----------------------------------------------------------------------------
                                                        The Florida SunFlash

                Third Party Product Announcements 1

SunFLASH Vol 39 #19					          March 1992 
----------------------------------------------------------------------------
           RasterFLEX - Sbus-based Raster Accelerators
         Performance Monitor now available on SUN, etc.
        [alt.security] New Version of COPS is out (1.04)
--------------------------------------------------------------------------------
From: 		marvin@vitec.com (Kyle Marvin)
Newsgroups: 	comp.newprod
Subject: 	RasterFLEX - Sbus-based Raster Accelerators
Organization: 	VITec


                    *** THE MASTER RASTER BLASTER ***

VITec RasterFLEX(TM) accelerators expand the power of your Sun SPARCstation
for true-color applications.  RasterFLEX accelerators are plug-and-play;
application programs using NeWS, X11, or SunView can be run without
modification.  

Features of the RasterFLEX accelerator cards include:

	- SIMULTANEOUS 8-bit and 24-bit windows
	- Fast 32-bit windowing environment
	- 4- or 8-bit non-destructive GRAPHIC OVERLAY capability
	- Accelerated windowing functions, raster operations, and I/O
        - Software environment includes X Window System (X11R4) or 
          OpenWindows 3.0, and SunView (8-bit only).
	- Optimized versions of OpenWindows 3.0 and X Window System (X11R4)
	- Two full 8:24 or 24:24 lookup tables plus 4-bit overlay table.
	- LUT bypass capability for 8-bit StaticGray or 24-bit TrueColor 
          windows (use no hardware lookup table space)
	- Supported Hosts: SPARCstation 1/1+, SPARCstation IPC,
                           SPARCstation 2, SPARCstation IPX
	- Requires SunOS 4.1 or later

The RasterFLEX-32 is a SINGLE SLOT SBus card (dimensions 3.3" x 5.776")
and offers a choice of video formats: 1152x900 or 1024x1024.

The RasterFLEX-HR (High Resolution) is a double slot SBus card (dimensions
6.7" x 5.776") supporting 1280x1024 video resolution.

The RasterFLEX-32 lists for $3,995, and the RasterFLEX-HR lists for $5,895.
Discounts for VARs, ISVs, and educational institutions are available;
volume discounts are available as well.

For more information contact:   Mr. Winston Guillory          (214) 596-5600
                                VITec                      or (800) 325-6467
                                3460 Lotus Drive
                                Plano, TX 75075

Or send E-mail to:              rasterflex-info@vitec.com
                             or uunet!vitec!rasterflex-info

--------------------------------------------------------------------------------
From: 		berry@socrates.umd.edu (Joseph Berry)
Newsgroups: 	comp.newprod
Subject: 	Performance Monitor now available on SUN, etc.

Strategic Software Group (SSG) is announcing the release of its new
version of PROBE/X, the multi-platform performance monitoring tool,
now available on Sun SparcStations.

PROBE/X provides utilization information on all hardware resources
such as CPU, memory, and disks, terminals and network performance. It
also provides detailed information on kernel resources and kernel
subsystems.  PROBE/X displays utilization information of all resources
on a per-process, and per-user basis allowing its data to be used as a
sophisticated charge-back accounting package. PROBE/X captures live
system response time characteristics on a system-wide or per process
basis and can be used to accurately monitor service-levels or to
benchmark new applications.  PROBE/X provides system managers with
detailed diagnostic screens for analyzing process activity and
performance bottlenecks.

Statistics can be displayed or logged for CPU, memory, and I/O metrics
on a global, process, user, terminal, or device-specific basis.
PROBE/X is available on a number of additional UNIX platforms
including System V and BSD derivatives and provides common metrics
across UNIX variants.  Prices start from $495 and vary according to
the hardware platform.

