COPS - Computer Oracle and Password System
提供:MDWiki
UNIXシステムのシステムチェッカ。
目次 |
インストール
root@freebsd# cd /usr/ports/security/cops root@freebsd# cat distinfo SHA256 (cops104+.tar.gz) = 5c673c4868fda0e0c0ac7f7b7aab7f31a2dff8266382b1c24dca94eedfa712b5 SIZE (cops104+.tar.gz) = 288663 root@freebsd# cat pkg-descr Cops is a set of programs to check how secure your system is. It checks file and directory privileges, SUID programs, etc. It has support for checking passwords, but this port doesn't include it as it is DES based. This port installs cops in a single directory area. The directory has no non-user privileges and cops is meant to be run locally to that directory. The perl version of cops is also included in a subdirectory. WWW: http://www.fish2.com/cops/ root@freebsd# make ===> Vulnerability check disabled, database not found ===> License check disabled, port has not defined LICENSE => cops104+.tar.gz doesn't seem to exist in /usr/ports/distfiles/. => Attempting to fetch http://www.fish2.com/cops/cops104+.tar.gz cops104+.tar.gz 100% of 281 kB 81 kBps ===> Extracting for cops-1.04 => SHA256 Checksum OK for cops104+.tar.gz. ===> Patching for cops-1.04 ===> Applying FreeBSD patches for cops-1.04 ===> Configuring for cops-1.04 checking to make sure all the target(s) are here... So far so good... Looking for all the commands now... Ok, now doing substitutions on the shell scripts... Changing paths in makefile... Changing paths in docs/makefile... Changing paths in chk_strings... Changing paths in cops... Changing paths in crc.chk... Changing paths in misc.chk... Changing paths in dev.chk... Changing paths in ftp.chk... Changing paths in is_able.chk... Changing paths in cron.chk... Changing paths in group.chk... Changing paths in passwd.chk... Changing paths in rc.chk... Changing paths in root.chk... Changing paths in suid.chk... Changing paths in kuang... Changing paths in init_kuang... Changing paths in res_diff... Changing paths in pass_diff.chk... Changing paths in yp_pass.chk... Changing paths in bug.chk... Changing paths in bug.chk.aix... Changing paths in bug.chk.apollo... Changing paths in bug.chk.dec... Changing paths in bug.chk.next... Changing paths in bug.chk.sgi... Changing paths in bug.chk.sun... Changing paths in bug.chk.svr4... Changing paths in bug_cmp... ===> Building for cops-1.04 /usr/bin/sed -e 's,^SECURE=/usr/foo/bar,SECURE=/usr/local/cops,g' -e '/^$SECURE\/passwd\.chk.*/d' -e\ 's,SECURE_USERS="foo@bar\.edu",SECURE_USERS="root@localhost",g' -e 's/passwd\.chk pass.chk //g'\ /usr/ports/security/cops/work/cops_104+/cops > /usr/ports/security/cops/work/cops_104+/cops.out /bin/mv /usr/ports/security/cops/work/cops_104+/cops.out /usr/ports/security/cops/work/cops_104+/cops /usr/bin/cc -O2 -pipe -fno-strict-aliasing -o home.chk src/home.chk.c src/home.chk.c: In function 'main': src/home.chk.c:67: warning: incompatible implicit declaration of built-in function 'printf' src/home.chk.c:68: warning: incompatible implicit declaration of built-in function 'exit' src/home.chk.c:80: warning: incompatible implicit declaration of built-in function 'printf' src/home.chk.c:90: warning: incompatible implicit declaration of built-in function 'printf' src/home.chk.c:95: warning: incompatible implicit declaration of built-in function 'exit' /usr/bin/cc -O2 -pipe -fno-strict-aliasing -o user.chk src/user.chk.c src/user.chk.c:41: warning: conflicting types for built-in function 'malloc' src/user.chk.c: In function 'main': src/user.chk.c:56: warning: incompatible implicit declaration of built-in function 'exit' src/user.chk.c:74: warning: incompatible implicit declaration of built-in function 'strlen' src/user.chk.c:95: warning: incompatible implicit declaration of built-in function 'exit' /usr/bin/cc -O2 -pipe -fno-strict-aliasing -DWRITABLE -o is_writable src/is_something.c src/is_something.c:37:8: warning: extra tokens at end of #endif directive src/is_something.c:44:8: warning: extra tokens at end of #endif directive src/is_something.c:51:8: warning: extra tokens at end of #endif directive src/is_something.c: In function 'main': src/is_something.c:65: warning: incompatible implicit declaration of built-in function 'printf' src/is_something.c:66: