Anhang zur Ausführungsbestimmung für UNIX-Systeme bei .....
Anhang B: Konfiguration Digital-UNIX
Tabelle 1: Geräte-Beschreibungs-Dateien
Tabelle 2: Hauptspeicher-Beschreibungs-Dateien
Tabelle 3: Werkzeuge, die auf Hauptspeicher-Beschreibungs-Dateien zugreifen
Tabelle 4: Log-Dateien
Tabelle 5: Gruppen-Datei
Tabelle 6: Netzwerk-Dateien
Tabelle 7: Tabelle des Datei-Systems
Tabelle 8: Daten zur Terminal-Initialisierung
Tabelle 9: Terminal-Konfigurations-Datenbank
Tabelle 10: Terminal Capability Datenbank
Tabelle 11: Scheduled Administrative Commands
Tabelle 12: System-Start Kommando-Prozeduren
Tabelle 13: Schutz der Benutzer-Account-Dateien
Tabelle 14: Weitere Dateien in den Verzeichnissen /etc, /sbin, usr/bin und /usr/sbin
Tabelle 15: Weitere System-Dateien
Tabelle 16: "wall"-Befehl
Tabelle 17: "uudecode"-Befehl
Tabelle 18: "chroot"-Befehl
Tabelle 19: System-Verzeichnisse
Tabelle 20: temporäre System-Verzeichnisse
Tabelle 21: Empfehlungen zum Datei-Schutz der Benutzer-Umgebungen
Tabelle 22: Mail-Dateien des Benutzers
Tabelle 23: Datei der Mail-Alias-Namen
Tabelle 24: ftp-Verzeichnisse
Tabelle 25: ftp-Dateien
Tabelle 26: Schutz der Dateien für die Batch-Verarbeitung
Tabelle 1: Geräte-Beschreibungs-Dateien
Datei/Verzeichnis |
Owner |
Gruppe |
Zugriffsart |
Beschreibung |
/dev |
bin |
staff |
755 |
Directory of special device files. |
/dev/console |
[user] |
[user's group] |
620 |
Opened console device special file. (The file is opened when on is set for the console entry in the /etc/ttytab file.) |
/dev/MAKEDEV |
root |
staff |
744 |
Shell script for installing special files. |
/dev/[disk]* |
root |
operator |
640 |
Buffered disk systems. |
/dev/r[disk]* |
root |
operator |
640 |
Unbuffered disk systems. |
/dev/null |
root |
staff |
666 |
The data sink file must be group- and word-writable. |
/dev/rmt* |
root |
staff |
666 |
Tape devices. |
/dev/tty#/dev/pty |
root or [user] |
tty |
620 |
Opened terminal special files. |
/sbin/mknod |
root |
wheel |
744 |
Creates special files.Link to etc/mknod.
|
/dev/klog |
root |
staff |
600 |
|
Tabelle 2: Hauptspeicher-Beschreibungs-Dateien
Datei/Verzeichnis |
Owner |
Gruppe |
Zugriffsart |
Beschreibung |
/dev/klog |
root |
staff |
640 |
Image of virtual memory |
/dev/kmem |
root |
system |
640 |
Image des Kernels im virtuellen Hauptspeicher |
/dev/mem |
root |
system |
640 |
Image des physikalischen Hauptspeichers |
Tabelle 3: Werkzeuge, die auf Hauptspeicher-Beschreibungs-Dateien
zugreifen
Datei/Verzeichnis |
Owner |
Gruppe |
Zugriffsart |
/usr/bin/ps |
bin |
bin |
755 |
/usr/bin/iostat |
root |
bin |
755 |
/usr/bin/ipcs |
root |
bin |
2755 |
/usr/bin/mail |
bin |
mail |
6711 |
/usr/sbin/nfsstat |
root |
system |
555 |
/usr/sbin/pstat |
bin |
bin |
555 |
/usr/bin/netstat |
root |
bin |
2755 |
/usr/bin/uptime |
bin |
bin |
2755 |
/usr/bin/vmstat |
root |
bin |
2755 |
/usr/bin/w |
bin |
bin |
2755 |
Tabelle 4: Log-Dateien
Datei/Verzeichnis |
Owner |
Gruppe |
Zugriffsart |
Beschreibung (original) |
/etc/syslog.conf |
root |
system |
644 |
Configuration file used to direct syslog (8) messages of various priorities to files, devices, and users. |
/var/adm/wtmp/var/adm/utmp
|
root |
system |
644 |
Information about logged-in users. |
/var/adm/acct |
adm |
adm |
644 |
Raw system accounting data, including user commands executed. |
/var/adm/lastlog |
root |
security |
644 |
User login times. |
/usr/adm/pacct |
root |
system |
644 |
|
/var/adm/sulog |
root |
system |
600 |
