                       TITAN's view of the world

  ------------------------------------------------------------------------



     TITAN 3.0.4 Solaris 2.X

     Descriptions as to what each module does:

     Running Titan

     Titan-Config This script  figures out which OS you are using and makes
     the appropriate links to the shell scripts accordingly. Titan-Config
     also asks if you want to  make a backup directory of all files modified
     by Titan.

     Titan  Titan is the program which runs all the other shell scripts
     (*.sh) and accepts either the -I (intro) -F (fix) -C (configuration) [
     + filename] )or -V (verify) flag.

     Titan.top This module is the same as Titan except the path has been
     modified so that When "Titan-Config" is run, Titan can be run from the
     top most directory.

     TitanReport. This file runs all Titan modules in the
     $TITANDIR/bin/modules directory using the "-v" flag. TitanReport then
     emails the results. Titanreport is intended to run out of cron, or as
     an auditing tool. See the FAQ for more.

     Sample.Desktop, sample.Firewall, sample.Server, sample.config. These
     files are used as templates when titan is run as "Titan -c
     config-file". See the FAQ for more.

     backtit.sh This modules is called by "Titan-Config" when run
     "Titan-Config -i" (install). Backtit.sh makes a backup copy of all the
     files Titan modifies (tbacktit.sh currently does not backup file
     permission changes)

     untit.sh Untit.sh is called by "Titan-Config" when run 'Titan-Config
     -d" (deinstall) Untit.sh replaces the files modified by Titan with the
     original unsecured versions, and is provided as a recovery mechanism if
     we were to aggressive about securing the system.

     noshell.c This is the preferred way of doing a noshell. This should be
     statically compiled (see noshell-makefile) and should replace the shell
     script that disable-accounts.sh placed in /usr/sbin/noshell.

     noshell-simple.c This is a simplified version of noshell.c . I don't
     expect this to get much use, but  should be statically compiled (see
     noshell-makefile) and replace the /usr/sbin/noshell script that
     disable-accounts.sh creates. the script that disable-accounts.sh
     creates is better than nothing,  (better than /bin/true which is also a
     shell script) but a statically linked C program is the best way to go.



     Titan modules

     add-umask.sh  Adds system wide umasks for rc?.d files causing system
     daemon to create more secure files; (From Casper Dik's code.)

     adjust-arp-timers.sh  This changes the system configuration to shorten
     the ARP expiration timer
      to one minute instead of the default 20 minutes.

     adjust.syn-timeout.sh   This changes the system configuration to
     shorten the Abort Time out Value to ten seconds. Only runs for older
     versions of Solaris 2.X. Newer versions have a patch ( 103582-11
     currently) which should be applied instead.


     automount.sh Disables the automounter at boot time.

     create.issue.sh Creates the /etc/issue banner that gets displayed at
     login time.

     decode.sh Looks for any  ``|'' in /etc/aliases and fixes if found.

     disable-L1-A.sh Solaris 2.6 and newer only. This disables the L1-A or
     stop-A keyboard sequence by modifying /etc/default/kbd.

     disable-NFS.bind.sh Moves the privileged port range to  2050 which thus
     includes the NFS ports

     disable-accounts.sh Disables ``system'' accounts like ``bin'' and
     ``daemon'' and creates a /usr/sbin/noshell script. The noshell script
     should only be a place holder until you compile and install the
     noshell  statically linked C program

     disable-core.sh This changed the /etc/system file making the core dump
     size limited  to zero length. This prevents bad guys forcing a core
     dump to examine any information that might be stored in  the core image
     such as /etc/shadow information.

     disable-ping-echo.sh  This disables ip_respond_to_echo_broadcast so
     that specific ping crashes don't work . It also hides the system from
     some network probe agents that use broadcast ping to discover hosts to
     probe.

     disable_ip_holes.sh Disables ip_forward ip_forward_directed_broadcasts,
     ip_source_routed,  and ip_ignore_redirect 1, ect..

     dmi-2.6.sh Simply moves aside all the dmi daemons start up files. DMI
     doesn't do any authentication ; allows core dumps and seems to allow
     you to start up arbitrary services. It isn't well documented on what it
     actually does.

