Cops ¿­±â


COPS(Computerrized Oracle and Passward System)´Â UNIX system ÀÇ º¸¾ÈÁ¡°Ë ÇÁ·Î±×·¥ÀÌ´Ù. COPS ÆÐÅ°Áö´Â º¸¾ÈÀ» Á¶»çÇØ ÁÖ´Â ½ÇÁ¦ ÇÁ·Î±×·¥µé°ú ¼³Ä¡¹æ¹ý&ÀÛµ¿¹æ¹ý&°á°ú¸¦ Çؼ®ÇÏ´Â µµÅ¥¸ÕÆ®µé·Î ±¸¼ºµÇ¾î ÀÖ´Ù. COPS´Â root°¡ ¾Æ´Ñ ÀϹÝuserµµ »ç¿ëÇÒ ¼ö ÀÖÀ¸¸ç ¶ÇÇÑ COPS´Â ´ÜÁö º¸¾È¹®Á¦¿¡ ´ëÇÏ¿© ¾Ë·ÁÁֱ⸸ ÇÒ »Ó ¼öÁ¤À» ÇØ ÁÖÁö´Â ¾Ê´Â´Ù.

CopsÀÇ ´É·Â Cops´Â root »óȲ¿¡¼­ ½ÇÇàµÇ¸ç, ¾Æ·¡ÀÇ »çÇ×µéÀ» checkÇÏ¿© ½Ã½ºÅÛ °ü¸®ÀÚ¿¡°Ô security vulnerabilityÀÇ °¡´É¼ºÀÌ ÀÖ´Ù´Â °ÍÀ» ¾Ë·ÁÁÙ »ÓÀÌ¸ç ½ÇÁ¦ÀÇ correctionÀº °ü¸®ÀÚ°¡ Á÷Á¢ ÇàÇÏ¿©¾ß ÇÑ´Ù.

copsÀÇ Æ¯Â¡ Cops´Â shell»óÅ¿¡¼­ checkÇÒ ¼ö ÀÖ´Â ¸¹Àº ºÎºÐÀ» ¸ðµÎ checkÇØ ÁÜÀ¸·Î¼­ ½Ã½ºÅÛ °ü¸®ÀÚ´Â ÃÖÁ¾ÀûÀ¸·Î ³ª¿Â °á°ú¹°À» º¸°í ÀÚ±âÀÇ ±âÈ£¿¡ µû¶ó ¼öÁ¤À» ÇØÁÖ¸é µÈ´Ù. ¹Ý¸é ÀÌ°ÍÀº ÀÏÀÏÀÌ ¼ÕÀ¸·Î ´Ù ÇØÁà¾ß ÇϹǷΠ¿ÀÈ÷·Á ¾î·Á¿ï ¼ö°¡ ÀÖ´Ù.
CopsÀÌÈÄ¿¡ ³ª¿Â µµ±¸µé ´ëºÎºÐÀÌ checking°ú ÇÔ²² ¼öÁ¤ ±â´Éµµ °°ÀÌ Á¦°øÇØ Áִµ¥µµ ºÒ±¸ÇÏ°í Cops°¡ ¾²ÀÌ´Â ÀÌÀ¯´Â ¼³Ä¡¿Í »ç¿ë ÀÌ ¼Õ½±±â ¶§¹®ÀÌ´Ù.

copsÀÇ´ÜÁ¡ Cops´Â network security¿¡ ´ëÇؼ­´Â ÀüÇô checkÇÏÁö ¸øÇÑ´Ù.
UNIX½Ã½ºÅÛÀÌ ¹Ù·Î network computer¶ó´Â °³³ä ¿¡ ºñÃß¾úÀ» ¶§, ¾î¶² ÇÑ ½Ã½ºÅÛÀÇ securityÁ¡°ËÀ» cops¸¸À¸·Î ÇÑ´Ù´Â °ÍÀº ºÎÁ·ÇÑ °¨ÀÌ ÀÖ´Ù. ÀÌ·± Á¡µéÀº ´Ù¸¥ Á¡°Ëµµ±¸µé°ú °°ÀÌ »ç¿ë ÇÔÀ¸·Î½á systemÀÇ security¸¦ ²ÒÇÑ´Ù.

Cops¸¦ ±ò¾Æº¸ÀÚ...



