                     [Image]  TITAN's view of the world

  ------------------------------------------------------------------------

     TITAN 3.0.4 SunOS 4.1.X

     Descriptions as to what each module does.

     Titan-Config This script  figures out which OS you are using and makes
     the appropriate links from the topmost directory to the shell scripts
     accordingly.

     Titan Titan runs all the shell scripts in the $TITANDIR/bin/modules
     directory that are a) files and b) executable. Titan accepts the -C
     (config + [filename]), -I (intro), -F (fix) or -V (verify) flag.

     Titan.top just a copy of Titan with the paths changed so that when
     Titan-Config makes a copy in the topmost directory things work as
     intended.

     TitanReport This module runs all titan modules in the "-verify" mode
     and sends the results via e-mail. This is intended to run as a cron job
     or as a audit utility. See the FAQ for more.

     Sample.Server, sample.config , and sample.list  These files are used as
     templates for  use when running "Titan -c config-file" . See the FAQ
     for more in sample.configs

     backtit.sh This modules is called by "Titan-Config" when run
     "Titan-Config -i" (install). Backtit.sh makes a backup copy of all the
     files Titan modifies (tbacktit.sh currently does not backup file
     permission changes)

     untit.sh Untit.sh is called by "Titan-Config" when run 'Titan-Config
     -d" (deinstall) Untit.sh replaces the files modified by Titan with the
     origional un-secure versions, and is provided as a recovery mechanism
     if we were to agressive about securing the system.

      aliases.sh aliases.sh goes through /etc/aliases looking for "|" and
     disabling them when found.

     decode.sh checks /etc/aliases for decode alias, and removes it.
     Separate from aliases.sh since you may have a different policy for
     servers and desktops. This one only removes the decode alias not the
     other "|" from /etc/aliases.

     duplicate-root.sh Checks for any accounts that are uid 0 that are not
     named "root"

     hosts-equiv.sh Checks for the infamous "+"  in /etc/hosts.equiv

     inetd.conf.sh Disables most all  inbound services from /etc/inetd.conf.
     These daemons give out information or are potential "denial of service"
     problems. rexd, ftp, finger, systat, netstat, rusersd, sprayd, and
     walld.  Modify the chatty daemons variable to add subtract things you
     wish to leave running.

     is_root this is not intended to be run by users. The other scripts call
     this as a generic check for execution as root.

     mkshadow.sh This script was modified from a script originally written
     by Scott Leadley. The script sets up shadowed password files in SunOS.
     A required piece is the rpc.pwdauthd either from SunOS C2/BSM package
     or from the patch containing rpc.pwdauthd.

     optional directory. This directory contains two compressed tar files.
     The first one noshell.tar.Z contains a replacement program for the
     login shell of non-users such as "bin" or "lp" This code was written by
     Michele D. Crabb, and is not a part of Titan or Titan's License
     agreement. It is provided here strictly because I think its a useful
     program and an enhancement to titan functionality. The second piece in
     the optional directory is a NON-Supported (by Sun) patch for the SunOS
     kernel which turns off the forwarding of source routed packets. The
     file is called source-routing-patch.tar.Z for obvious reasons. I
     originally released this back in 1991 to the firewalls alias.

     passwd.sh Check for accounts with no password

     rhosts.sh Check for null /.rhosts and of course "+" in /.rhosts

     rootpath.sh Check root's path for the infamous "."

     rootchk.sh A more strict version or rootpath.sh. This one also changes
     any files listed in roots path to be owned by root. important such that
     others can't modify binaries that root may run.

     routed-quiet.sh Move /usr/etc/in.routed to
     /usr/etc/in.routed.asetorigional then build a wrapper starting routed
     -q. This is done to be compatible with the ASET package.

     sanity_check This isn't intended to be run by users (thus no .sh
     extension) It is called by the other scripts to check to make sure
     scripts are called with at least one additional argument (-i/-v/-f)

     tftp-disable.sh check that tftpd disabled used for systems that are not
     Diskless Servers

     tftpServer.sh Add secure tftp switch Diskless Workstation Server

     ttytab.sh Fix ttytab to disable b -s problem

     tune-perms.sh. Runs a modified file permission fixes from 100103-12
     patch Tune attributes on file system objects This portion will set file
     system object permissions to a more secure setting.

     utmp.sh Checks /etc/utmp to ensure its not world writeable.

     uucp-disable.sh Disable login shell for uucp

     ypserver-client.sh Checks that /etc/passwd on ypserver does not have
     the client line of ":0:+"




     Back to Titan's Main Document
