what cops is
Dan Farmer
df at sei.cmu.edu
Sat May 18 01:39:48 AEST 1991
Well, hello once more. Here's a quick overview, taken from the normal
release of cops -- I hate it when people post and don't tell you what the
hell it is, don't you? The perl version attempts (barring bugs) to
duplicate all of this, and definitely will, when the final release it out
(both shell and perl versions will be posted together.)
-- dan
======================================================
slightly modified blurb, stolen from the shell version
======================================================
Welcome! This is a quick intro to COPS (Computer Oracle and Password
System.) COPS is a collection of security tools that are designed
specifically to aid the typical UNIX systems administrator, programmer,
operator, or consultant in the oft neglected area of computer security.
1) Specifics
-------------
COPS is a collection of about a dozen (actually, a few more, but
a dozen is such a good sounding number) programs that each attempt
to tackle a different problem area of UNIX security. Here is what it
currently checks:
o file, directory, and device permissions/modes.
o poor passwords.
o content, format, and security of password and group files.
o the programs and files run in /etc/rc* cron(tab) files.
o finds SUID files, and checks for their writability and if they are
shell scripts.
o runs a crc check against important binaries or key files, and reports
any changes therein.
o writability of users home directories and startup files (.profile,
.cshrc, etc.), as well as the readability of .netrc and .rhosts files.
o anonymous ftp setup.
o unrestricted tftp, decode alias in sendmail, SUID uudecode problems.
o miscellaneous root checks -- current directory in the search path,
a "+" in /etc/host.equiv, unrestricted NFS mounts, ensures root is
in /etc/ftpusers, etc.
o includes the Kuang expert system, that takes a set of rules and tries
to determine if your system can be compromised (for a more complete list
of all of the checks, look at the kuang documentation.)
All of the programs merely warn the user of a potential problem --
COPS DOES NOT ATTEMPT TO CORRECT OR EXPLOIT ANY OF THE POTENTIAL PROBLEMS
IT FINDS! COPS either mails or creates a file (user selectable) of any
of the problems it finds while running on your system. And because COPS
does not correct potential hazards it finds, it does _not_ have to be
run by a privileged account (i.e. root or whomever.) The only security
check that should be run by root to get maximum results is the SUID checker;
although it can be run as an unprivileged user, to find all the SUID files
in a system, it should be run as root. In addition, COPS cannot used to
probe a host remotely; all the tests and checks made require a shell that
is on the site being tested.
2) What COPS is _not_
----------------------
COPS merely provides a method of checking for common procedural errors.
It is not meant to be used as a replacement for common sense or user/
operator/administrative alertness! Think of it as an aid, a first line
of defense -- not as an impenetrable shield against security woes. An
experienced wrong-doer could easily circumnavigate _any_ protection that
COPS can give. However, COPS _can_ aid a system in protecting its users
from (their own?) ignorance, carelessness, and the occasional malcontent
user.
Once again, COPS does not correct any errors found. There are several
reasons for this; first and foremost, computer security is a slippery
beast. What is a major breach in security at one site may be a standard
policy of openness at another site. Additionally, in order to correct all
problems it finds, it would have to be run as a privileged user; and I'm
not going to go into the myriad problems of running SUID shell scripts
(See the bibliography at the end of the technical report for pointer to a
good paper on this subject by Matt Bishop.)
At this time, COPS does not attempt to detect bugs or features (such
as infamous ftpd, fingerd, etc) that may cause security problems. Although
this may change in future versions, the current line of reasoning to avoid
general publication of programs such as these is that all the problems that
COPS detects can be repaired on any system it runs on. However, many bugs
can be readily repaired only be having source code (and possibly a good
vendor to repair it), and many sites would have serious troubles if they
suddenly discovered unrepairable problems that could compromise their
livelihood.
Summary
--------
COPS is meant to be a tool to aid in the tightening of security, not
as a weapon to be used by an enemy to find security flaws in a system.
It may be argued that allowing anyone to have access to such a tool may
be dangerous. But hopefully the overall benefit for systems that use
this package will outweigh any negative impact. To me it is akin to a
law enforcement problem -- that although telling the public how to break
into a house may foster a slight rise in break-in attempts, the overall
rise in public awareness on how to defend themselves would actually result
in a drop in break-ins. The crackers with black hats already know how
to crush system defenses and have similar tools, I'm sure. It's time
we fought back.
COPS is not the final answer to anyone's security woes. You can use
the system as long as you realize that COPS has no warranty, implied
or otherwise, and that any problems that you may have with it are
not my or any of the other authors' fault. I will certainly attempt to
help you solve them, if I am able. If you have ideas for additional
programs, or a better implementation of any of the programs here, I would
be very interested in seeing them.
So good luck, and I hope you find COPS useful as we plunge into UNIX
of the 1990's.
dan
df at cert.sei.cmu.edu
May 17, 1991
More information about the Alt.sources
mailing list