
This is the IRIX-security module for Rscan.  It checks for all known
security holes that are specific to IRIX 4.0.5, 5.2, 5.3 and 6.0.1.
For more information on Rscan, consult the user's guide or
take a peek at http://www.vis.colostate.edu/rscan.

Here is a list of what each of the scans does:

  IRIX-security    IRIX Security Module
                   version 1.4.0

    Scans for IRIX 4.0.5:
     CA-93.17       : Checks for the Xterm logging hole
     CA-95.05       : Checks for a good version of sendmail
     Xsession       : Checks for an xhost + entry in the Xsession file
     arp            : Checks permissions on the arp utility
     cdinstmgr      : Checks permissions on the cdinstmgr utility
     lpr            : Checks for a secure version of lpr
     rdist          : Checks for a secure version of the rdist utility
     serial_ports   : Checks permissions of the serial_ports utility
     under          : 

    Scans for IRIX 5.2:
     CA-95.05       : Checks for a good version of sendmail
     Xsession       : Checks for an xhost + entry in the Xsession file
     arp            : Checks permissions on the arp utility
     audio          : Check permissions on the audio init script
     colorview      : Check for an SUID colorview utility
     desktop.perms  : Check for the permissions desktop tool hole.
     lpr            : Checks for a secure version of lpr
     newgrp         : Checks permissions on the newgrp utility
     patch167       : Checks for the hole in the mount_dos utility
     patch65        : Checks for the monster hole in SGIhelp
     patch84        : Checks for a revised inst
     patchbase      : Checks permissions on the patchbase directory
     portmap        : Checks for secure use of the portmapper
     printers       : Checks for the hole in the printers utility
     rdist          : Checks for a secure version of the rdist utility
     serial_ports   : Checks for the presence of the serial_ports utility
     shmnumclients  : Checks the shared memory transport hole in xdm

    Scans for IRIX 5.3:
     CA-95.05       : Checks for a good version of sendmail
     Xsession       : Checks for an xhost + entry in the Xsession file
     portmap        : Checks for secure use of the portmapper
     shmnumclients  : Checks the shared memory transport hole in xdm

    Scans for IRIX 6.0.1:
     Xsession       : Checks for an xhost + entry in the Xsession file
     desktop.perms  : Check for the permissions desktop tool hole.
     portmap        : Checks for secure use of the portmapper
     shmnumclients  : Checks the shared memory transport hole in xdm

    Scans for IRIX common:
     aliases        : Check the aliases databases for proper permissions
     crontab        : Checks for proper umask settings in root's crontab
     exports        : Check for directories exported to the world
     passwd         : Checks the passwd file for null passwords, etc.
     yp             : Checks for the -ypsetme option in ypbind
     ypupdated      : Checks for the ypupdated daemon

Happy hunting,

-nate sammons <nate@vis.colostate.edu>

