The World of UNIX Security Tools

The history of UNIX security is the stuff of lore. Since its humble beginnings as a Bell Laboratories project lead by Dennis Ritchie and Ken Thompson in the late 1960s, the UNIX operating system has been programmed and hacked by successive generations of systems programmers.

In November 1988, Robert Tappan Morris released the infamous "Internet worm" that corrupted thousands of net-connected machines overnight.1 Morris, son of a top US security official, brought issues of UNIX security to the forefront of the nation's attention. The worm exposed a Pandora's Box of vulnerabilities in UNIX, including bugs in the venerable sendmail and finger programs. It also exploited the concept of "trusted hosts" in UNIX -- a mechanism developed as part of the Berkeley networking software that enabled users to execute commands from remote machines. Beyond it's immediate impact on infected systems, the worm called into question the "open lab" approach to UNIX security, which maximizes resource-sharing and trusting cooperation at the expense of formal security controls. It represented a turning point -- from the worm on, many UNIX installations have had to reconsider their security standing.

In the wake of Morris' worm attack, the UNIX community expended considerable energy to beef up security. Several leading organizations formed CERT (Center for Emergency Response Teams), which to this day is the number one source of information regarding security problems in UNIX systems.2 Vendors patched holes and increased their efforts to make sure updates were adopted by their customers. Perhaps most significantly, UNIX programmers developed an arsenal of new security tools and made them freely available on the Internet.

As a result, every UNIX sysadmin now has a toolbox of security tools at his or her disposal. Many of these tools and capabilities are built into modern UNIX implementations. Indeed, there is a major trend toward incorporating and bundling security tools in both commercial and free UNIX implementations. In many cases, however, UNIX systems need to be hardened -- either a needed capability is not included or it is insufficient. Older systems in particular may be lacking in security protections. In other circumstances, even a modern UNIX box may need additional security functionality. Whether you're running a crusty old NeXT box designed with nominal security protection or a spanking new Solaris 7 box with the latest security programs, your system's security standing needs to be closely tailored to the security vulnerabilities it might face. Add-on security tools can help.

Note that many UNIX security tools are "free" both in the sense of not costing money and in the sense that you're free to deploy them without strict licensing or other restrictions. Be forewarned: none of them are "free" in terms of the time needed to find, understand, implement, and run them. To paraphrase Richard Stallman: think "free speech" rather than "free beer."

The "free tool" trend has greatly accelerated in the past few years with the advent of the "open source" movement. The Internet has fostered a vast gift economy in which value -- from free content to free programs -- is freely exchanged. The Internet has facilitated the formation of virtual teams of programmers developing everything from operating systems (Linux) to server software (the Apache web server) to sophisticated end-user applications (the Mozilla web browser).

1. For detailed accounts of the worm, see the papers by Donn Seely ("A Tour of the Worm"), Mark W. Eichin and Jon A. Rochlis ("With Microscope and Tweezers"), and Eugene H. Spafford ("The Internet Worm Program: An Analysis") collected at
and a follow-up by Spafford at

2. See

Excerpt from Unix System Security Tools by Seth T. Ross
Copyright © 1999 by The McGraw-Hill Companies. Used with permission.
HTML Copyright © 1999




Albion Home | Netiquette | Netdictionary | Security

Copyright © 1990-2005 and Seth T. Ross