COPS (software): Difference between revisions

This article is about the software. For the governing body "Conference of the Parties", see COP16.

The Computer Oracle and Password System (COPS) was the first vulnerability scanner for Unix operating systems to achieve widespread use. It was created by Dan Farmer while he was a student at Purdue University. Gene Spafford helped Farmer start the project in 1989.

Features

COPS is a software suite comprising at least 12 small vulnerability scanners, each programmed to audit one part of the operating system:^[1]

• File permissions, including device permissions/nodes
• Password strength
• Content, format, and security of password and group files (e.g., passwd)
• Programs and files run in /etc/rc* and cron(tab) files
• Root-SUID files: Which users can modify them? Are they shell scripts?
• A cyclic redundancy check of important files
• Writability of users' home directories and startup files
• Anonymous FTP configuration
• Unrestricted TFTP, decode alias in sendmail, SUID uudecode problems, hidden shells inside inetd.conf, rexd in inetd.conf
• Various root checks: Is the current directory in the search path? Is there a plus sign ("+") in the /etc/host.equiv file? Are NFS mounts unrestricted? Is root in /etc/ftpusers?
• Compare the modification dates of crucial files with dates of advisories from the CERT Coordination Center
• Kuang expert system^{[further explanation needed]}

After COPS, Farmer developed another vulnerability scanner called SATAN (Security Administrator Tool for Analyzing Networks).

COPS is generally considered obsolete, but it is not uncommon to find systems which are set up in an insecure manner that COPS will identify.

References

1. COPS README.1 file^{[full citation needed]}

External links

• COPS
• Citeseer entry for the COPS Usenix paper