_ _______ Release Date: __ N.I.A. _ ___ ___ Are you on any WAN? Are 08AUG91 ____ ___ ___ ___ ___ you on Bitnet, Internet _____ ___ ___ ___ ___ Compuserve, MCI Mail, Editors: ___ ___ ___ ___ ___________ Sprintmail, Applelink, Judge Dredd ___ ___ ___ ___ ___________ Easynet, Usenet, Lord Macduff ___ ______ ___ ___ ___ FidoNet, et al.? Advisors: ___ _____ ___ ___ ___ If so please drop us a Knight Lighting ____ _ __ ___ line at Jim Thomas ___ _ ___ nia@nuchat.sccsi.com __ _ Network Information Access Ignorance, There's No Excuse. Issue 072 :: Volume 02 "Do you know why there are so few sophisticated computer terrorists in the United States? Because your hackers have so much mobility into the Establishment. Here there is no such mobility. If you have the slightese bit of intellectual integrity you cannot support the government... That's why the best computer minds belong to the opposition." - An anonymous member of the Polish trade union Solitarity. ^*^ Greetings, avid readers! This issue marks a departure from our usual pattern, in that we now have the beginnings of an advisory staff. We would like to welcome Knight Lightning, Ex-editor of the now-late Phrack Inc. magazine. We would also like to welcome Jim Thomas, Editor of the Computer Underground Digest. If you feel you have certain qualities that could improve NIA magazine, please write us at nia@nuchat.sccsi.com. ============================================================================ 1. Index to NIA072 .............................................NIA Editors 2. The Renaissance of Hacking ...............................Mark Hittinger 3. The Hacker Manifesto ......................................Erik Bloodaxe 4. Foiling the Cracker [Dept. of Defense]......................Killing Joke 5. UNIX: JE Documentation ................................Terminal_Erection 6. Network Miscellany ......................................Various Sources 7. CyberTimes (Vox Populi) [1/4] ...............................Judge Dredd 8. CyberTimes (Vox Populi) [2/4] ...............................Judge Dredd 9. CyberTimes (Vox Populi) [3/4] ...............................Judge Dredd 10. CyberTimes (Vox Populi) [4/4] ...............................Judge Dredd 11. Editor's Comments ...........................................NIA Editors ============================================================================ / / / NIA 072 / File 2 / / Hacking and Hackers: The Rise, Stagnation, and Renaissance. / / Copyright(C) 1991 By Mark Hittinger / / / It doesn't take a rocket scientist to figure out that the publicity afforded to hacking has risen to peak levels within the last year. As one would expect, the political attention being paid to the subject of hackers has also risen to peak levels. We are hearing more about hackers each day. The newspapers have articles about alleged computer crime and phone fraud almost weekly. The legal system is issuing indictments, the secret service is running around with wildcard search warrants, and captured naive hackers are turning on each other. Some well known computer people have formed a lobby called the "Electronic Frontier Foundation". Fox TV has news people on the scene during a bust of an alleged "hacker" who was invading their own doofus system! Non-computer "lay" people have been asking me a lot of questions. So who am I? I'm just another computer bum. I got into computers in the early seventies during high school. I've witnessed computing's rise as something social outcasts did to something everybody wanted to be a part of. Babes looked at us with disgust as we grabbed our data on 110 baud teletypes and paper tape. Rolls of paper tape and access to timeshared basic was so great that we didn't even think that it could get better. Well guess what? Computers and our social position kept getting better. It got so good that pretty soon everybody wanted to ask us questions. These days we are like doctors at a cocktail party, we are always getting hit on for free computer consulting! Even from the babes! You've come a long way baby! Later I got into the professional side, that is, systems programming, systems management, and software development. I've worked with GE, Xerox, IBM, Digital, CDC, HP, Prime, anything I could get my hands on. I dearly loved the DEC-10, learned to live with VAX/VMS, and now grit my teeth when I work with Unix/MS-DOS. My hobby became my career, and they paid me money for it. My chosen hacking name is "bugs bunny" and you can find me on some bulletin boards as user "bugs". Bugs was always creating virtual rabbit holes out of thin air and dodging in and out of them. True hackers love to find and fix software "bugs". Yea!! I'm 34 now and a dad. Being involved in computers for a long time gives me a better perspective than most. Over the years there would sometimes be a major media coverage of some computer crime event. As a local computer "heavy", there were always questions coming my way about what these things were all about. Lately, the questions are more frequent and more sophisticated. All these big highly publicized busts are opening a lot of issues. I didn't have answers to some of these questions so I sat down and did some thinking. Writing this article is an outgrowth of that. I am not a writer so grant me some journalistic slack. Back in the early seventies hacking was quite free. Most of the important stuff was running on batch mainframes that had no connection to the outside world. The systems that we played with were not really considered critical by anyone. We were allowed to play to our hearts content, and nobody really worried about it at all. This period is what I like to think of as the "rise of hacking". You can read about some of it in the first section of Levy's book, "HACKERS". I love that section and read it when current events depress me. In those days the definition of hacker was clear and clean. It was fun, it was hi-tech, it was a blast, and it was not a threat. There were no big busts, very few people understood computing, and the public had no interest in it. We hacked for the sheer love of it. How can I describe the depth of interest that we had? We were not concerned with our image or our "identity". We wrote games, wrote neat hacks, and learned the strengths or weaknesses of each system. We were able to obtain access to a broad range of systems. Consider teenage boys comparing and contrasting the systems designed by older engineers! We eventually reached a point where we decided how a system should be set up. At this point we began to make an annoyance of ourselves. In all instances the various administrations considered us minor annoyances. They had much more pressing problems! New users began to show up in the labs. They reluctantly wanted to get something done that absolutely had to be done on the computer. In many cases they had no idea how to start, and were left to their own devices. Centralized data processing management (MIS) didn't want to deal with them. Often, they saw us playing around, joking, laughing, carefree, and not at all intimidated by the computer. They, on the other hand, were quite intimidated. We helped these people get started, showed them were the documentation was, and explained various error conditions to them. We quickly developed reputations as knowing how to get something to work. One of the people I helped made a remark to me that has stuck with me for a long time. He said, "I am trained as a civil engineer, so I don't have a feel for this. But you, you are pure bred. You've gotten into this fresh and taught yourself from the ground up. You haven't been trained into any set doctrine." Phar out man! This is an important point. There were no rules, guidelines, or doctrines. We made our own up as our experiences dictated. As time wore on, the new user pool began to grow more rapidly. The computers began to creak and groan under the work loads that were being placed upon them. During the day time, we came to the computer area to find it packed. We could no longer access the computers during the day. After all, we were just playing! That was OK with us. Soon we were there at night and on weekends. We obtained the off-hour non-prime time access, but this put us further away from the mainstream. These new guys liked the timeshared computers much more than their mainframe batch machines. They started to move their darn *important* crud from the mainframe machines to "our" timesharing computers. Pretty soon the administrations started to think about what it meant to have payroll or grades on the same computers that had "star-trek version 8", "adventure", or "DECWAR version 2.2". They were concerned about security on the timesharing systems, but due to their budget constraints, most of the centralized MIS shops still had to give priority to their batch mainframes. We continued to play, but we cursed at the slow systems when the important stuff was running. I got off "tuning" systems to make them run faster or more efficiently. Interactive response time became the holy grail. The "rise of hacking" was beginning to run out of steam. The timesharing systems had been expanded as much as technology and budgets would allow. We had learned the various systems internals inside and out. We now knew much more about the systems than the "official" maintainers did, and these