Strategic Software Group, Ltd.
11050 5th Avenue NE
Suite 101
Seattle, WA  98125

phone:  206-362-2231
e-mail: sales@ssgltd.com
        uunet!ssgltd!sales
--------------------------------------------------------------------------------
From: 		zen@death.Corp.Sun.COM (d)
Newsgroups: 	comp.archives
Subject: 	[alt.security] New Version of COPS is out (1.04)

Archive-name: auto/alt.security/New-Version-of-COPS-is-out-1-04


I don't think I posted this here; version 1.04 of COPS, a UNIX security
checking toolkit, was posted to alt.sources recently.  You may also
get it via anonymous ftp at archive.cis.ohio-state.edu and cert.sei.cmu.edu,
in ~pub/cops.  I'm enclosing the "cover_letter" file which is included
in the distribution, which goes over the new features, changes, etc.

  Enjoy --

 -- dan

========================


 Women and men of the net, greetings...

  Gone are the days when COPS was sleek, trim, and new.  It has joined
the ranks of modern software -- bloated, overladen with potentially
useless features, overhyped and underloved.  Here are the latest changes,
additions, and bug fixes to COPS -- this brings it up to version 1.04, for
those who care.  I skipped version 1.03 because the beta copy that I put
out is so hopelessly out of date that it didn't make a lot of sense to
continue with 1.03.  Anyway, my personal stash (the latest copy) should
be available via anon-ftp at archive.cis.ohio-state.edu (128.146.8.52),
in ~pub/cops/1.04.  In this header, I'll go through some thoughts,
background notes, then finally get to the changes made, so if you don't
want to listen to me, just unpack the shar files, read the README file,
follow instructions, and you should be ready to roll.

  For those who don't know, COPS is a static security checking tool that
checks common (mostly) procedural problems of a Un*x system.  It basically
takes a snapshot of a system, and then generates a report of it's findings.
On a purely empirical basis, over the years it has successfully discovered
problems that could compromise root on more than 3/4 or more of the systems
I've run it on; of course, the idea here is not to break root, but to let
someone fix the problems it shows.  Note, of course, that it gives info
indiscriminately, to whoever runs it.  Decide if you do or don't want to
learn about the information it can give about your system, but remember --
someone else probably already has it.

  After writing COPS, I started working for CERT.  I had always suspected,
but didn't know, that most breakins were caused by pretty trivial problems...
now I *know* it's true (or at least the ones we've found out about :-)).
In the breakins I've seen while working for CERT, using COPS probably could
have prevented 60-75% of them.  The most common problems?  Poor passwords,
guest accounts, accounts with no passwords, and improperly managed systems
(+ in host.equiv, poorly set up remote daemons, etc.)  Interestingly, to
me at least, I wrote the original intro to COPS over two years ago.
How times don't change... I was worried this would be fairly obsolete soon,
but it looks like it'll be good at least for another few years.

   The kit is broken into modules, each one driven by a master shell script;
you can usually get it running within 30 minutes or less if you've never used
it before (5 or 10 if you only scan the README); if you've used it in the
past, you can set it up on a new machine in a minute or two.  With no
modifications, it usually takes somewhere 2 to 30 minutes to generate a
report; however, the password cracking program can add lots of time to this,
depending on the options.  There is also a SUID finder, which can also take
a long time (hours) to run, since it does a "find" on "/".  There's a new
option that tells it not to mail a report if the results are the same as
the last report, so you can just stuff it into cron and wait until a report
comes around.  Of course, if someone breaks in, changes cron, and you just
rely on COPS, then you're f*cked anyway.  Use it as a tool, not as a crutch.

   Ok, changes... The main thing is that the whole thing (more or less)
has been ported to perl; both shell and perl versions are included and
will probably be supported in the future.  They have various differences,
some intentional, some not, but I have attempted to keep them as similar
as possible.  Tom Christiansen did a large part of the work on this part
(thanks again, tom!), but there were several people involved in the perl
work... see "README.perl" and the perl subdirectory for more info.  Warning;
the perl version, for a variety of reasons (mostly detailed in "README.2.pl"
is not as robust as the shell version.

