|
The Scan process involves: creating the Scan software (SEKUNEXT); transferring SEKUNEXT to the Host system; executing SEKUNEXT; transferring the Scan/output files off the UNIX Host.
SekChek for UNIX will run on any system that supports the Bourne shell. E.g. AIX, BSD, DG-UX, HP-UX, Linux, Red Hat, SCO and Solaris.
Create the SekChek for UNIX Scan software
From the SekChek Client software on your PC: select the UNIX tab; click Create to create the Scan software.
Use the root account for the Scan
For correct results use the root account for the following operations.
1. Transfer the Scan software to the UNIX host
Copy file SEKUNEXT to a directory on the UNIX system.
Important! Specify binary (not ASCII) in your copy utility to ensure CR/LF characters are properly converted.
2. Ensure the root account has authority to execute the Scan software
From the shell prompt enter: chmod 700 /tmp/SEKUNEXT
(where tmp is the name of the directory containing SEKUNEXT)
3. Change your Working Directory to the desired output directory
From the shell prompt enter: cd /tmp
(where tmp is the name of the directory to contain SekChek’s output files)
SekChek will automatically create a sub-directory (in step 4 below) named sekchek in your working directory and write it’s output files to it. E.g. if your current working directory is ‘/tmp’, the Scan files will be written to ‘/tmp/sekchek/’.
You should ensure the partition has 20Mb of free space for SekChek’s output files.
4. Execute the Scan software
From the shell prompt enter:
- sh (to ensure you are in the Bourne shell)
- /tmp/SEKUNEXT (no spaces)
- (where tmp is the name of the directory containing SEKUNEXT)
The software will display prompts to scan details of:
- Programs that Switch User Id (SUID)
- Permissions on programs in the system search path
- Files with world writeable permissions
- Encrypted password information
- Permissions on files stored on NFS mounted volumes
If you are not interested in this information we recommend you reply ‘N’. This is because on hosts with large file systems it can take several hours to scan file permissions.
5. Transfer the Scan file off the UNIX host, clean-up
After the Scan software has completed:
- Copy the output file(s) in directory /pathname/sekchek/ off the host system.
Ensure you specify ‘binary’ (not ASCII) mode in the copy operation.
- Delete all files in directory /pathname/sekchek/. E.g. rm /tmp/sekchek/*.
Ensure you enter this command correctly, otherwise you risk deleting many other files!
- Remove sub-directory /sekchek. E.g. rmdir /tmp/sekchek
Basic ftp commands...
We provided the following prompts in case you have to run ftp from a command-line.
Start an ftp connection with host 123.456.78.90: ftp 123.456.78.90
Change the default directory on the remote machine to e.g. /tmp: cd /tmp
Change ftp’s transfer mode to binary: binary
Copy a file from the current directory on the remote host to the current directory on the local system:
get myfilename [myfilename]
Copy a file from the current directory on the local system to the current directory on the remote host:
put myfilename [myfilename]
Exit ftp: quit
The values inside square brackets [ ] are optional.
To create a sub-directory on the UNIX host, enter the following from the shell prompt on the UNIX host:
mkdir /tmp/mydir
(the command will create a sub-directory called ‘mydir’ in directory ‘/tmp’)
|