maintainers perceived us as a threat to their positions. The computers were still overloaded. The nasty politics of access and resources began to rear their head. A convenient scapegoat was to eliminate access to games. Eliminate the people that were just playing. Examine all computing activity and bill for it. This didn't solve any of the problems (we all knew payroll and grades wouldn't fit in!) but it did raise the issue of the hackers to the surface. All of a sudden we became defined as a problem! We were soon getting shut out of various systems. New kids began to show up and pretend to be hackers. They would do anything to show off, and created large problems for "us". At this point the "stagnation" period was beginning. These were hard days for us. Many of my friends quit what they were doing. Many of us got real jobs on the computers we played with as a dodge. Centralized MIS departments began to be placed between the rock and hard place of limited budgets and unlimited customers. The new kids, the overloaded systems, the security concerns for the important applications, and the political situation all resulted in the stagnation of hacking. "Hacker" took on a bad connotation. I saw all kind of debates over what "hacker" meant. Some claimed it was a compliment, and should only be awarded to those bit twiddlers that were truly awesome. Many claimed that hackers were the scum of the earth and should be totally decimated! What could you do but stay out of the way and let things take their course? I realize now that it was in the MIS departments' *VESTED INTEREST* to define the term "hacker". Centralized MIS did not have the courage to fight for larger budgets. Upper level administrators who just approved the budget would freak out when they saw kids playing games on the computers in the library. MIS had to define this as bad, had to say they would put a stop to it. MIS had to look like they were managing the computer resources responsibly. Any unusual or politically unacceptable computer event that couldn't be covered up was caused by "hackers". It was a dodge for MIS! I am not saying that some questionable stuff didn't go down, I am just saying that it was logical to call anything "bad" by some sort of easily accepted label - "hackers". Of course, when the unusual computing event took place your budding journalists were johnny on the spot. You don't climb that journalist ladder by writing about boring stories. Wild computer stories about hacking captured the public interest. I suppose the public liked to hear that somebody could "beat" the system somehow. Journalists picked up on this and wrote stories that even I found hard to believe. The new kids, even when not asked, would blab all day long about the great things that they were doing. And don't you know, they would blab all day long about great hacks they heard that you pulled! Stories get wilder with each re-telling. I realize now that it was in the journalists' *VESTED INTEREST* to define the term "hacker". The public loves robin hood, the journalists went out and found lots of pseudo-robin hoods. More and more stories began to hit the public. We heard stories of military computers getting penetrated. We heard stories of big financial rip-offs. We heard cute stories about guys who paid themselves the round-off of millions of computer generated checks. We heard stories of kids moving space satellites! We heard stories of old ladies getting their phone bills in a heavy parcel box! As an old timer, I found a lot of these stories far fetched. It was all national inquirer type stuff to me. The public loved it, the bureaucrats used it, and the politicians began to see an opportunity! The end of the "stagnation" period coincides the arrival of the politicians. Was it in the *VESTED INTEREST* of the politicians to define the term "hacker"? You bet! Here was a safe and easy issue! Who would stand up and say they were FOR hackers? What is more politically esthetic than to be able to define a bad guy and then say you are opposed to it? More resources began to flow into law enforcement activities. When actual busts were made, the legal system had problems coming up with charges. The legal system has never really felt comfortable with the punishment side of hacking, however, they LOVE the chase. We didn't have guns, we were not very dangerous, but it is *neat* to tap lines and grab headlines! What a dangerous time this was. It was like a feedback loop, getting worse every week. When centralized MIS was unable to cover up a hacking event, they exaggerated it instead. Shoddy design or poor software workmanship was never an issue. Normally "skeptical" journalists did not ask for proof, and thrilled at the claims of multi-million dollar damages. Agents loved to be seen on TV (vote for me when I run!) wheeling out junior's Christmas present from last year, to be used as "evidence". The politicians were able to pass new laws without constitutional considerations. New kids, when caught, would rabidly turn on each other in their desperation to escape. Worried older hackers learned to shut up and not give their side for fear of the feeding frenzy. Hackers were socked with an identity crisis and an image problem. Hackers debated the meaning of hacker versus the meaning of cracker. We all considered the fundamental question, "What is a true hacker?". Cool administrators tried to walk the fine line of satisfying upper level security concerns without squelching creativity and curiosity. So what is this "renaissance" business? Am I expecting to see major hacker attacks on important systems? No way, and by the way, if you thought that, you would be using a definition created by someone with a vested interest in it. When did we start to realize that hacker was defined by somebody else and not us? I don't know, but it has only been lately. Was it when people started to ask us about these multi-million dollar damage claims? I really think this is an important point in time. We saw BellSouth claim an electronically published duplicate of an electronic document was worth nearly $100,000 dollars! We later saw reports that you could have called a 1-800 number and purchased the same document for under twenty bucks. Regular non-computer people began to express suspicion about the corporate claims. They expressed suspicion about the government's position. And generally, began to question the information the media gave them. Just last month an article appear in the Wall Street Journal about some hackers breaking in to electronic voice mail boxes (fancy answering machines). They quoted some secret service agent as saying the damages could run to the tens of millions of dollars. Somebody asked me how in the world could screwing around with peoples answering machines cause over 10 million dollars in damages? I responded, "I don't know dude! Do you believe what you read?" And when did the secret service get into this business? People say to me, "I thought the secret service was supposed to protect the president. How come the secret service is busting kids when the FBI should be doing the busting?" What can I do but shrug? Maybe all the Abu-Nidals are gone and the president is safe. Maybe the FBI is all tied up with some new AB-SCAM or the S&L thing. Maybe the FBI is damn tired of hackers and hacking! In any event, the secret service showed it's heavy hand with the big series of busts that was widely publicized recently. They even came up with *NEAT* code names for it. "Operation SUNDEVIL", WOW! I shoulda joined the secret service!!! Were they serious or was this their own version of dungeons and dragons? In a very significant way, they blew it. A lot of those old nasty constitutional issues surfaced. They really should define clearly what they are looking for when they get a search warrant. They shouldn't just show up, clean the place out, haul it back to some warehouse, and let it sit for months while they figure out if they got anything. This event freaked a lot of lay people out. The creation of the Electronic Frontier Foundation is a direct result of the blatantly illegal search and seizure by the secret service. People are worried about what appears to be a police state mentality, and generally feel that the state has gone to far. I think the average American has a gut level feel for how far the state should go, and the SS clearly went past that point. To be fair, there aren't any good guidelines to go by in a technical electronic world, so the secret service dudes had to decide what to do on their own. It just turned out to be a significant mistake. I saw Clifford Stoll, the author of the popular book "Cuckoos Egg" testify on national C-SPAN TV before congress. His book is a very good read, and entertaining as well. A lot of lay people have read the book, and perceive the chaos within the legal system. Stoll's book reveals that many systems are not properly designed or maintained. He reveals that many well known "holes" in computer security go unfixed due to the negligence of the owners. This book generated two pervasive questions. One, why were there so many different law enforcement agencies that could claim jurisdiction? Lay people found it amazing that there were so many and that they could not coordinate their efforts. Two, why were organizations that publicly claimed to be worried