various run levels (System V) |
/etc/keystore | Used in SunOS 4.0 to store cryptography keys |
/etc/login.access | Used to control who can log in from where (logdaemon and some more recent BSD systems) |
/etc/logindevperm | Login device permissions (Solaris systems) |
/etc/master.passwd | Shadow password file on some BSD systems |
/etc/motd | Message of the day |
/etc/mnttab | Table of mounted devices |
/etc/netgroup | Netgroups file for NIS |
/etc/netid | Netname database |
/etc/netstart | Network configuration for some BSD systems |
/etc/nodename | Name of your computer |
/etc/ntp.conf | NTP configuration file |
/etc/nsswitch.conf | For Solaris (files, NIS, NIS+), the order in which system databases for accounts, services, etc., should be read |
/etc/passwd | Users and encrypted password |
/etc/printcap | Printer configuration file |
/etc/profile | Default user profile |
/etc/publickey | Computer's public key |
/etc/rc* | Reboot commands script |
/etc/rc?.d/* | System V start-up files for each run level |
/etc/remote | Modem and telephone-number information for tip |
/etc/resolv.conf | DNS configuration file |
/etc/security/* | Various operating system security files |
/etc/security/passwd.adjunct | Shadow-password file for SunOS |
/etc/services | Lists network services |
/etc/shadow | Shadow password file |
/etc/shells | Legal shells for FTP users and for legal shells to the chsh command |
/etc/skeykeys | Used by S/Key |
/etc/socks.conf | SOCKS configuration file |
/etc/syslog.conf | syslog configuration file |
/etc/tftpaccess.ctl | Access to TFTP daemon (AIX systems) |
/etc/timezone | Your time zone |
/etc/ttys, /etc/ttytab | Defines active terminals |
/etc/utmp | Lists users currently logged into system |
/etc/vfstab | Filesystems to mount at boot time (SVR4) |
/etc/X0.hosts | Allows access to X0 server |
/usr/lib/aliases or/etc/aliases | Lists mail aliases for /usr/lib/sendmail (maybe in /etc or/etc/sendmail) |
/usr/lib/crontab | Scheduled execution file |
/usr/lib/sendmail.cf | sendmail configuration file |
/usr/lib/uucp/Devices | UUCP BNU |
/usr/lib/uucp/L.cmds | UUCP Version 2 |
/usr/lib/uucp/L-devices | UUCP Version 2 |
/usr/lib/uucp/Permissions | UCP BNU |
/usr/lib/uucp/USERFILE | UUCP Version 2 |
/var/spool/cron* | cron files include cron.allow cron.deny, at.allow, and at.deny |
/var/spool/cron/crontabs/* | Individual user files (System V) |
Some of these programs may be found in other directories, including /usr/bin, /sbin, /usr/sbin, /usr/ccs/bin, and /usr/local/bin.
Name | Description |
---|---|
adb | Debugger; also can be used to edit kernel |
cc | C compiler |
cd, chdir | Built in shell command |
chgrp | Changes group of files |
chmod | Changes permissions of files |
chown | Changes owner of files |
chsh | Changes a user's shell |
cp | Copies files |
crypt | Encrypts files |
csh | C-shell command interpreter |
cu | Places telephone calls |
dbx | Debugger |
des | DES encryption/decryption program |
ex3.7preserve, ex3.7recover | vi buffer recovery programs |
find | Finds files |
finger | Prints information about users |
fsirand | Randomizes i-node numbers on a disk |
ftp | Transfers files on a network |
gcore | Gets a core file for a running process |
kill | Kills processes |
kinit | Authenticates to Kerberos |
ksh | Korn-shell command interpreter |
last | Prints when users logged on |
lastcomm | Prints what commands were run |
limit | Changes process limits |
login | Prints password |
ls | Lists files |
Sends mail | |
netstat | Prints status of network |
newgrp | Changes your group |
perl suidperl taintperl | System administration and programming language. SUID perl has special provisions for SUID programs; taintperl has special data-tainting features |
passwd | Changes passwords |
ps | Displays processes |
pwd | Prints your working directory |
renice | Changes the priority of a process |
rlogin | Logs you into another machine |
rsh, krsh, rksh | Restricted shell (System V) |
rsh | Remote shell (named remsh on System V) |
sh | Bourne-shell command interpreter |
strings | Prints the strings in a file |
su | Become the superuser, or change your current user ID |
sysadmsh | System administrator's shell |
telnet | Becomes a terminal on another machine |
tip | Calls another machine |
umask | Changes your umask (shell built-in) |
users | Prints users logged in |
uucheck | Checks UUCP security |
uucico | Transfers UUCP files |
uucp | Queues files for transfer by UUCP |
uudecode | Decodes uu-encoded files |
uux | Queues programs for execution by UUCP |
w | Prints what people are doing |
who | Prints who is logged in |
write | Prints messages on another's terminal |
xhost | Allows other hosts to access your X Window Server |
XScreensaver | Clears and locks an X screen |
yppasswd | Changes your NIS password |
The following programs are typically placed in the /etc, /sbin, /usr/sbin, or /usr/etc directories.
Name | Description |
---|---|
accton | Turns on accounting |
arp | Address resolution protocol |
comsat | Alerts to incoming mail |
dmesg | Prints messages from system boot |
exportfs | Export a filesystem (Berkeley) |
fingerd or in.fingerd | Finger daemon |
ftpd or in.ftpd | FTP daemon |
fsck | Filesystem-consistency checker |
getty | Prints login: |
inetd | Internet daemon |
init | First program to run |
lockd | lock daemon |
lpc | Line-printer control |
makekey | Runs crypt() library routine (in /usr/lib) |
mount | Mounts partitions |
ntalkd | Talk daemon |
ping | Network test program |
rc? | Boot scripts |
rc?.d | Directories containing boot scripts |
rdump | Remote dump program |
renice | Changes priority of programs |
rexecd or in.rexecd | Remote execution daemon |
rlogind or in.rlogind | Remote login daemon |
routed | Route daemon |
rshd | Remote shell daemon |
sa | Processes accounting logs |
sendmail | Network mailer program (may be in /lib or /lib/sendmail) |
share | Export a filesystem (SVR4) |
showmount | Shows clients that have mounted a filesystem |
sockd | SOCKS daemon |
syslogd | System log daemon |
talkd or in.talkd | Talk daemon |
tcpd | TCP wrapper |
telnetd or in.telnetd | Telnet daemon |
tftpd or in.tftpd | TFTP daemon |
ttymon | Monitors terminal ports |
uucpd | UUCP over TCP/IP daemon |
yp/makedbm | Makes an NIS database |