hi ,
This isn't straight forward , it depends what is running on your system , and what services are required you can do simple checks such as running :-
usrck -n ALL
grpck -n ALL
pwdck -n ALL
find / -type f -perm 0666 -print ( you can do directories , files with suid ) and get a list
check permissions of /etc files i.e. passwd inetd.conf syslog.conf inittab sendmail.cf ( may be in /etc/mail onnew version )
if you are using nfs check exports files , what is being exported
find / -name ".rhosts" -print
( see who has .rhosts set and do they need it
also .netrc
These are some of the basic checks you can run , as you probably can gather the output can be huge depending on what is running on your system
Other checks you can run and if necessary turn off but requires a more investigation are:-
1. are you using SSH if so can you turn off telnet,ftp
2. what services can be stopped that are not being used i,e
lssrc -a
check /etc/rc.tcpip see which ones can be turned off if so insert a comment
3. run netstat -af inet
check which services are listening can you turn off timed,talkd.daytime etc..
4. Do you use the r commands and need them if not can
you cange permissions say to 444 e.g
chmod 444 /usr/bin/remsh
chmod 444 /usr/bin/rlogin
chmod 444 /usr/bin/ruptime
chmod 444 /usr/bin/rwho
chmod 444 /usr/sbin/rexecd
chmod 444 /usr/sbin/rlogind
chmod 444 /usr/sbin/rshd
chmod 444 /usr/sbin/rwhod
chmod 444 /usr/bin/rcp
chmod 444 /usr/bin/rdist
chmod 444 /usr/bin/rexec
chmod 444 /usr/bin/rsh
so users cannot run them
5. Do you allow users to login direct to servers or have individual accounts then can su to root ?
these are just some of the things you can check , and scripting the first bit about permissions is straight forwared but it depends on how you would solve the issues all depending on whether the application requires them or not
HTH