about hackers not updating their computer security to fix stale old well known problems? If indeed a hacker were able to cause damage by exploiting such a well known unfixed "hole", could the owner of the computer be somehow held responsible for part of the damage? Should they? We all watched in amazement as the media reported the progress of Robert Morris's "internet worm". Does that sound neat or what? Imagine all these lay people hearing about this and trying to judge if it is a problem. The media did not do a very good job of covering this, and the computing profession stayed away from it publicly. A couple of guys wrote academic style papers on the worm, which says something about how important it really was. This is the first time that I can remember anyone examining a hacking event in such fine detail. We started to hear about military interest in "worms" and "viruses" that could be stuck into enemy computers. WOW! The media accepted the damage estimates that were obviously inflated. Morris's sentence got a lot of publicity, but his fine was very low compared to the damage estimates. People began to see the official damage estimates as not being very credible. We are in the first stages of the hacking renaissance. This period will allow the hackers to assess themselves and to re-define the term "hacker". We know what it means, and it fits in with the cycle of apprentice, journeyman, and master. Its also got a little artist, intuition, and humor mixed in. Hackers have the chance to repudiate the MISs', the journalists', and the politicians' definition! Average people are questioning the government's role in this and fundamental rights. Just exactly how far should the government go to protect companies and their data? Exactly what are the responsibilities of a company with sensitive, valuable data on their computer systems? There is a distinct feeling that private sector companies should be doing more to protect themselves. Hackers can give an important viewpoint on these issues, and all of a sudden there are people willing to listen. What are the implications of the renaissance? There is a new public awareness of the weakness in past and existing systems. People are concerned about the privacy of their electronic mail or records on the popular services. People are worried a little about hackers reading their mail, but more profoundly worried about the services or the government reading their stuff. I expect to see a very distinct public interest in encrypted e-mail and electronic privacy. One of my personal projects is an easy to use e-mail encrypter that is compatible with all the major e-mail networks. I hope to have it ready when the wave hits! Personal computers are so darn powerful now. The centralized MIS department is essentially dead. Companies are moving away from the big data center and just letting the various departments role their own with PCs. It is the wild west again! The new users are on their own again! The guys who started the stagnation are going out of business! The only thing they can cling to is the centralized data base of information that a bunch of PCs might need to access. This data will often be too expensive or out-of-date to justify, so even that will die off. Scratch one of the vested definers! Without centralized multi-million dollar computing there can't be any credible claims for massive multi-million dollar damages. Everyone will have their own machine that they can walk around with. It is a vision that has been around for awhile, but only recently have the prices, technology, and power brought decent implementations available. Users can plug it into the e-mail network, and unplug it. What is more safe than something you can pick up and lock up? It is yours, and it is in your care. You are responsible for it. Without the massive damage claims, and with clear responsibility, there will no longer be any interest from the journalists. Everybody has a computer, everybody knows how much the true costs of damage are. It will be very difficult for the journalists to sensationalize about hackers. Scratch the second tier of the vested definers! Without media coverage, the hackers and their exploits will fade away from the headlines. Without public interest, the politicians will have to move on to greener pastures. In fact, instead of public fear of hackers, we now are seeing a public fear of police state mentality and abuse of power. No politician is going to want to get involved with that! I expect to see the politicians fade away from the "hacker" scene rapidly. Scratch the third tier of the vested definers! The FBI and the secret service will be pressured to spend time on some other "hot" political issue. So where the heck are we? We are now entering the era of truly affordable REAL systems. What does REAL mean? Ask a hacker dude! These boxes are popping up all over the place. People are buying them, buying software, and trying to get their work done. More often than not, they run into problems, and eventually find out that they can ask some computer heavy about them. Its sort of come full circle, these guys are like the new users of the old timesharing systems. They had an idea of what they wanted to do, but didn't know how to get there. There wasn't a very clear source of guidance, and sometimes they had to ask for help. So it went! The hackers are needed again. We can solve problems, get it done, make it fun. The general public has the vested interest in this! The public has a vested interest in electronic privacy, in secure personal systems, and in secure e-mail. As everyone learns more, the glamour and glitz of the mysterious hackers will fade. Lay people are getting a clearer idea of whats going on. They are less willing to pay for inferior products, and aren't keen about relying on centralized organizations for support. Many know that the four digit passcode some company gave them doesn't cut the mustard. What should we hackers do during this renaissance? First we have to discard and destroy the definition of "hacker" that was foisted upon us. We need to come to grips with the fact that there were individuals and groups with a self interest in creating a hysteria and/or a bogeyman. The witch hunts are over and poorly designed systems are going to become extinct. We have cheap personal portable compatible powerful systems, but they do lack some security, and definitely need to be more fun. We have fast and cheap e-mail, and this needs to be made more secure. We have the concept of electronic free speech, and electronic free press. I think about what I was able to do with the limited systems of yesterday, and feel very positive about what we can accomplish with the powerful personal systems of today. On the software side we do need to get our operating system house in order. The Unix version wars need to be stopped. Bill Gates must give us a DOS that will make an old operating system guy like me smile, and soon! We need to stop creating and destroying languages every three years and we need to avoid software fads (I won't mention names due to personal safety concerns). Ken Olsen must overcome and give us the cheap, fast, and elegantly unconstrained hardware platform we've waited for all our lives. What we have now is workable (terrific in terms of history), but it is a moral imperative to get it right. What we have now just doesn't have the "spark" (I am not doing a pun on sun either!!!). The hackers will know what I mean. If we are able to deal with the challenges of the hacking renaissance, then history will be able to record the hackers as pioneers and not as vandals. This is the way I feel about it, and frankly, I've been feeling pretty good lately. The stagnation has been a rough time for a lot of us. The stock market guys always talk about having a contrarian view of the market. When some company gets in the news as a really hot stock, it is usually time to sell it. When you hear about how terrible some investment is, by some perverse and wonderful force it is time to buy it. So it may be for the "hackers". We are hearing how terrible "hackers" are and the millions of dollars of vandalism that is being perpetrated. At this historic low are we in for a reversal in trend? Will the stock in "hackers" rise during this hacking renaissance? I think so, and I'm bullish on the 90's also! Party on d00des! ------------------------------------------------------------------------------ / / / NIA072 / File 3 / / / / MANIFESTO OF THE AMERICAN COMPUTIST / / by Erik Bloodaxe / / / / / A spectre is haunting the America--the spectre of Computing. All the Powers of Western Capitalism have entered into a holy alliance to exorcise this spectre: BOC and LDS, lawyers and judges, corporate CEOs and federal law enforcement officials. Where is the person in quest of knowledge that has not been decried as "hacker" by opponents in power? Where the Opposition that has not hurled back the branding reproach of Social Miscreant, against the more advanced opposition, as well as against its techno-illiterate adversaries? Two things result from this fact. I. Computers are already acknowledged by all Western Powers to be themselves a power. II. It is high time that the Computists should openly, in the face of the whole world, publish their views, their aims, their tendencies, and meet this