warning: incompatible implicit declaration of built-in function 'exit' src/is_something.c:80: warning: incompatible implicit declaration of built-in function 'exit' src/is_something.c:96: warning: incompatible implicit declaration of built-in function 'strcpy' src/is_something.c:98: warning: incompatible implicit declaration of built-in function 'strlen' src/is_something.c:101: warning: incompatible implicit declaration of built-in function 'strncpy' src/is_something.c:110: warning: incompatible implicit declaration of built-in function 'exit' src/is_something.c:113: warning: incompatible implicit declaration of built-in function 'exit' src/is_something.c:116: warning: incompatible implicit declaration of built-in function 'exit' src/is_something.c:118:8: warning: extra tokens at end of #endif directive src/is_something.c:130: warning: incompatible implicit declaration of built-in function 'printf' src/is_something.c:133: warning: incompatible implicit declaration of built-in function 'exit' /usr/bin/cc -O2 -pipe -fno-strict-aliasing -o crc src/crc.c /usr/bin/cc -O2 -pipe -fno-strict-aliasing -o crc_check src/crc_check.c /usr/bin/cc -O2 -pipe -fno-strict-aliasing -o addto src/addto.c src/addto.c: In function 'main': src/addto.c:43: warning: incompatible implicit declaration of built-in function 'exit' src/addto.c:48: warning: assignment makes integer from pointer without a cast src/addto.c:49: warning: incompatible implicit declaration of built-in function 'strcat' src/addto.c:54: warning: assignment makes integer from pointer without a cast src/addto.c:59: warning: incompatible implicit declaration of built-in function 'exit' src/addto.c:62: warning: incompatible implicit declaration of built-in function 'strlen' src/addto.c:66: warning: incompatible implicit declaration of built-in function 'exit' src/addto.c:79: warning: incompatible implicit declaration of built-in function 'exit' src/addto.c:85: warning: assignment makes integer from pointer without a cast src/addto.c:90: warning: incompatible implicit declaration of built-in function 'exit' src/addto.c:93: warning: incompatible implicit declaration of built-in function 'strlen' src/addto.c:94: warning: incompatible implicit declaration of built-in function 'exit' src/addto.c:100: warning: assignment makes integer from pointer without a cast src/addto.c:105: warning: incompatible implicit declaration of built-in function 'exit' src/addto.c:112: warning: assignment makes integer from pointer without a cast src/addto.c:117: warning: incompatible implicit declaration of built-in function 'exit' src/addto.c:129: warning: incompatible implicit declaration of built-in function 'exit' /usr/bin/cc -O2 -pipe -fno-strict-aliasing -o clearfiles src/clearfiles.c src/clearfiles.c: In function 'main': src/clearfiles.c:37: warning: comparison between pointer and integer src/clearfiles.c:41: warning: incompatible implicit declaration of built-in function 'exit' /usr/bin/cc -O2 -pipe -fno-strict-aliasing -o filewriters src/filewriters.c src/filewriters.c: In function 'main': src/filewriters.c:61: warning: incompatible implicit declaration of built-in function 'exit' src/filewriters.c:66: warning: incompatible implicit declaration of built-in function 'exit' src/filewriters.c:89: warning: incompatible implicit declaration of built-in function 'exit' src/filewriters.c: In function 'print_uid': src/filewriters.c:101: warning: incompatible implicit declaration of built-in function 'exit' src/filewriters.c: In function 'print_gid': src/filewriters.c:115: warning: incompatible implicit declaration of built-in function 'exit' /usr/bin/cc -O2 -pipe -fno-strict-aliasing -o members src/members.c src/members.c: In function 'main': src/members.c:38: warning: incompatible implicit declaration of built-in function 'exit' /usr/bin/cc -O2 -pipe -fno-strict-aliasing -o tilde src/tilde.c src/tilde.c: In function 'main': src/tilde.c:12: warning: incompatible implicit declaration of built-in function 'printf' src/tilde.c:13: warning: incompatible implicit declaration of built-in function 'exit' src/tilde.c:19: warning: incompatible implicit declaration of built-in function 'printf' /usr/bin/cc -O2 -pipe -fno-strict-aliasing -o is_able src/is_able.c src/is_able.c: In function 'main': src/is_able.c:76: warning: incompatible implicit declaration of built-in function 'exit' src/is_able.c:80: warning: incompatible implicit declaration of built-in function 'strcpy' src/is_able.c:85: warning: incompatible implicit declaration of built-in function 'exit' src/is_able.c:128: warning: incompatible implicit declaration of built-in function 'exit' src/is_able.c:134: warning: incompatible implicit declaration of built-in function 'exit' src/is_able.c:154: warning: incompatible implicit declaration of built-in function 'strlen' src/is_able.c:157: warning: incompatible implicit declaration of built-in function 'strncpy' src/is_able.c:172: warning: incompatible implicit declaration of built-in function 'exit' src/is_able.c:179: warning: incompatible implicit declaration of built-in function 'exit' src/is_able.c:183: warning: incompatible implicit declaration of built-in function 'exit' src/is_able.c:189: warning: incompatible implicit declaration of built-in function 'exit' src/is_able.c:202: warning: incompatible implicit declaration of built-in function 'exit' src/is_able.c:208: warning: incompatible implicit declaration of built-in function 'exit' src/is_able.c:220: warning: incompatible implicit declaration of built-in function 'exit' cd docs; make /usr/bin/nroff -ms COPS.report > COPS.report.ms COPS.report:3: warning: macro `PH' not defined /usr/bin/nroff -ms suid.man > suid.man.ms suid.man:1: macro error: .TH without .TS H (recovering) suid.man:1: warning: number register `0:PI' not defined suid.man:2: warning: macro `UC' not defined suid.man:42: warning: macro `TP' not defined /usr/bin/nroff -ms kuang.man > kuang.man.ms kuang.man:3: warning: macro `PH' not defined kuang.man:765: warning: macro `login' not defined /usr/bin/nroff -man cops > cops.1 cops:118: warning: can't find special character `vV\' /usr/bin/nroff -man cron.chk > cron.chk.1 /usr/bin/nroff -man dev.chk > dev.chk.1 /usr/bin/nroff -man group.chk > group.chk.1 /usr/bin/nroff -man is_able.chk > is_able.chk.1 /usr/bin/nroff -man passwd.chk > passwd.chk.1 /usr/bin/nroff -man is_able > is_able.1 /usr/bin/nroff -man home.chk > home.chk.1 /usr/bin/nroff -man user.chk > user.chk.1 /usr/bin/nroff -man pass.chk > pass.chk.1 /usr/bin/nroff -man root.chk > root.chk.1 /usr/bin/nroff -man rc.chk > rc.chk.1 /usr/bin/nroff -man pass_diff.chk > pass_diff.chk.1 /usr/bin/nroff -man misc.chk > misc.chk.1 /usr/bin/nroff -man is_writable > is_writable.1 /usr/bin/nroff -man bug.chk > bug.chk.1 /bin/chmod u+x chk_strings root.chk dev.chk cron.chk is_able.chk cops group.chk rc.chk passwd.chk ftp.chk crc.chk\ misc.chk suid.chk kuang init_kuang reconfig res_diff yp_pass.chk bug.chk bug.chk.aix bug.chk.apollo bug.chk.dec\ bug.chk.next bug.chk.sgi bug.chk.sun bug.chk.svr4 bug_cmp platform root@freebsd# make install clean ===> Installing for cops-1.04 ===> Generating temporary packing list ===> Checking if security/cops already installed /bin/mkdir -p /usr/local/cops /usr/bin/tar -C /usr/ports/security/cops/work/cops_104+ --exclude "*.old" -cf - . | /usr/bin/tar -C /usr/local/cops --unlink -xf - /usr/sbin/chown -R root:wheel /usr/local/cops /bin/chmod -R go-rwx /usr/local/cops ===> Registering installation for cops-1.04 ===> Cleaning for cops-1.04 root@freebsd#
使い方
/usr/local/cops 以下に全てのツールがある。試しに、おもむろに ./cops を起動してみる。
root@freebsd# ./cops
暫く待つと穏やかに終了し、ホスト名かOS名だかのディレクトリが出来ているので、中のファイルを見てみると、以下のようになっている。
root@freebsd# ls -la total 374 [...] drwxr-xr-x 2 root wheel 512 Oct 19 17:50 freebsd [...] root@freebsd# cd freebsd root@freebsd# ls -la total 6 drwxr-xr-x 2 root wheel 512 Oct 19 17:50 . drwx------ 10 root wheel 1536 Oct 19 17:50 .. -rw-r--r-- 1 root wheel 332 Oct 19 17:50 2011_Oct_19 root@freebsd# cat 2011_Oct_19 ATTENTION: Security Report for Wed Oct 19 17:50:10 JST 2011 from host freebsd.**********.co.jp, COPS v. Version 1.04+ Warning! /etc/security is _World_ readable! Warning! Group file, line 2, does not have 4 fields: # Warning! Group file, line 2, nonalphanumeric user id: # Warning! Group file, line 2, nonnumeric group id: # root@freebsd#
これを参考に、幾つかいじる。
参照
リンク
- セキュリティ関連メモ のトップページへ
- メインページへ