  There is one new major module here -- "bug.chk" (all of this is
in the subdirectory "bugs").  This takes most of the CERT security
announcements (those relating to bugs and vulnerabilities, at least) and
attempts to see if your host might have the problem.  Some problems come
up with a good way to check for these problems, not the least of which is
that I am taking a very conservative route (i.e.  probably not a very good
way of handling it) to see if a host has bugs.  See the man page for
"bug.chk" for more details.

  In addition, there is a new program, a kind of "personal-cops",
called "checkacct" (found in the directory of the same name.)  This 
interactive program does a variety of checks, some done in cops, some not
(searching for individual S[UG]ID files, writable user directories,
.rhosts parsing/checking) that can be run by an individual to check
their account security.  This was done by some friends at purdue,
most notably shabbir safdar.

  Here are the rest of the major changes I can think of:

-- a new program, "carp" (look in the "carp" subdirectory), looks at
COPS output from several machines (presumably from your network) and
attempts to give a kind of scoresheet of what it found wrong with your
system, with weighted values.  It outputs either standard text, postscript,
and has an X (as in windows, not that you'll have to be 18 to look at)
previewer.  Like all new features, I'm not sure if this is particularily
useful (perhaps more for impressing management with pretty pictures, but
it might be good for seeing trends or interesting tidbits not otherwise
discernable), but time (or, rather, you, the users) will tell.  Let me
know what you think.  This is *ONLY* useable with "cops -v" output!

-- a filter for COPS (originally named by default "cops_filter") makes
it possible to get rid of those pesky "Warning!  /dev/printer is _World_
writable!" messages.  Use "cops -f cops_filter" to use.

-- Code has been cleaned up, tons of flags/options have been added to make
things easier to use, documentation has been updated.

-- a fast crypt is included, stolen right from that wonderful password
cracker everyone knows and loves, Crack.  I'm not about to say you
should use my password cracker instead of crack -- if you can use crack,
use it!  However, it might prove to be a easy/painless alternative if
you decide that crack doesn't fit your time constraints or something.
You can try uncommenting lines 91 and 92 in the makefile for this.

-- a more powerful version of perl kuang is included.

-- a new directory, "extra_src" has been created, and contains a few
miscellaneous programs that couldn't quite fit in with the rest of this
release, but are fairly important or useful in their own right.  Some
of these programs will go into future versions of COPS.  There is a
README file that briefly describes the programs there.  BTW, if you use
uucp, make sure you look here!

-- two mini-papers have been put in the "extensions" directory.  One
is a very useful article on how to harden your uucp site, the other
is a good paper on how to write a SUID program correctly.

   The easiest thing to do is unpack everything, scan the README file,
read either the README.shell or README.perl file (depending on which one
you'd like to use), and finally look at the README.final file.  Alternately,
you can read the "quick_start" file if you're impatient.  If you're not totally
sure that the pathnames to the executables are correct, then you should
run "reconfig" (if you have a sysV based machine, or are just suspicious
of your system, you should do this anyway.)  After all that, just
type "./cops", and blast off.  Finally, to steal an ending from the README
file of a few years ago...

  "So good luck, and I hope you find COPS useful as we plunge into UNIX
of the 1990's.

   dan farmer
   January 31, 1989"

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
For information send mail to info-sunflash@sunvice.East.Sun.COM.
Subscription requests should be sent to sunflash-request@sunvice.East.Sun.COM.
Archives are on solar.nova.edu, paris.cs.miami.edu, uunet.uu.net,
src.doc.ic.ac.uk and ftp.adelaide.edu.au

All prices, availability, and other statements relating to Sun or third
party products are valid in the U.S. only. Please contact your local
Sales Representative for details of pricing and product availability in
your region. Descriptions of, or references to products or publications
within SunFlash does not imply an endorsement of that product or
publication by Sun Microsystems.

John McLaughlin, SunFlash editor, flash@sunvice.East.Sun.COM. (305) 776-7770.