nursery tale of the Spectre of Computing with a manifesto of the users themselves. To this end, Computists of various races, purposes, and classes have voiced their opinions, and from these the following Manifesto has been sketched. I. BUSINESSMEN AND USERS The history of all hitherto existing society is the history of struggles. Freeman and slave, patrician and plebeian, lord and serf, guild-master and journeyman, in a word, oppressor and oppressed, stood in constant opposition to one another, carried on an uninterrupted, now hidden, now open fight, a fight that each time ended either in a revolutionary re-constitution of society at large, or in the common ruin of the contending classes. In this, the era of epoch of Big Business, we are again engaged in struggle. This era, however, possesses a distinctive feature: the objective of increased profit masks the reality of those that are truly threats, and those that are merely perceived as such. Through this avaricious vision, government is forced into becoming a pawn of the corporate leaders who wish to stamp out any threat, real or imaginary, upon their first instinct to do so. Through this procedural paranoia, those who get caught in the whirlwind of events stemming from business-induced federal investigations often find their rights in serious jeopardy. The word of Business is taken as law. The colorful portrait of a computer-based threat to the workings of Business, thereby disrupting profit, and in turn the economy, force the politicians to act in great haste in forcing orders down the bureaucratic hierarchy to eliminate the threat. This fact, accompanied by the threat of removal of corporate contributions to political campaigns, increases the bias in which the procedures of investigation are conducted. Business today has achieved near deification. The reach of corporations has become immeasurable. This influence has stripped away the existence of the rights of individuals, leaving behind only a few stray hemp fibers from a once full Constitution. This fact is intolerable. The Government was created by and for the people that it would govern. Special influences have no place in decision making on who is to be governed and how. The corporate grasp must be loosened so that Democracy can flourish in its natural course. II. SOCIETY AND COMPUTISTS To society as a whole, the Computist is an often misunderstood entity. The media representation of the Computist left the public with a jaded image. Stories of Computer-based threats to National Security, to Emergency Networks, and to Hospital Patients left the public enraged by and frightened of the people possessing knowledge to interface with today's electronic world. Actual computer-related incidents that may have adversely affected the nation can be counted on the fingers of one hand, while more minor instances are played up by the Corporations and sent to the media to stir up more unrest against the Computist. The more often occurrence is an action of benefit. Computists point out flaws, alert people to problems in security, and in general assure that the nation's computer networks remain safe from foreign intrusions. These actions are mutually beneficial for both parties. The Computist gains the experience and knowledge, and the Business owning the system gains further protection. For this act of good faith, the Computist is not thanked, rather he is threatened, investigated, fined and possibly jailed. This is most often the case even when the Computist has made himself known from the onset. Computists have the power to do a great many things that society as a whole is unaware of. This power is perceived as a threat to Business, who has kept the mere existence of such power quietly to themselves. It has long been agreed upon that the public should never truly know the true extent of the influence Business actually has over their individual lives. Business, through the use of a computer, has ready access to eavesdrop on any telephone call placed in this country; to view any criminal record, sealed or unsealed; to view and alter any financial and credit records; to seize and transfer assets from any bank or other financial institution and to view any medical or psychiatric records. Business knows who you associate with, what you spend, what you buy, where you go, and who and what you are. Through these records they can designate how much you will have to pay for the things you wish to purchase, and what methods you will most easily succumb to in being forced to do so. To alert the public to these facts and to help in the eradication of Business influence, the Computists call for certain measures to be enacted. 1. The abolition of all current computer crime laws. 2. The re-evaluation of what encompasses computer crime by legislature, by Computists, and by other legal counsel to provide legal statutes that strictly outline progressive guidelines to the crime and their respective punishments. 3. Full disclosure by Business of the powers they have kept hidden from the public, so that all may know the possibilities that exist today for Business to invade the privacy of the society. 4. Extensive training for all federal and local law enforcement officials who will be assigned to investigate computer-related crime so that they will be skillful enough in their duties to properly execute this task. 5. Computer education classes to be required of all children enrolled in schools, public or otherwise, to begin as early as the first year enrolled, and to continue up through the completion of the end of their secondary education. 6. Continuing education classes in computer instruction to be provided free-of-charge to any willing adult through local educational facilities. 7. Government published documents on all conceivable aspects of computing to be provided free-of-charge through the General Services Administration via the Consumer Information Catalog. III. COMPUTIST LITERATURE In the past most Computist literature has been left as underground newspapers, and selectively mailed electronic digests. These were the first to attempt to expose the untruths and to surface the hidden powers of Business. This media, although provided at little or no cost, has always received limited distribution due to Business-induced governmental intrusions. There have also been countless texts produced covering the operations of softwares and of operating systems. These texts have always had the potential to reach a great many persons, but have been provided at a cost that may have deterred the average person from their purchase. Government publications have the potential to reach every member of society, and can provide all people with current, correct, and understandable information. This type of distribution would greatly increase society's knowledge of computers and reduce the tensions felt towards the subject. With increased knowledge of computers, society as a whole would prosper, allowing all members the potential to move technology forward towards a better and more productive future. IV. POSITION OF THE COMPUTIST STRUGGLE IN RELATION TO THE VARIOUS EXISTING OPPOSITION PARTIES The struggle of the Computist against Big Business is a microcosm of society as a whole. This struggle should be the struggle of every man and woman in this country. We are all being oppressed and suppressed by the powers of Big Business influencing our government, making it work against the needs of society. To end this atrocity that we have allowed to imbed itself in our nation we must all work together. PEOPLE OF THE NATION, UNITE! ----------------------------------------------------------------------------- / / / NIA 072 / File 4 / / / / `Foiling the Cracker' / / A Survey of, and Improvements to, Password Security / / This work was sponsored in part by the U.S. Department of Defense. / / / / Killing Joke / / / Daniel V. Klein Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15217 dvk@sei.cmu.edu +1 412 268 7791 With the rapid burgeoning of national and international networks, the question of system security has become one of growing importance. High speed inter-machine communication and even higher speed computational processors have made the threats of system ``crackers,'' data theft, data corruption very real. This paper outlines some of the problems of current password security by demonstrating the ease by which individual accounts may be broken. Various techniques used by crackers are outlined, and finally one solution to this point of system vulnerability, a proactive password checker, is proposed. Introduction The security of accounts and passwords has always been a concern for the developers and users of Unix. When Unix was younger, the password encryption algorithm was a simulation of the M-209 cipher machine used by the U.S. Army during World War II. %A Robert T. Morris %A Ken Thompson %T Password Security: A Case History %J Communications of the ACM %V 22 %N 11 %P 594-597 %D November 1979 %L Morris1979 This was a fair encryption mechanism in that it was difficult to invert under the proper circumstances, but suffered in that it was too fast an algorithm. On a PDP-11/70, each encryption took approximately 1.25ms, so that it was possible to check roughly 800 passwords/second. Armed with a dictionary of 250,000 words, a cracker could compare