COPS (software) explained
The Computer Oracle and Password System (COPS) was the first vulnerability scanner for Unix operating systems to achieve widespread use. It was created by Dan Farmer while he was a student at Purdue University. Gene Spafford helped Farmer start the project in 1989.
Features
COPS is a software suite comprising at least 12 small vulnerability scanners, each programmed to audit one part of the operating system:[1]
- File permissions, including device permissions/nodes
- Password strength
- Content, format, and security of password and group files (e.g., passwd)
- Programs and files run in
/etc/rc*
and cron(tab) files
- Root-SUID files: Which users can modify them? Are they shell scripts?
- A cyclic redundancy check of important files
- Writability of users' home directories and startup files
- Anonymous FTP configuration
- Unrestricted TFTP, decode alias in sendmail, SUID uudecode problems, hidden shells inside
inetd.conf
, rexd
in inetd.conf
- Various root checks: Is the current directory in the search path? Is there a plus sign ("+") in the /etc/host.equiv file? Are NFS mounts unrestricted? Is root in
/etc/ftpusers
?
- Compare the modification dates of crucial files with dates of advisories from the CERT Coordination Center
- Kuang expert system
After COPS, Farmer developed another vulnerability scanner called SATAN (Security Administrator Tool for Analyzing Networks).
COPS is generally considered obsolete, but it is not uncommon to find systems which are set up in an insecure manner that COPS will identify.
External links
Notes and References
- COPS README.1 file