COPS (software)
From Wikipedia, the free encyclopedia
COPS was the first common Unix computer system security scanning tool, created by Dan Farmer; Gene Spafford helped him start it in 1989 while Dan was in summer school at Purdue University.
[edit] Features
COPS integrates around 12 small security check programs which review the security state of the system it is run on. These programs look for (from the COPS README.1 file):
- file, directory, and device permissions/nodes
- poor passwords
- content, format, and security of password and group files
- programs and files run in /etc/rc* and cron(tab) files
- existence of root-SUID files, their writability, and whether they are shell scripts
- a CRC check against important binaries or key files
- writability of users home directories and startup files
- anonymous ftp setup
- unrestricted tftp, decode alias in sendmail, SUID uudecode problems, hidden shells inside inetd.conf, rexd in inetd.conf
- miscellaneous root checks -- current directory in the search path, a "+" in the /etc/host.equiv file, unrestricted NFS mounts, ensuring root is in /etc/ftpusers
- checking dates of CERT advisories vs. key files.
- the Kuang expert system
COPS was the forerunner of the SATAN network security scan tool. COPS is generally considered obsolete, but it is not uncommon to find systems which are set up in an insecure manner that COPS will identify.