their encryptions with those all stored in the password file in a little more than five minutes. Clearly, this was a security hole worth filling. In later (post-1976) versions of Unix, the DES algorithm %T Proposed Federal Information Processing Data Encryption Standard %J Federal Register (40FR12134) %D March 17, 1975 %L DES1975 was used to encrypt passwords. The user's password is used as the DES key, and the algorithm is used to encrypt a constant. The algorithm is iterated 25 times, with the result being an 11 character string plus a 2-character ``salt.'' This method is similarly difficult to decrypt (further complicated through the introduction of one of 4096 possible salt values) and had the added advantage of being slow. On a (VAX-II (a machine substantially faster than a PDP-11/70), a single encryption takes on the order of 280ms, so that a determined cracker can only check approximately 3.6 encryptions a second. Checking this same dictionary of 250,000 words would now take over 19 hours of CPU time. Although this is still not very much time to break a single account, there is no guarantee that this account will use one of these words as a password. Checking the passwords on a system with 50 accounts would take on average 40 CPU days (since the random selection of salt values practically guarantees that each user's password will be encrypted with a different salt), with no guarantee of success. If this new, slow algorithm was combined with the user education needed to prevent the selection of obvious passwords, the problem seemed solved. Regrettably, two recent developments and the recurrence of an old one have brought the problem of password security back to the fore. CPU speeds have gotten increasingly faster since 1976, so much so that processors that are 25-40 times faster than the PDP-11/70 (e.g., the DECstation 3100 used in this research) are readily available as desktop workstations. With inter-networking, many sites have hundreds of the individual workstations connected together, and enterprising crackers are discovering that the ``divide and conquer'' algorithm can be extended to multiple processors, especially at night when those processors are not otherwise being used. Literally thousands of times the computational power of 10 years ago can be used to break passwords. New implementations of the DES encryption algorithm have been developed, so that the time it takes to encrypt a password and compare the encryption against the value stored in the password file has dropped below the 1ms mark. %A Matt Bishop %T An Application of a Fast Data Encryption Standard Implementation %J Computing Systems %V 1 %N 3 %P 221-254 %D Summer 1988 %L Bishop1988 %A David C. Feldmeier %A Philip R. Karn %T UNIX Password Security - Ten Years Later %J CRYPTO Proceedings %D Summer 1989 %L Feldmeier1989 On a single workstation, the dictionary of 250,000 words can once again be cracked in under five minutes. By dividing the work across multiple workstations, the time required to encrypt these words against all 4096 salt values could be no more than an hour or so. With a recently described hardware implementation of the DES algorithm, the time for each encryption can be reduced to approximately 6ms. %A Philip Leong %A Chris Tham %T UNIX Password Encryption Considered Insecure %J USENIX Winter Conference Proceedings %D January 1991 %L Leong1991 This means that this same dictionary can be be cracked in only 1.5 seconds. Users are rarely, if ever, educated as to what are wise choices for passwords. If a password is in a dictionary, it is extremely vulnerable to being cracked, and users are simply not coached as to ``safe'' choices for passwords. Of those users who are so educated, many think that simply because their password is not in /usr/dict/words, it is safe from detection. Many users also say that because they do not have any private files on-line, they are not concerned with the security of their account, little realizing that by providing an entry point to the system they allow damage to be wrought on their entire system by a malicious cracker. Because the entirety of the password file is readable by all users, the encrypted passwords are vulnerable to cracking, both on-site and off-site. Many sites have responded to this threat with a reactive solution - they scan their own password files and advise those users whose passwords they are able to crack. The problem with this solution is that while the local site is testing its security, the password file is still vulnerable from the outside. The other problems, of course, are that the testing is very time consuming and only reports on those passwords it is able to crack. It does nothing to address user passwords which fall outside of the specific test cases (e.g., it is possible for a user to use as a password the letters ``qwerty'' - if this combination is not in the in-house test dictionary, it will not be detected, but there is nothing to stop an outside cracker from having a more sophisticated dictionary!). Clearly, one solution to this is to either make /etc/passwd unreadable, or to make the encrypted password portion of the file unreadable. Splitting the file into two pieces - a readable /etc/passwd with all but the encrypted password present, and a ``shadow password'' file that is only readable by Broot is the solution proposed by Sun Microsystems (and others) that appears to be gaining popularity. It seems, however, that this solution will not reach the majority of non-Sun systems for quite a while, nor even, in fact, many Sun systems, due to many sites' reluctance to install new releases of software. The problem of lack of password security is not just endemic to Unix. A recent Vax/VMS worm had great success by simply trying the username as the password. Even though the VMS user authorization file is inaccessible to ordinary users, the cracker simply tried a number of ``obvious'' password choices - and easily gained access. What I propose, therefore, is a publicly available proactive password checker, which will enable users to change their passwords, and to check a priori whether the new password is ``safe.'' The criteria for safety should be tunable on a per-site basis, depending on the degree of security desired. For example, it should be possible to specify a minimum length password, a restriction that only lower case letters are not allowed, that a password that looks like a license plate be illegal, and so on. Because this proactive checker will deal with the pre-encrypted passwords, it will be able to perform more sophisticated pattern matching on the password, and will be able to test the safety without having to go through the effort of cracking the encrypted version. Because the checking will be done automatically, the process of education can be transferred to the machine, which will instruct the user why a particular choice of password is bad. Password Vulnerability It has long been known that all a cracker need do to acquire access to a Unix machine is to follow two simple steps, namely: Acquire a copy of that site's /etc/passwd file, either through an unprotected uucp link, well known holes in sendmail, or via ftp or tftp. Apply the standard (or a sped-up) version of the password encryption algorithm to a collection of words, typically /usr/dict/words plus some permutations on account and user names, and compare the encrypted results to those found in the purloined /etc/passwd file. If a match is found (and often at least one will be found), the cracker has access to the targeted machine. Certainly, this mode of attack has been known for some time, %A Eugene H. Spafford %T The Internet Worm Program: An Analysis %R Purdue Technical Report CSD-TR-823 %I Purdue University %D November 29, 1988 %L Spafford1988 and the defenses against this attack have also long been known. What is lacking from the literature is an accounting of just how vulnerable sites are to this mode of attack. In short, many people kno w that there is a problem, but few people believe it applies to them. ``There is a fine line between helping administrators protect their systems and providing a cookbook for bad guys.'' %A F. Grampp %A R. Morris %T Unix Operating System Security %J AT&T Bell Labs Technical Journal %V 63 %N 8 %P 1649-1672 %D October 1984 %L Grampp1984 The problem here, therefore, is how to divulge useful information on the vulnerability of systems, without providing too much information, since almost certainly this information could be used by a cracker to break into some as-yet unviolated system. Most of the work that I did was of a general nature - I did not focus on a particular user or a particular system, and I did not use any personal information that might be at the disposal of a dedicated ``bad guy.'' Thus any results which I have been able to garner indicate only general trends in password usage, and cannot be used to great advantage when breaking into a particular system. This generality notwithstanding, I am sure that any self-respecting cracker would already have these techniques at their disposal, and so I am not bringing to light any great secret. Rather, I hope to provide a basis for protection for systems that can guard against future attempts at system invasion. The Survey and Initial Results In October and again in December of 1989, I asked