SETUID: Making Unix secure

SETUID: Making Unix secure

SETUID is a tool designed to make a Unix system secure. This is done by forcing every program to run with an absolute minimum of priviliges, and making the interfaces between the parts explicit and managed by a central program (setuid) and a central set of rules (written in the language recognized by the setuid program).
SETUID was orginally written (by me) for a bank in the Netherlands. It has achieved all its design goals:

  • Drastically improving system uptime;
  • Reducing downtime due to operator error (no more inexperienced root-users allowed);
  • Securing the system against unauthorized access.
  • There have been 180 offices (branches of the bank) running this setup.
    Unfortunately, the bank decided that Windows 3.1 clients and Novell servers were the way to go, so the OS/2 clients and Unix servers were thrown out. IVT was the terminal emulator used to access the Unix servers from the OS/2 clients. Remote service of the Unix boxes was done with IVT (because of the Challenge/Response protocol) and SETUID to manage the priviliges required for the support personnel.
    The BR program was used to to backup/restore actions on the Unix box.
    All these tools were developed by me, and are now available to anyone who is interested. I'm trying to prepare this stuff for general release, rewriting the manuals in English, porting the stuff to the most popular *nix versions and so on, but can't seem to find the time required as IVT is eating up all avaliable keyboard time :-(
    The current version is provided here "as is". The manual is about 90% finished, the simple "configure" script should work for AIX 4, AIX 5.1, AIX 5.2, Linux, SYSVr4, HP-UX 10 and HP-UX 11. No Solaris.
    Comments welcomed.

    The following files are provided:
    setuid.tar.gz

    blogger counter

    View My Stats