Successful and unsuccessful attempts to gain superuser status using the su command. |
/usr/sbin/sa |
adm |
adm |
755 |
Prints process accounting statistics. |
/var/adm |
adm |
adm |
655 |
Accounting-Verzeichnis |
/var/adm/binary.errorlog |
root |
adm |
640 |
binary Error-Logfile auszulesen mit uerf |
/etc/sec/audit_events |
root |
audit |
640 |
Audit events file. |
/etc/sec/audit_objects |
root |
audit |
640 |
Description of audited objects. |
/var/adm/messages |
root |
adm |
640 |
System-Messages |
/var/adm/crash |
root |
system |
750 |
System Crash Information |
Tabelle 5: Gruppen-Datei
Datei/Verzeichnis |
Owner |
Gruppe |
Zugriffsart |
Beschreibung |
/etc/group |
root |
security |
644 |
Information über die Gruppen |
Tabelle 6: Netzwerk-Dateien
Datei/Verzeichnis |
Owner |
Gruppe |
Zugriffsart |
Beschreibung (original) |
/etc/exports |
root |
system |
644 |
Local file systems and directories available for NFS support. |
/etc/hosts |
root |
system |
644 |
Information about known hosts on the Internet. |
/etc/hosts.equiv |
root |
system |
600 |
Grants remote user access to local system without password. |
/etc/inetd |
root |
system |
554 |
Internet daemon. |
/etc/inetd.conf |
root |
system |
644 |
Internet daemon configuration database. |
/usr/lib/remote-file |
root |
system |
644 |
Modem information for tip. |
/usr/sbin/rexecd |
root |
system |
554 |
Remote execution daemon. |
/etc/services |
root |
system |
644 |
List of Internet services. |
/etc/netgroup |
root |
system |
644 |
Network groups database. |
/usr/sbin/ftpd |
root |
system |
2554 |
Ftp daemon. |
/usr/bin/rcp |
root |
system |
2555 |
Remote copy program copies files between machines. |
/usr/bin/rdist |
root |
bin |
2555 |
Remote file distribution program maintains identical copies of files on multiple hosts. |
/usr/bin/rlogin |
root |
system |
2555 |
Connects the terminal to a remote |
/usr/bin/rsh |
bin |
bin |
2555 |
Shell for executing commands on remote hosts. |
/etc/ftpusers |
bin |
bin |
755 |
Liste von nicht authorisierten FTP-Benutzern |
/etc/tftpd |
root |
system |
555 |
TFTP daemon. |
Tabelle 7: Tabelle des Datei-Systems
Datei/Verzeichnis |
Owner |
Gruppe |
Zugriffsart |
Beschreibung |
/etc/fstab |
root |
staff |
644 |
Konfiguration des Datei-Systems |
Tabelle 8: Daten zur Terminal-Initialisierung
Datei/Verzeichnis |
Owner |
Gruppe |
Zugriffsart |
Beschreibung |
/etc/inittab |
root |
staff |
644 |
Terminal port initialization data. |
/etc/ttysrch |
bin |
bin |
755 |
wird von ttyname ausgewertet |
/etc/securettys |
bin |
in |
755 |
Steuert den Zugriff von "root" auf die Terminal-Devices. |
Tabelle 9: Terminal-Konfigurations-Datenbank
Datei/Verzeichnis |
Owner |
Gruppe |
Zugriffsart |
Beschreibung (original) |
/etc/gettytab |
bin |
bin |
755 |
Terminal configuration database. |
Tabelle 10: Terminal Capability Datenbank
Datei/Verzeichnis |
Owner |
Gruppe |
Zugriffsart |
Beschreibung |
/usr/share/lib/termcap |
bin |
bin |
644 |
Terminal capability Datenbank |
Tabelle 11: Scheduled Administrative Commands
Datei/Verzeichnis |
Owner |
Gruppe |
Zugriffsart |
Beschreibung (original) |
/var/spool/cron/crontabs/[user]
|
[user] |
cron |
644 |
Scheduled system administrative commands executed by the cron command. Link to /usr/bin/crontab. |
/usr/adm/cron/at.allow and /usr/adm/cron/at.deny
|
bin |
cron |
640 |
Respectively control who may or may not use the cron facility for batch jobs. |
Tabelle 12: System-Start Kommando-Prozeduren
Datei/Verzeichnis |
Owner |
Gruppe |
Zugriffsart |