     eeprom.sh  Check Only. This checks to see if you set an eeprom password
     ("eeprom security-mode = command" is recommended; and then move/remove
     the eeprom command support from the kernel) If you don't set a eeprom
     password, a bad guy might set one for you (eeprom security-mode = full)
     and then halt your system. Then since you don't know the password, you
     cannot reboot (DOS attack)

     file-own.sh Changes system files (mainly in /usr ) to be owned by
     "root"." I personally don't like anything that the root user is going
     to run not being owned by root. When /usr/bin is owned by user ``bin''
     user ``bin can trojan anything root runs; thus bin=root. Thus I change
     everything back to root to begin with. We need not mention NFS where
     root=nobody but bin=bin; I think you get the point.

     fix-cronpath.sh Changes permission and ownership of things run out of
     roots cron.  Otherwise every time cron is run a new
     trojan/setuid-root-file could be created.

     fix-modes.sh modes.c modes;  (From Casper Dik). Fixes all the mode 775
     directories and binaries and changes the ownership to root where
     needed. The modes.c  may need  to be compiled locally.   - Big note
     here! - REMEMBER to re-run this whenever you add packages or patches!!
     If you don't, the modes get brain dead again.  Titan  DOES NOT run this
     by default. This should be run often such as out of cron or at least
     after adding any vendor patches.

     fix-stack.sh wrapper for Casper Dik's protect_stack which forces all
     user zero-fill-on-demand pages are marked rw- instead of rwx. This
     blocks many of the stack smashing bugs from working. Note this doesn't
     work on all versions of the SPARC architectures (multi processors for
     instance)

     fix-stack.sol2.6.sh Solaris 2.6 has the protect_stack ability built-in
     as a /etc/system configurable option. This blocks many of the stack
     smashing bugs from working.


     ftpusers.sh Creates a sane /etc/ftpusers which stops users such as root
     or "bin" from using ftp. This prevents "root" from ftping over a new
     /etc/shadow file, and forces the administrators to ftp as themselves
     and then "su" to root thus keeping the audit trail  (more) intact.

     hosts.equiv.sh Checks for /etc/hosts.equiv. it should also check
     /etc/nsswitch.conf "password and group" entries but currently doesn't.

     inetd.sh Changes /etc/inetd.conf  and turns off most of the services.
     You will want to  localize this.  For desktops for instance you might
     want to leave on the services for calendar manager and tooltalk
     (assuming windows) My suggestion is to get tcp_wrappers and wrap all
     services. Then get ssh and turn off rsh/rlogin and ftp and only use
     ssh/scp for remote access needs.

     keyserv.sh Changes the keyserv startup to start keyserv with the "-d"
     option so that the default "nobody"
       key is not allowed.

     is_root this is not intended to be run by users. The other scripts call
     this as a generic check for execution as root.

     log-tcp.sh Adds the "-t" flag to in.inetd startup in
     /etc/rc2.d/S72inetsvc to trace all incoming TCP services.

     loginlog.sh Fixes the syntax so that (assuming Sun patches) log entries
     are made for failed login attempts.

     lpsched.sh Disables lp. For firewalls, and non-print servers. Probably
     want to leave this service on for desktops.

     nfs-portmon.sh  Turns on NFS port monitoring for solaris.

     nsswitch.sh  Modifies /etc/nsswitch.conf removing all the nis/nis+/dns
     entries. This is useful on a firewall, but you may want to tune it down
     a little on networked servers and desktops.  It also sets password and
     group to only look at local password/group files; again network servers
     or desktops might not want this behavior.

     nuke-sendmail.sh This module does as it implies. Disables sendmail.
     This modules should be used on Firewalls that are not sendmail servers,
     Servers that are not sendmail servers, and all desktops that have their
     mail delivered to a server.

     pam-rhosts-2.6.sh This solaris 2.6 module saves and modifies the
     /etc/pam.conf file removing the line: " rlogin  auth sufficient
     /usr/lib/security/pam_rhosts_auth.so.1" such that rhosts are not
     allowed by the PAM system.

