
Copyright (c) 1990 Marco Negri & siLAB Staff

Permission to use, copy, modify, and distribute this software and its
documentation for any purpose and without fee is hereby granted, provided
that the above copyright notice appear in all copies and that both that
copyright notice and this permission notice appear in supporting
documentation, and that the name of the authors not be used in advertising
or publicity pertaining to distribution of the software without specific,
written prior permission of the authors.
The authors makes no representations about the
suitability of this software for any purpose.  It is provided "as is"
without express or implied warranty.

Please send any improvements, bug fixes, useful modifications, and comments
to security@ghost.unimi.it

System Manager Hackers check.


This package contains :
	- Scheck : Checks Files.
		Runned by cron compares a list of files read from
		stdin (by default starts find with "Set User Id on Execution"
		Search pattern) with a previus builded db.
		In this db every file have associated various info :
			- Owner id
			- Group id
			- permissions & mode
			- Last modification time
			- size
			- Inode & Device number
			- checksum
		Furthermore it checks some particular conditions as
		writable files.
		If any problem is encountered, it sends warning message
		using our alert library described below.
		If no one is logged, this program try to fix the security 
		problem. An exact description of what is changed is also mailed
		to the configured users.
		Scheck can make the db file too.

	- Suchk	: Checks the "su" operation. Polls /usr/adm/sulog, or 
		another file with the same format.
		If any problem is encountered, it sends warning message
		using our alert library described below.
		(BSD: Please read NOTICE on suchk in the file INSTALLATION).

	- Logchk: Checks every login operation recorded in /etc/wtmp.
		First loads a configuration file that describe the
		list of legal associations between tty/host and users.
		There are two possible problems:
			- A login on a confugured tty/host that do not
			  match the configured users (from that tty/host).
			- A login by any configured user on a tty/host
			  not explicitely authorized.
		If any problem is encountered, it sends warning message
		using our alert library described below.

	- Pwdchk: Sends a warning message, using our alert library
	described below, when a change on /etc/passwd that interests
	an uid less than the uid specified on the command line is encountered.

	- getfinger: this program makes a finger on remote machines
	  whenever are done external connections. So you can verify
	  who was logged on on the remote machine when it asked for 
	  a connection.

Our alert library loads a configuration file that contains the list
of users to whom notify the possible problems mentioned above.
When called advise these users sending a terminal message (if possible)
and a mail (always).
See also "INSTALLATION" file, for installation guidelines.

				Marco & Staff

P.S.:	Sorry, we still haven't found the time to write down the docs & mans.
	In future.......