a number of friends and acquaintances around the United States and Great Britain to participate in a survey. Essentially what I asked them to do was to mail me a copy of their /etc/passwd file, and I would try to crack their passwords (and as a side benefit, I would send them a report of the vulnerability of their system, although at no time would I reveal individual passwords nor even of their sites participation in this study). Not surprisingly, due to the sensitive nature of this type of disclosure, I only received a small fraction of the replies I hoped to get, but was nonetheless able to acquire a database of nearly 15,000 account entries. This, I hoped, would provide a representative cross section of the passwords used by users in the community. Each of the account entries was tested by a number of intrusion strategies, which will be covered in greater detail in the following section. The possible passwords that were tried were based on the user's name or account number, taken from numerous dictionaries (including some containing foreign words, phrases, patterns of keys on the keyboard, and enumerations), and from permutations and combinations of words in those dictionaries. All in all, after nearly 12 CPU months of rather exhaustive testing, approximately 25% of the passwords had been guessed. So that you do not develop a false sense of security too early, I add that 21% (nearly 3,000 passwords) were guessed in the first week, and that in the first 15 minutes of testing, 368 passwords (or 2.7%) had been cracked using what experience has shown would be the most fruitful line of attack (i.e., using the user or account names as passwords). These statistics are frightening, and well they should be. On an average system with 50 accounts in the /etc/passwd file, one could expect the first account to be cracked in under 2 minutes, with 5-15 accounts being cracked by the end of the first day. Even though the Broot account may not be cracked, all it takes is one account being compromised for a cracker to establish a toehold in a system. Once that is done, any of a number of other well-known security loopholes (many of which have been published on the network) can be used to access or destroy any information on the machine. It should be noted that the results of this testing do not give us any indication as to what the uncracked passwords are. Rather, it only tells us what was essentially already known - that users are likely to use words that are familiar to them as their passwords. %A Bruce L. Riddle %A Murray S. Miron %A Judith A. Semo %T Passwords in Use in a University Timesharing Environment %J Computers & Security %V 8 %N 7 %P 569-579 %D November 1989 %L Riddle1989 What new information it did provide, however, was the degree of vulnerability of the systems in question, as well as providing a basis for developing a proactive password changer - a system which pre-checks a password before it is entered into the system, to determine whether that password will be vulnerable to this type of attack. Passwords which can be derived from a dictionary are clearly a bad idea, %A Ana Marie De Alvare %A E. Eugene Schultz, Jr. %T A Framework for Password Selection %J USENIX UNIX Security Workshop Proceedings %D August 1988 %L Alvare1988 and users should be prevented from using them. Of course, as part of this censoring process, users should also be told why their proposed password is not good, and what a good class of password would be. As to those passwords which remain unbroken, I can only conclude that these are much more secure and ``safe'' than those to be found in my dictionaries. One such class of passwords is word pairs, where a password consists of two short words, separated by a punctuation character. Even if only words of 3 to 5 lower case characters are considered, /usr/dict/words provides 3000 words for pairing. When a single intermediary punctuation character is introduced, the sample size of 90,000,000 possible passwords is rather daunting. On a DECstation 3100, testing each of these passwords against that of a single user would require over 25 CPU hours - and even then, no guarantee exists that this is the type of password the user chose. Introducing one or two upper case characters into the password raises the search set size to such magnitude as to make cracking untenable. Another ``safe'' password is one constructed from the initial letters of an easily remembered, but not too common phrase. For example, the phrase ``Unix is a trademark of Bell Laboratories'' could give rise to the password ``UiatoBL.'' This essentially creates a password which is a random string of upper and lower case letters. Exhaustively searching this list at 1000 tests per second with only 6 character passwords would take nearly 230 CPU days. Increasing the phrase size to 7 character passwords makes the testing time over 32 CPU years - a Herculean task that even the most dedicated cracker with huge computational resources would shy away from. Thus, although I don't know what passwords were chosen by those users I was unable to crack, I can say with some surety that it is doubtful that anyone else could crack them in a reasonable amount of time, either. Method of Attack A number of techniques were used on the accounts in order to determine if the passwords used for them were able to be compromised. To speed up testing, all passwords with the same salt value were grouped together. This way, one encryption per password per salt value could be performed, with multiple string comparisons to test for matches. Rather than considering 15,000 accounts, the problem was reduced to 4,000 salt values. The password tests were as follows: Try using the user's name, initials, account name, and other relevant personal information as a possible password. All in all, up to 130 different passwords were tried based on this information. For an account name Bklone with a user named ``Daniel V. Klein,'' some of the passwords that would be tried were: klone, klone0, klone1, klone123, dvk, dvkdvk, dklein, DKlein, leinad, nielk, dvklein, danielk, DvkkvD, DANIEL-KLEIN, (klone), KleinD, etc. Try using words from various dictionaries. These included lists of men's and women's names (some 16,000 in all); places (including permutations so that ``spain,'' ``spanish,'' and ``spaniard'' would all be considered); names of famous people; cartoons and cartoon characters; titles, characters, and locations from films and science fiction stories; mythical creatures (garnered from Bulfinch's mythology and dictionaries of mythical beasts); sports (including team names, nicknames, and specialized terms); numbers (both as numerals - ``2001,'' and written out - ``twelve''); strings of letters and numbers ( ``a,'' ``aa,'' ``aaa,'' ``aaaa,'' etc.); Chinese syllables (from the Pinyin Romanization of Chinese, a international standard system of writing Chinese on an English keyboard); the King James Bible; biological terms; common and vulgar phrases (such as ``fuckyou,'' ``ibmsux,'' and ``deadhead''); keyboard patterns (such as ``qwerty,'' ``asdf,'' and ``zxcvbn''); abbreviations (such as ``roygbiv'' - the colors in the rainbow, and ``ooottafagvah'' - a mnemonic for remembering the 12 cranial nerves); machine names (acquired from /etc/hosts); characters, plays, and locations from Shakespeare; common Yiddish words; the names of asteroids; and a collection of words from various technical papers I had previously published. All told, more than 60,000 separate words were considered per user (with any inter- and intra-dictionary duplicates being discarded). Try various permutations on the words from step 2. This included making the first letter upper case or a control character, making the entire word upper case, reversing the word (with and without the aforementioned capitalization), changing the letter `o' to the digit `0' (so that the word ``scholar'' would also be checked as ``sch0lar''), changing the letter `l' to the digit `1' (so that ``scholar'' would also be checked as ``scho1ar,'' and also as ``sch01ar''), and performing similar manipulations to change the letter `z' into the digit `2', and the letter `s' into the digit `5'. Another test was to make the word into a plural (irrespective of whether the word was actually a noun), with enough intelligence built in so that ``dress'' became ``dresses,'' ``house'' became ``houses,'' and ``daisy'' became ``daisies.'' We did not consider pluralization rules exhaustively, though, so that ``datum'' forgivably became ``datums'' (not ``data''), while ``sphynx'' became ``sphynxs'' (and not ``sphynges''). Similarly, the suffixes ``-ed,'' ``-er,'' and ``-ing'' were added to transform words like ``phase'' into ``phased,'' ``phaser,'' and ``phasing.'' These 14 to 17 additional tests per word added another 1,000,000 words to the list of possible passwords that were tested for each user. Try various capitalization permutations on the words from step 2 that were not considered in step 3. This included all single letter capitalization permutations (so that ``michael'' would also be checked as ``mIchael,'' ``miChael,'' ``micHael,'' ``michAel,'' etc.), double letter capitalization permutations (``MIchael,'' ``MiChael,'' ``MicHael,'' ... , ``mIChael,'' ``mIcHael,'' etc.), triple letter permutations, and so on. The single letter permutations