EROS DATA CENTER ************************************BOUNCER************************************ Directory [.BOUNCER] BOUNCER is yet another idle terminal killer. The differences between BOUNCER and other idle terminal killers are that the killing is optional and the entire process tree is examined as one unit. This is a re-submission of BOUNCER. Changes have been made to handle special cases... some software must be eased off the system gently. Also, some optimization has been done, bouncer now uses less than .2% of the CPU (typically). Bouncer has also been revised to work under V4 (although older versions will still work). Other changes have been noted in AAAREADME.TXT in [.BOUNCER]. The problem where bouncer "freezes" has apparently been fixed, though not intentionally... ********************************* CHECKER ************************************** Checker is a program to be used by "paranoid" system managers who are afraid that their users are choosing passwords which are in the dictionary. Checker reads one file containing the usernames of those users to check and a dictionary file containing those passwords to try. The dictionary which I used is a combination of several spelling dictionaries which I combined, and then added some local terms, names and acronyms (that's what the government runs on). I ran this over the weekend on both of our VAX 780's. Out of a total of 140 usercodes, checker found the passwords to 85 of them, although most were the same on both systems. I used a 93,000 word dictionary and it ran in about 31 hours. This program is a real pig! I suggest that you let it run over the weekend or even during the week at priority 1. The output is currently set up to print stars by the usernames whose passwords could be determined. You may change a flag to force it to tell you the passwords found, but this is a bigger security hole than the original problem. Because of this, I strongly suggest that you compile it to use stars and then remove the source from your system in order to keep others from abusing it. NOTE NOTE NOTE NOTE NOTE NOTE NOTE NOTE NOTE NOTE NOTE NOTE NOTE NOTE NOTE NOTE This program will not function without the routines VALIDATE.B32, HPWD.MAR and UTILDEF.REQ which are part of LOGINOUT. Since these are protected by DEC copyrights, I cannot include these routines, their object code or an executable containing them. What I can do is tell you that it only takes a couple hours (for a slow typist) to input these routines off of the source fiche (you may leave out the comments). ********************************* PASS *************************************** Pass is a program that prevents users from re-using passwords. This will keep users from setting their password and then setting it back to the original in order to thwart the UAF password timeout. Pass reads a file containing the usernames of all users on the system, and reads the UAF to find their current password in its encrypted form. It then checks a password history file to see if they have re-used a password. The history has a 20 password memory. Since Pass only runs once each day (at midnight), the user would have to change their password once a day for 20 days before he would be allowed to re-use one. When Pass finds one that has been re-used, it writes an entry in output.tmp, which is then used to alert the system manager via mail. The user will also arrive the next morning to find that their password has been timed out, and they will have to change it again! (this can be disabled in daily.com) If a username is deleted and then re-added, their salt (used in encrypting their password) will probably be different. If the salt changes for a given user, pass will zero out their password history to avoid errors. Daily.com will run in less than one minute on an idle 11/780 with about 90 usercodes. For initially setting up the masterold file, type "@first". This will initialize some stuff, and then it will submit daily.com to sys$batch at priority 4 with /after=tomorrow. Daily.com will re-submit itself each day and will produce and purge (but not print) a log file. NOTE NOTE NOTE NOTE NOTE NOTE NOTE NOTE NOTE NOTE NOTE NOTE NOTE NOTE NOTE NOTE This program will not function without the routines VALIDATE.B32, HPWD.MAR and