Cops´Â shell/perl scriptÀ̹ǷΠƯº°ÇÑ ÄÄÆÄÀÏ °úÁ¤ÀÌ ÇÊ¿ä ¾ø´Ù. ´ÜÁö awk,sed,grep µîÀÇ utilityµéÀÌ Á¦´ë·Î °®Ãß¾îÁ® ÀÖ´Â À¯´Ð½º ½Ã½ºÅÛÀ̸é Á·ÇÏ´Ù.

kus.kaist.ac.kr(sparc20,SunOS5.4)ÀÇ file systemÀ» ¿¹·Î µé¾î º»´Ù.

ftp://ftp.cert-kr.or.kr/pub/Security/tool/cops_104.tar.Z
À§ÀÇ ÁÖ¼Ò ¸»°íµµ Cops¸¦ ±¸ÇÒ ¼ö ÀÖ´Ù. click!

$ pwd
/kus/security_tools
$ zcat cops_104.tar.Z : tar fx -
$ cd cops_104

// ±×¸®°í makefile À» ÆíÁýÇÑ´Ù.

INSTALL_DIR=/kus/security_tools/cops_104 -> current directory


//´ÙÀ½ ºÎºÐÀÇ path °¡ ¸ðµÎ ¸Â´ÂÁö È®ÀÎÇÑ´Ù.

#
#Where the programs are....
#
CHMOD=/bin/chmod
TEST=/usr/ucb/test
MKDIR=/bin/mkdir
CP=/bin/cp
CC=/usr/ucb/cc
RM=/bin/rm


//ÀÌ»óÀÌ ¾øÀ¸¸é,¾Æ·¡¿Í °°ÀÌ ½ÇÇà


$ make all
$ make install


// ±×·¯¸é installÀÌ ³¡³­´Ù.
// ÀνºÅçÀÌ ¿Ï·áµÇ¸é ¾Æ·¡¿Í °°ÀÌ cops ÆÄÀÏÀ» º¯°æÇÑ´Ù.

vi cops

########################
# Change these lines!
########################
SECURE=/kus/security_tools/cops_104 SECURE_USERS="[email protected]" //SECUREºÎºÐÀ» cops°¡ installµÈ directory·Î º¯°æ
//SECURE_USERSMS°á°ú¹ÞÀ» »ç¶÷ÀÇ email,ÀϹÝÀûÀ¸·Î ½Ã½ºÅÛ°ü¸®ÀÚ


Cops´Â ¾îµð¿¡ ÀÖÀ»±î?


ftp://ftp.cert-kr.or.kr/pub/Security/tool/cops_104.tar.Z
ftp://ftp.kaist.ac.kr/.1/Linux/system/Admin/cops.104.tgz (Linux)

ftp://ring.kotel.co.kr/pub/security/doc/COPS.PS
ftp://ring.kotel.co.kr/pub/security/doc/cops.tar.Z


Cops Source

CopsÀÇ »ç¿ë¹ý


$ pwd
kus/security_tools/cops_104
$ cops <--- ½Ã°£ÀÌ ¸¹ÀÌ °É¸²
$ ls -al result*
-rw-r--r-- 1 root other 953 11¿ù 29ÀÏ 22:58 result.5011
$ cat result.5011
arning! /etc/security is _World_ readable!
Warning! /etc/mnttab is _World_ writable!
Warning! /etc/named.boot is _World_ writable!
Warning! /usr/adm/spellhist is _World_ writable!
Warning! /usr/adm/vold.log is _World_ writable!
Warning! /usr/local/bin/screen-3.6.2 is _World_ writable!
Warning! /usr/local/bin/screen.old is _World_ writable!
Warning! File /etc/mnttab (in /etc/rc2.d/SO1MOUNTFSYS) is _World_ writable!
Warning! File /var/adm/log/asppp.log (in /etc/rc.d/S47asppp) is _World_ writable!
Warning! File /dev/ip (in /etc/rc2.d/S69inet) is _World_ writable!
Warning! File /dev/tcp (in /etc/rc2.d/S69inet) is _World_ writable!
Warning! File /etc/named.boot (in /etc/rc2.d/S72inetsvc) is _World_ writable!
Warning! User nuucp's home directory /var/spool/uucppublic is _World_ writable!
Warning! Password file, line 7, user smtp has uid = 0 and is not root smtp:x:0:0:mail daemon user:/:/bin/false
Warning! /etc/ftpusers should exist!