Beschreibung (original) |
/etc/inittab |
root |
system |
644 |
System init control file |
/etc/rc.config |
root |
system |
755 |
Startup configuration file |
/etc/rc* |
bin |
bin |
644 |
Generic startup command script and specific startup files. |
Tabelle 13: Schutz der Benutzer-Account-Dateien
Datei/Verzeichnis |
Owner |
Gruppe |
Zugriffsart |
Beschreibung |
/etc/passwd |
root |
system |
644 |
Basic user-account information used in conjunction with the authorization database (etc/security/passwd). |
/etc/passwd.dir |
root |
system |
644 |
Directory for password database. |
/etc/passwd.pag |
root |
system |
644 |
Data for password database. |
/var/yp |
root |
system |
755 |
Directory with NIS-relevant files |
/etc/profile |
bin |
bin |
555 |
System wide login profile for all users. |
/etc/tftptab |
root |
system |
644 |
Access to this system via tftp rules file. |
Tabelle 14: Weitere Dateien in den Verzeichnissen /etc, /sbin, usr/bin
und /usr/sbin
Datei/Verzeichnis |
Owner |
Gruppe |
Zugriffsart |
/etc/services |
root |
system |
644 |
/sbin/init |
root |
system |
755 |
/usr/bin/install |
root |
system |
700 |
/usr/sbin/mklost+found |
bin |
bin |
755 |
/usr/sbin/ncheck |
bin |
bin |
755 |
/usr/sbin/netgroup |
root |
system |
644 |
/usr/sbin/pac |
root |
printq |
755 |
/usr/sbin/portmap |
root |
system |
755 |
Tabelle 15: Weitere System-Dateien
Datei/Verzeichnis |
Owner |
Gruppe |
Zugriffsart |
Beschreibung (original) |
/usr/bin/passwd |
root |
security |
2555 |
Change password command. |
/usr/lbin/expreserve |
bin |
bin |
555 |
Preserves vi backup files. |
/usr/lbin/exrecover |
bin |
bin |
555 |
Recovers vi backup files. |
/usr/sbin/sendmail |
root |
system |
6511 |
Network mailer program. |
/usr/bin/lprm |
bin |
bin |
555 |
Removes jobs from a printer queue. |
/mdec |
root |
system |
555 |
Directory of the DIGITAL-UNIX operating system boot file image. |
Tabelle 16: "wall"-Befehl
Datei/Verzeichnis |
Owner |
Gruppe |
Zugriffsart |
Beschreibung |
use/sbin/wall |
bin |
bin |
550 |
Bildschirm-Meldungen für alle angemeldeten Benutzer. |
Tabelle 17: "uudecode"-Befehl
Datei/Verzeichnis |
Owner |
Gruppe |
Zugriffsart |
Beschreibung |
/usr/bin/uudecode |
uucp |
uucp |
111 |
Entschlüsselt Dateien, die durch /usr/bin/uuencode verschlüsselt wurden |
Tabelle 18: "chroot"-Befehl
Datei/Verzeichnis |
Owner |
Gruppe |
Zugriffsart |
Beschreibung |
/usr/sbin/chroot |
bin |
bin |
500 |
Ändert das "root"-Verzeichnis für einen Befehl |
Tabelle 19: System-Verzeichnisse
Datei/Verzeichnis |
Owner |
Gruppe |
Zugriffsart |
Beschreibung (original) |
/ |
root |
system |
755 |
Root of all file systems and home directory of the superuser. |
/bin |
root |
system |
755 |
Single user commands. |
/etc |
root |
system |
755 |
System management commands. |
/etc/sec |
root |
security |
750 |
Audit subsystem files. |
/usr |
root |
system |
755 |
A file system hierarchy. |
/usr/adm or /var/adm |
root |
system |
755 |
Administrative information. |
/usr/sbin |
bin |
bin |
755 |
System utility and files used to boot machine and mount usr/filesystem. |
/export |
root |
system |
775 |
File tree for binaries and data for diskless clients. |
/usr/bin |
bin |
bin |
755 |
Additional user commands. |
/usr/etc |
root |
system |
755 |
More system management commands. |
/usr/kits/usr/var/kits
|
root |
system |
755 |
Directories for user installed product commands. |
/usr/lib |
bin |
bin |
755 |
Many system executables, such as the compiler and system libraries. |
