COPS Overview

Welcome! This is a quick intro to COPS (Computer Oracle and Password System.) COPS is a collection of security tools that are designed specifically to aid the typical UNIX systems administrator, programmer, operator, or consultant in the oft neglected area of computer security.

The package can be broken down into three key parts. The first is the actual set of programs that attempt to automate security checks that are often performed manually (or perhaps with self written short shell scripts or programs) by a systems administrator. The second part is the documentation, which details how to set up, operate, and to interpret any results given by the programs. Finally, COPS is an evolving beast. It includes a list of possible extensions that might appear in future releases, as well as pointers to other works in UNIX security that could not be included at this time, due to space or other restrictions.


COPS is a collection of about a dozen (actually, a few more, but a dozen is such a good sounding number) programs that each attempt to tackle a different problem area of UNIX security. Here is what it currently checks:

All of the programs merely warn the user of a potential problem -- COPS DOES NOT ATTEMPT TO CORRECT OR EXPLOIT ANY OF THE POTENTIAL PROBLEMS IT FINDS! There is an option to generate a file containing shell commands that attempt to fix (at least of subset of) the problems found, but it should be carefully examined, possibly edited, and finally must be run manually, and probably by root, since many of the problems that need to be corrected deal with system files. COPS will either mail or create a file (user selectable) containing the problems it finds while running on your system. Because COPS does not correct potential hazards it finds, it does _not_ have to be run by a privileged account (i.e. root or whomever.) The only security check that should be run by root to get maximum results is the SUID checker: although it can be run as an unprivileged user, it should be run as root so that it can find all the SUID files in a system. In addition, if key binaries are not world-readable, only executable, the CRC checking program ("crc.chk") needs to be run as a privileged user to read the files in question to get the result. Also note that COPS cannot used to probe a host remotely; all the tests and checks made require a shell that is on the host being tested.

The programs that make up COPS were originally written primarily in Bourne shell (using awk, sed, grep, etc.) for (hopefully) maximum portability, with a few written in C for speed (most notably parts of the Kuang expert system and the implementation of fast user home directory searching), but the entire system should run on most BSD and System V machines with a minimum of tweaking. In addition, a perl version is included that, while perhaps not as portable as the shell/C version, has some advantages.

What COPS is not

COPS mostly provides a method of checking for common procedural errors. It is not meant to be used as a replacement for common sense or user/operator/administrative alertness! Think of it as an aid, a first line of defense, not as an impenetrable shield against security woes. An experienced wrong-doer could easily circumvent *any* protection that COPS can give. However, COPS *can* aid a system in protecting its users from (their own?) ignorance, carelessness, and the occasional malcontent user.

Once again, COPS does not directly correct any errors found. There are several reasons for this: first and foremost, computer security is a slippery beast. What is a major breach in security at one site may be a standard policy of openness at another site. Additionally, in order to correct all problems it finds, it would have to be run as a privileged user; I'm not going to go into the myriad problems of running SUID shell scripts -- suffice it to say it's a bad idea that can give an attacker privileges equal to whatever account the shell is SUID to.


COPS is meant to be a tool to aid in the tightening of security, not as a weapon to be used by an enemy to find security flaws in a system. It may be argued that allowing anyone to have access to such a tool may be dangerous. But hopefully the overall benefit for systems that use this package will outweigh any negative impact. To me it is akin to a law enforcement problem -- that although telling the public how to break into a house may foster a slight rise in break-in attempts, the overall rise in public awareness on how to defend themselves would actually result in a drop in break-ins. The crackers with black hats already know how to crush system defenses and have similar tools, I'm sure. It's time we fought back.

COPS is not the final answer to anyone's security woes. You can use the system as long as you realize that COPS has no warranty, implied or otherwise, and that any problems that you may have with it are not my or any of the other authors' fault. I will certainly attempt to help you solve them, if I am able. If you have ideas for additional programs, or a better implementation of any of the programs here, I would be very interested in seeing them.

So good luck, and I hope you find COPS useful as we plunge into UNIX of the 1990's.

   dan farmer

   May 18, 1993