UTILDEF.REQ which are part of LOGINOUT. Since these are protected by DEC copyrights, I cannot include these routines, their object code or an executable containing them. What I can do is tell you that it only takes a couple hours (for a slow typist) to input these routines off of the source fiche (you may leave out the comments). Actually, pass only uses the validate routine, and even that would not be necessary if I were more comfortable with writing my own rms routine to read the UAF, but for now I'll stick with the tried and true. *********************************** SU ***************************************** SU is a program which I wrote to allow us to eliminate several privileged usercodes. When SU is run, it gives the user SETPRV privilege if they can supply the password to the SYSTEM signon. The next time SU is run, it takes away SETPRV along with any privileges that the user is not authorized for. The premise here is that it is easier to keep a single privileged password secure that ten or more. NOTE NOTE NOTE NOTE NOTE NOTE NOTE NOTE NOTE NOTE NOTE NOTE NOTE NOTE NOTE NOTE This program will not function without the routines VALIDATE.B32, HPWD.MAR and UTILDEF.REQ which are part of LOGINOUT. Since these are protected by DEC copyrights, I cannot include these routines, their object code or an executable containing them. What I can do is tell you that it only takes a couple hours (for a slow typist) to input these routines off of the source fiche (you may leave out the comments). ********************************** TREE **************************************** Tree.com is a command file which produces a directory tree of a specified disk or disk family. No files or file information is given, only directory names. This command file was written to use BYPASS privilege, but SETPRV will also work. To use, type; @TREE diskname: or @TREE Omission of a disk name causes TREE to use your current default disk SYS$DISK. Several temporary files are created, but the final output is TREE.DAT in you current directory. Since TREE gets its information from the DIRECTORY utility, any V5 changes could change the positioning of certain data within a print line. If this happens, it should be quite simple to fix the problem. Here is a sample output; Directory tree of DEV: [ACEVEDO] [ACEVEDO.TAE] [EGNET] [EGNET.V13] [EGNET.V13.BIN] [EGNET.V13.FT] [EGNET.V13.INCLUDE] [EGNET.V13.KERNEL] [EGNET.V13.KERNEL.TESTS] [EGNET.V13.LASNCP] [EGNET.V13.LOGFILES] [EGNET.V13.NTV] [EGNET.V13.SESSION] [EGNET.V13.SESSION.ACTIVATE] [EGNET.V13.SESSION.CLIENT] [EGNET.V13.SESSION.DOCUMENT] [EGNET.V13.SESSION.INSTALL] [EGNET.V13.SESSION.LNT] [EGNET.V13.SESSION.MANAGER] [EGNET.V13.SESSION.TOOLS] [EGNET.V13.TABLES] [EGNET.V13.TAE] [EGNET.V13.TRANSPORT] [EGNET.V13.TRANSPORT.NETWORK] [EGNET.V13.TRANSPORT.TESTS] [AIR] [AIR.COPY] [AIR.DATA] [AIR.DRIVER] [AIR.NEWUG] [AIR.NEWUG.COPY] [AIR.NEWUG.DATA] [AIR.NEWUG.DATA.COPY] [AIR.NEWUG.DATA.DATA] [AIR.NEWUG.DATA.DRIVER] [AIR.NEWUG.DRIVER] [AIR.PARMS] [AIR.TAE] [AIR.TAE.RIPS] [AIR.TAEV1] [AIR.TXT] [AIR.UGLY] [AIR.VMS] ******************************************************************************** * DISCLAIMER * DISCLAIMER * DISCLAIMER * DISCLAIMER * DISCLAIMER * DISCLAIMER * SU, PASS and CHECKER could be very dangerous in the hands of a typical hacker. Neither I nor the U.S. Geological survey assume any responsibility whatsoever for any use, misuse or abuse of this software. This software is provided with the intent that system managers will use it wisely to better enhance their security. * DISCLAIMER * DISCLAIMER * DISCLAIMER * DISCLAIMER * DISCLAIMER * DISCLAIMER * ******************************************************************************** Several programs use the STDEDC.H and DESC.H include files, which are located in the [EROS] directory. I was unable to determine if DESC.H is ours or if it came from DEC, and since their name wasn't in it, I have included it here. EROS stands for Earth Resources Observation Systems and is not related in any way with the skin mag of the same name. We are a government agency which primarily stores, enhances and sells LANDSAT and other imagery. Written and submitted by: Thomas Bodoh U.S.G.S. / EROS data center Mundt Federal Building Sioux Falls, SD 57198 (605) 594-6830