     passwd.sh Checks that all accounts have passwords and adds in a "*"
     password if run in fix mode.

     powerd.sh Checks that the power suspend (/usr/openwin/bin/sys-suspend)
     can only be run by the root user.

     psfix.sh  This program creates /etc/rc3.d/S79tmpfix so that upon boot
     the /tmp
      directory will always have the sticky bit set mode 1777

     rhosts.sh Originally from COPS. Scans for .rhosts in NIS and local
     directories but unlike COPS if run in fix mode it removes/renames them.

     rootchk.sh Checks roots path and makes sure that root owns the
     directories and binaries in roots path. Changes them (when run -F) if
     they are wrong. Also removes the ``.'' from the path.

     routed.sh Starts in.routed in the quiet mode (-q)

     sanity_check This isn't meant to be run by users (thus no .sh
     extension) It is called by the other scripts to check to make sure
     scripts are called with at least one additional argument (-i/-v/-f)

     sendmail.sh changes sendmail.cf adding in the option ``goaway'' so that
     telnet hostname 25" (connecting to the sendmail port) doesn't allow
     cracker to look up user info.  Note- you should also changes the
     P=/bin/sh to P=/bin/false if you can or look into using smrsh for
     servers and desktops. No firewalls TURN OFF/wrapper  sendmail on the
     firewall system.  Now would be a good time to look into VMailer.

     smtp-banner.sh modifies your /etc/mail/sendmail.cf file to hide the OS
     version you are running changes the banner from : Sendmail
     SMI-8.6/SMI-SVR4 ready at Fri, 2 May 1997 to : Sendmail Server Ready

     smtpbanner-8.8.sh Modified sendmail version 8.8 sendmail.cf to change
     the banner to give out less information.


      snmpdx-2.6.sh 2.6snmpdx.sh Simply moves aside all the snmpdx daemons
     start up files. Snmpdx give out more
     information than you really want it to. Who needs a port scanner if
     snmpdx is running?

     syslog.sh Modifies /etc/syslog.conf so that console messages are also
     saved to system log files.

     tcp-sequence.sh  Solaris 2.6 and newer. Changes the TCP initial
     sequence number generation parameters to use RFC 1948 sequence number
     generation, unique-per-connection-ID.

     userumask.sh Adds in a umask of 022 for users in /etc/skel and /etc
     files.

     utmp.sh Checks utmp and utmpx just to be sure it isn't world writeable.

     vold.sh  Turns off vold. Needed on a Firewall and Servers, but might be
     left on on desktop systems where users are allowed to mount CD's and
     Floppy disks via windowing tools.


     ziplock.sh  The final step in tightening - READ CAREFULLY -This program
     absolutely tightens perms for much of the OS. Caution after this is run
     ONLY root and group STAFF will be able  run many system functions!!!
     Not intended to be run on normal systems only those with strict access
     rules.




     Optional Modules

     This directory contains some specific case modules, where you don't
     want or need to run them except in specific configurations. They are
     put into the optional directory just so they don't get run by accident.

     anon-ftp.setup.sh  Straight from the Man page for in.ftpd. Sets up
     Anonymous ftp area in a reasonable way. This should NOT be used very
     often, only on systems that are supposed to allow anonymous ftp.  Titan
     does not run this by default.

     suid.sh This is a "check only" module. Run it once, and it will report
     the number of setuid binaries on the local file systems. EDIT the
     script once this number is known and change "known_suid" variable. On
     subsequent checks, suid.sh will check and report any new suid binaries
     that appear (on local file systems only). This is meant for audit
     purposes and possibly for use in cron. Tripwire is a much better
     solution, and if suid.sh makes you think about getting and installing
     Tripwire then its achieved its purpose.

     wwwchk.sh This program looks for a WWW (HTTP/HTTPS) server running
     locally and tries to validate permissions on any htaccess or other
     locally defined access control files. Other areas checked are
     DocumentRoot, ServerRoot permissions on any user account access control
     files e.g.; htaccess In fix mode (-f) changes will set all files/dirs
     to owner read/write/execute, group read/execute, other execute.


     Back to Titan Main Doc Page
