skip to primary navigationskip to content

Unix System Security

Unix has a poor reputation for security. Some of this reputation is deserved, some isn't.

Securing a Unix system

So you want to run a secure Unix system, do you?
You should start by reading this document. This page covers some very general security principles. Following all the advice in this document will not make your system "absolutely secure" (there's no such animal) but will make it more secure than most.
Service detection on a Unix box
This is a guide to help you determine what network services are being run from your system.
Keeping Unix systems up to date
A major part of keeping your systems secure is to keep your system up to date with regard to updates and patches from your O/S supplier. However, it can be tricky to determine exactly which patches you need to apply. Unix Support are building a suite of tools that will compare your system against a set of patch directories and automatically list those patches that are needed.
Friendly probing within the University
As part of the campaign to make computer officers aware of what is being run on their networks and to assist in the location of insecure hosts, the Computing Service runs friendly probes against the machines on the CUDN (C.U. Data Network). This page gives access to the results.
Passwordless accounts
This is a copy of a warning the CS posted about passwordless accounts on computers within the University following a security incident in which a passwordless account was used to get the initial entry into the system.

Other security related pages

Checking your own account
This is an online copy of a leaflet the CS plans to give to anyone whose account may have been compromised. It gives guidance on how to check your account for any "back doors" the attacker may have left behind to make the next attack easier.
Access controls on the web
This page details how various access models can be implemented in Apache and what their shortcomings are. In particular, it recommends against restrictions to based on client IP address.
Security mailing lists
There are a number of mailing lists dedicated to system security. This page contains links to well-maintained archives of these lists together with a brief description of the remit of each list.

Some recommended links

The current original Computer Emergency Response Team (CERT) website.
JANET-CERT is the U.K.'s equivalent of the original.
CERT (local archive from 2001)
These are the archives of the original Computer Emergency Response Team. They are broken down into
advisories which address specific topics,
incident notes which are notes regarding current incidents and
summaries which are descriptions of current activity.