/usr/local |
root |
system |
755 |
Commands with a local origin. |
/usr/ucb |
bin |
bin |
775 |
Certain Berkeley extension commands. |
usr/field |
root |
system |
755 |
Tool and Patch location |
/usr/share |
bin |
bin |
755 |
Shareable text files. |
Tabelle 20: temporäre System-Verzeichnisse
Datei/Verzeichnis |
Owner |
Gruppe |
Zugriffsart |
Beschreibung |
/tmp |
root |
system |
1777 |
Schreibbares Verzeichnis für temporääre Dateien |
/var/tmp |
root |
system |
1777 |
Schreibbares Verzeichnis für temporäre Dateien |
/usr/tmp |
root |
system |
1777 |
Schreibbares Verzeichnis für temporäre Dateien |
Tabelle 21: Empfehlungen zum Datei-Schutz der Benutzer-Umgebungen
Datei/Verzeichnis |
Owner |
Gruppe |
Zugriffsart |
Beschreibung (original) |
.cshrc |
user's name |
user's group |
640 |
Environment file for C shell. |
.forward |
user's name |
user's group |
640 |
Mail forwarding address.Use for temporary forwarding only.Write access allows an attacker to redirect mail or specify that a malicious /tmp program be run upon receipt of mail. |
.kshrc |
user's name |
user's group |
640 |
Environment file for KornShell. |
.login |
user's name |
user's group |
640 |
Environment file for csh shell. |
.logout |
user's name |
user's group |
640 |
Environment file for csh shell. |
.mailrc |
user's name |
user's group |
640 |
Environment file for mail. |
.netrc |
user's name |
user's group |
600 |
Information used for ftp auto-login. |
.plan |
user's name |
user's group |
644 |
Message displayed by the finger command. |
.profile |
user's name |
user's group |
640 |
Environment file for the sh, sh5, ksh shells. |
.project |
user's name |
user's group |
644 |
Message text displayed by the finger command. See related guideline in Section 2.2.3.4. |
.Xdefaults |
user's name |
user's group |
640 |
Xwindows file. |
.mwmrc |
user's name |
user's group |
640 |
|
.Xinitrc |
user's name |
user's group |
750 |
X11 session initialization. |
.hushlogin |
user's name |
user's group |
640 |
No messages at login time. |
Tabelle 22: Mail-Dateien des Benutzers
Datei/Verzeichnis |
Owner |
Gruppe |
Zugriffsart |
Beschreibung |
/var/spool/mail/[username] |
[user] |
mail |
600 |
Mail-Datei des Benutzers |
/var/spool/mail |
root |
mail |
755 |
Verzeichnis der Mail-Datei |
Tabelle 23: Datei der Mail-Alias-Namen
Datei/Verzeichnis |
Owner |
Gruppe |
Zugriffsart |
Beschreibung (original) |
/var/adm/aliases |
root |
system |
640 |
Mail aliases file. |
/sendmail/aliases.dir |
root |
system |
640 |
Lookaside files. |
/sendmail/aliases.pag |
root |
system |
660 |
Lookaside files. |
Tabelle 24: ftp-Verzeichnisse
Verzeichnis |
Owner |
Gruppe |
Zugriffsart |
Beschreibung (original) |
~ftp |
ftp |
staff |
555 |
Home directory for anonymous ftp. |
~ftp/bin |
root |
system |
555 |
Directory for the ls command. |
~ftp/etc |
root |
system |
555 |
Directory for the ftp group and passwd files. |
~ftp/pub |
ftp |
system |
777 |
Public directory for files accessible to anonymous ftp users. |
Tabelle 25: ftp-Dateien
Datei |
Owner |
Gruppe |
Zugriffsart |
Beschreibung (original) |
~ftp/bin/ls |
root |
system |
111 |
Supports the ftp list commands. |
Tabelle 26: Schutz der Dateien für die Batch-Verarbeitung
Datei/Verzeichnis |
Owner |
Gruppe |
Zugriffsart |
Beschreibung (original) |
/usr/adm/cron/at.allow |
bin |
bin |
755 |
Users allowed to use batch commands. |
/usr/adm/cron/at.deny |
bin |
bin |
755 |
Users denied use of batch commands. |
Zurück zu den Unix-Systemen.
Stand 05.03.1998