To enable AZScan to work, you have to give
it copies of 4 files from the Unix system being reviewed. These files
are either simply copied by the system manager for you and fed into
the software for review.
1. The password file
This file is normally called /etc/passwd and looks like this:
root:x:0:1:Superuser:/:
daemon:x:1:1:System daemons:/etc:
bin:x:2:2:Owner of system commands:/bin:
sys:x:3:3:Owner of system files:/usr/sys:
adm:x:4:4:System accounting:/usr/adm:
uucp:x:5:5:UUCP administrator:/usr/lib/uucp:
2. The shadow file
This file is normally called /etc/shadow and looks like this:
acdrm:WxWe0sfymi/J8:9694::
lch:0.vsmJYWoUCx.:9682::
krp:MmOXu5Iyt8fkA:9686::
accwa:DFfv7O3HPguLi:9700::
aod:GwY6jJSZzhQH.:9688::
sad:doeG9VoauA2Pw:9701::
On some operating systems, the location of the shadow file can change.
Below are some alternative locations.
BSD4.3-Reno /etc/master.passwd
ConvexOS 10 /etc/shadpw *
HP-UX /.secure/etc/passwd *
OSF/1 /etc/passwd[.dir|.pag] *
Ultrix 4 /etc/auth[.dir|.pag] *
UNICOS /etc/udb *
3. The group file
This file is normally called /etc/group and looks like this:
bin::2:bin,daemon
sys::3:bin,sys,adm
adm::4:adm,daemon,listen
uucp::5:uucp,nuucp
mail::7:
asg::8:asg
network::10:network
4. The directory file
This file does not normally exist on a Unix system and is the one file
that has to be created using the ls command. (On a PC this is the dir
command.)
First go to the root directory using the command CD . This is the very
top level directory on the Unix system. (On a PC it would be CD C:\)
Note the . after CD.
Next issue the ls command with extra parameters ls
-laRF > DirFile.txt
This command produces a complete directory listing of the system with
dates, file sizes and permissions. A sample of this is shown below.
drwxr-xr-x
18 root bin 640 Jul 29 11:31 ./
drwxr-xr-x 18 root bin 640 Jul 29 11:31 ../
-rw------- 1 root other 3 Aug 09 1994 .defprint
-rw------- 1 root other 59 Sep 20 1994 .desked_pref
-r-------- 1 root auth 0 Jul 23 15:54 .lastlogin
-rw------- 1 root root 15 Dec 14 1991 .mailrc
-rwxrwxrwx 1 root root 751 Dec 14 1991 .profile*
-rw-r--r-- 1 root root 833 Mar 21 1994 .utillist2
drwxr-xr-x 2 bin bin 2032 Jan 12 1994 bin/
-r-------- 1 bin bin 77981 Jun 05 1992 boot
drwx------ 2 root other 32 Jan 07 1970 clipdir/
The output of this command is fed into a newly created file called DirFile.txt
or any name you choose. The resultant file is copied to the PC for UScan
to review and is referred to as the 'directory file'.