added roughly another 400,000 words to be checked per user, while the double letter permutations added another 1,500,000 words. Three letter permutations would have added at least another 3,000,000 words per user had there been enough time to complete the tests. Tests of 4, 5, and 6 letter permutations were deemed to be impracticable without much more computational horsepower to carry them out. Try foreign language words on foreign users. The specific test that was performed was to try Chinese language passwords on users with Chinese names. The Pinyin Romanization of Chinese syllables was used, combining syllables together into one, two, and three syllable words. Because no tests were done to determine whether the words actually made sense, an exhaustive search was initiated. Since there are 398 Chinese syllables in the Pinyin system, there are 158,404 two syllable words, and slightly more than 16,000,000 three syllable words. The astute reader will notice that 398\s-2\u3\d\s+2 is in fact 63,044,972. Since Unix passwords are truncated after 8 characters, however, the number of unique polysyllabic Chinese passwords is only around 16,000,000. Even this reduced set was too large to complete under the imposed time constraints. A similar mode of attack could as easily be used with English, using rules for building pronounceable nonsense words. Try word pairs. The magnitude of an exhaustive test of this nature is staggering. To simplify this test, only words of 3 or 4 characters in length from /usr/dict/words were used. Even so, the number of word pairs is BOR(10\s-3\u7\d\s+3) (multiplied by 4096 possible salt values), and as of this writing, the test is only 10% complete. For this study, I had access to four DECstation 3100's, each of which was capable of checking approximately 750 passwords per second. Even with this total peak processing horsepower of 3,000 tests per second (some machines were only intermittently available), testing the BOR(10\s-3\u10\d\s+3) password/salt pairs for the first four tests required on the order of 12 CPU months of computations. The remaining two tests are still ongoing after an additional 18 CPU months of computation. Although for research purposes this is well within acceptable ranges, it is a bit out of line for any but the most dedicated and resource-rich cracker. Summary of Results The problem with using passwords that are derived directly from obvious words is that when a user thinks ``Hah, no one will guess this permutation,'' they are almost invariably wrong. Who would ever suspect that I would find their passwords when they chose ``fylgjas'' (guardian creatures from Norse mythology), or the Chinese word for ``hen-pecked husband''? No matter what words or permutations thereon are chosen for a password, if they exist in some dictionary, they are susceptible to directed cracking. The following table give an overview of the types of passwords which were found through this research. A note on the table is in order. The number of matches given from a particular dictionary is the total number of matches, irrespective of the permutations that a user may have applied to it. Thus, if the word ``wombat'' were a particularly popular password from the biology dictionary, the following table will not indicate whether it was entered as ``wombat,'' ``Wombat,'' ``TABMOW,'' ``w0mbat,'' or any of the other 71 possible differences that this research checked. In this way, detailed information can be divulged without providing much knowledge to potential ``bad guys.'' Additionally, in order to reduce the total search time that was needed for this research, the checking program eliminated both inter- and intra-dictionary duplicate words. The dictionaries are listed in the order tested, and the total size of the dictionary is given in addition to the number of words that were eliminated due to duplication. For example, the word ``georgia'' is both a female name and a place, and is only considered once. A password which is identified as being found in the common names dictionary might very well appear in other dictionaries. Additionally, although ``duplicate,'' ``duplicated,'' ``duplicating'' and ``duplicative'' are all distinct words, only the first eight characters of a password are used in Unix, so all but the first word are discarded as redundant. Passwords cracked from a sample set of 13,797 accounts _ Type of:Size of:Duplicates:Search:# of:Pct.:Cost/Benefit Password:Dictionary:Eliminated:Size:Matches:of Total:Ratio\s-2\u*\d\s+2 = User/account name:130\s-3\u\(dg\d\s+3:\-:130:368:2.7%:2.830 Character sequences:866:0:866:22:0.2%:0.025 Numbers:450:23:427:9:0.1%:0.021 Chinese:398:6:392:56:0.4%\s-3\u\(dd\d\s+3:0.143 Place names:665:37:628:82:0.6%:0.131 Common names:2268:29:2239:548:4.0%:0.245 Female names:4955:675:4280:161:1.2%:0.038 Male names:3901:1035:2866:140:1.0%:0.049 Uncommon names:5559:604:4955:130:0.9%:0.026 Myths & legends:1357:111:1246:66:0.5%:0.053 Shakespearean:650:177:473:11:0.1%:0.023 Sports terms:247:9:238:32:0.2%:0.134 Science fiction:772:81:691:59:0.4%:0.085 Movies and actors:118:19:99:12:0.1%:0.121 Cartoons:133:41:92:9:0.1%:0.098 Famous people:509:219:290:55:0.4%:0.190 Phrases and patterns:998:65:933:253:1.8%:0.271 Surnames:160:127:33:9:0.1%:0.273 Biology:59:1:58:1:0.0%:0.017 /usr/dict/words:24474:4791:19683:1027:7.4%:0.052 Machine names:12983:3965:9018:132:1.0%:0.015 Mnemonics:14:0:14:2:0.0%:0.143 King James bible:13062:5537:7525:83:0.6%:0.011 Miscellaneous words:8146:4934:3212:54:0.4%:0.017 Yiddish words:69:13:56:0:0.0%:0.000 Asteroids:3459:1052:2407:19:0.1%:0.007 _ Total:86280:23553:62727:B3340:B24.2%:0.053 In all cases, the cost/benefit ratio is the number of matches divided by the search size. The more words that needed to be tested for a match, the lower the cost/benefit ratio. The dictionary used for user/account name checks naturally changed for each user. Up to 130 different permutations were tried for each. While monosyllablic Chinese passwords were tried for all users (with 12 matches), polysyllabic Chinese passwords were tried only for users with Chinese names. The percentage of matches for this subset of users is 8% - a greater hit ratio than any other method. Because the dictionary size is over 16\(mu10\s-2\u6\d\s+2, though, the cost/benefit ratio is infinitesimal. The results are quite disheartening. The total size of the dictionary was only 62,727 words (not counting various permutations). This is much smaller than the 250,000 word dictionary postulated at the beginning of this paper, yet armed even with this small dictionary, nearly 25% of the passwords were cracked! Length of Cracked Passwords _ Length:Count:Percentage = 1 character:4:0.1% 2 characters:5:0.2% 3 characters:66:2.0% 4 characters:188:5.7% 5 characters:317:9.5% 6 characters:1160:34.7% 7 characters:813:24.4% 8 characters:780:23.4% The results of the word-pair tests are not included in either of the two tables. However, at the time of this writing, the test was approximately 10% completed, having found an additional 0.4% of the passwords in the sample set. It is probably reasonable to guess that a total of 4% of the passwords would be cracked by using word pairs. Action, Reaction, and Proaction What then, are we to do with the results presented in this paper? Clearly, something needs to be done to safeguard the security of our systems from attack. It was with intention of enhancing security that this study was undertaken. By knowing what kind of passwords users use, we are able to prevent them from using those that are easily guessable (and thus thwart the cracker). One approach to eliminating easy-to-guess passwords is to periodically run a password checker - a program which scans /etc/passwd and tries to break the passwords in it. %A T. Raleigh %A R. Underwood %T CRACK: A Distributed Password Advisor %J USENIX UNIX Security Workshop Proceedings %D August 1988 %L Raleigh1988 This approach has two major drawbacks. The first is that the checking is very time consuming. Even a system with only 100 accounts can take over a month to diligently check. A halfhearted check is almost as bad as no check at all, since users will find it easy to circumvent the easy checks and still have vulnerable passwords. The second drawback is that it is very resource consuming. The machine which is being used for password checking is not likely to be very useful for much else, since a fast password checker is also extremely CPU intensive. Another popular approach to eradicating easy-to-guess passwords is to force users to change their passwords with some frequency. In theory, while this does not actually eliminate any easy-to-guess passwords, it prevents the cracker from dissecting /etc/passwd ``at leisure,'' since once an account is broken, it is likely that that account will have had it's password changed. This is of course, only theory. The biggest disadvantage is that there is usually nothing to prevent a user from changing their password from ``Daniel'' to ``Victor'' to ``Klein'' and back again (to use myself as an example) each time the system demands a new password. Experience has shown that even when this type of password cycling is precluded, users are easily able to circumvent simple tests by using easily remembered (and easily guessed) passwords such as ``dvkJanuary,'' ``dvkFebruary,'' etc. %A Dr. Brian K Reid %D 1989 %I DEC Western Research Laboratory %O Personal communication. %L Reid1989 A good password is one that is easily remembered, yet difficult to guess. When confronted with a choice between remembering a password or creating one that is hard to guess, users will almost always opt for the easy way out, and throw security to the wind. Which brings us to the third popular option, namely that of assigned passwords. These are often words from a dictionary, pronounceable nonsense words, or random strings of characters. The problems here are numerous and manifest. Words from a dictionary are easily guessed, as we have seen. Pronounceable nonsense words (such as ``trobacar'' or ``myclepate'') are often difficult to remember, and random strings of characters (such as ``h3rT+aQz'') are even harder to commit to memory. Because these passwords have no personal mnemonic association to the users, they will often write them down to aid in their recollection. This immediately discards any security that might exist, because now the password is visibly associated with the system in question. It is akin to leaving the key under the door mat, or writing the combination to a safe behind the picture that hides it. A fourth method is the use of ``smart cards.'' These credit card sized devices contain some form of encryption firmware which will ``respond'' to an electronic ``challenge'' issued by the system onto which the user is attempting to gain acccess. Without the smart card, the user (or cracker) is unable to respond to the challenge, and is denied access to the system. The problems with smart cards have nothing to do with security, for in fact they are very good warders for your system. The drawbacks are that they can be expensive and must be carried at all times that access to the system is desired. They are also a bit of overkill for research or educational systems, or systems with a high degree of user turnover. Clearly, then, since all of these systems have drawbacks in some environments, an additional way must be found to aid in password security. A Proactive Password Checker The best solution to the problem of having easily guessed passwords on a system is to prevent them from getting on the system in the first place. If a program such as a password checker reacts by detecting guessable passwords already in place, then although the security hole is found, the hole existed for as long as it took the program to detect it (and for the user to again change the password). If, however, the program which changes user's passwords (i.e., /bin/passwd) checks for the safety and guessability before that password is associated with the user's account, then the security hole is never put in place. In an ideal world, the proactive password changer would require eight character passwords which are not in any dictionary, with at least one control character or punctuation character, and mixed upper and lower case letters. Such a degree of security (and of accompanying inconvenience to the users) might be too much for some sites, though. Therefore, the proactive checker should be tuneable on a per-site basis. This tuning could be accomplished either through recompilation of the passwd program, or more preferably, through a site configuration file. As distributed, the behavior of the proactive checker should be that of attaining maximum password security - with the system administrator being able to turn off certain checks. It would be desireable to be able to test for and reject all password permutations that were detected in this research (and others), including: Passwords based on the user's account name Passwords based on the user's initials or given name Passwords which exactly match a word in a dictionary (not just /usr/dict/words) Passwords which match a word in the dictionary with some or all letters capitalized Passwords which match a reversed word in the dictionary Passwords which match a reversed word in the dictionary with some or all letters capitalized Passwords which match a word in a dictionary with an arbitrary letter turned into a control character Passwords which match a dictionary word with the numbers `0', `1', `2', and `5' substituted for the letters `o', 'l', 'z', and 's' Passwords which are simple conjugations of a dictionary word (i.e., plurals, adding ``ing'' or ``ed'' to the end of the word, etc.) Passwords which are patterns from the keyboard (i.e., ``aaaaaa'' or ``qwerty'') Passwords which are shorter than a specific length (i.e., nothing shorter than six characters) Passwords which consist solely of numeric characters (i.e., Social Security numbers, telephone numbers, house addresses or office numbers) Passwords which do not contain mixed upper and lower case, or mixed letters and numbers, or mixed letters and punctuation Passwords which look like a state-issued license plate number The configuration file which specifies the level of checking need not be readable by users. In fact, making this file unreadable by users (and by potential crackers) enhances system security by hiding a valuable guide to what passwords are acceptable (and conversely, which kind of passwords simply cannot be found). Of course, to make this proactive checker more effective, it woule be necessary to provide the dictionaries that were used in this research (perhaps augmented on a per-site basis). Even more importantly, in addition to rejecting passwords which could be easily guessed, the proactive password changer would also have to tell the user why a particular password was unacceptable, and give the user suggestions as to what an acceptable password looks like. Conclusion (and Sermon) It has often been said that ``good fences make good neighbors.'' On a Unix system, many users also say that ``I don't care who reads my files, so I don't need a good password.'' Regrettably, leaving an account vulnerable to attack is not the same thing as leaving files unprotected. In the latter case, all that is at risk is the data contained in the unprotected files, while in the former, the whole system is at risk. Leaving the front door to your house open, or even putting a flimsy lock on it, is an invitation to the unfortunately ubiquitous people with poor morals. The same holds true for an account that is vulnerable to attack by password cracking techniques. While it may not be actually true that good fences make good neighbors, a good fence at least helps keep out the bad neighbors. Good passwords are equivalent to those good fences, and a proactive checker is one way to ensure that those fences are in place before a breakin problem occurs. ----------------------------------------------------------------------------- / / / NIA 072 / File 5 / / / / JONAS & ERICKSON / / PRIME EXL-316 / / / / Terminal_Erection / / / Differences between the C.T. & Prime EXL - You Can't log in as root anywhere except the console. (But you can log in as mars and then use the su command). - The console port prompt is Console Login: and everyone else is the standard login: - You will not have to re-configure the kernel anymore. Three kernels are provided by corporate services on a separate tape. - The /etc/rc file is now /etc/rc2. - There is a system administrator command that allows you to add users, assign passwords, install additional hardware and a lot more. - On-line help facility call 'help', for most unix commands. - No /etc/issue file, must use /etc/motd. - No 'more' command, must use 'pg'. - The key is now the key. - You may not backspace while logging in. (The system will ask for a password, press to get the login prompt back.) - To see the directories in column format you must use the ls -C command. - In the /etc/gettydefs file all the labels have an 'h' in front except the 9600 label (eg. 1200 is now h1200, 300 is now h300) - The Prime Exl does not support parallel printers. - The STOP button on the front of the EXL is equal to the shutdown command. - All formatting and partitioning of the disks is done automatically. (Explained later). - tty device names are different. (eg. /dev/tty01, /dev/console, /etc/ttyax) - Tape device name is /dev/rct/c0d5. (Not /dev/rmt0). - Configurable kernel is an extra cost add-on. Since we didn't want to add the cost to every system, we obtained Prime's permission to send out pre-configured kernels from corporate services. Unfortunately this means you cannot reconfigure the kernel in the field. CHECKLIST Page Check Description 4 _____ 1. Connect console terminal 5 _____ 2. Install operating system 6 _____ 3. Initial system setup 8 _____ 4. Restoring the kernel 9 _____ 5. Configuring terminals and ports 11 _____ 6. Edit /etc/gettydefs 12 _____ 7. Edit /etc/rc2 13 _____ 8. Edit /etc/profile 13 _____ 9. Create directories 14 _____10. Install Thoroughbred Basic 15 _____11. Install J & E programs 15 _____12. Edit IPLINPUT 16 _____13. Adjust terminal types 17 _____14. Add appropriate /mars /backup /fullback and /printbu shell scripts. 18 _____15. Edit /etc/passwd to add mars login code and a set of login codes specific to the client. 20 _____16. Create /etc/motd file for J&E welcome message at login. 20 _____17. Reboot system, test client login. 21 _____18. Define all J&E data files as per client file sizing. 21 _____19. Test as much as you can. 21 _____20. Label special ports at the rear of the system, take a full backup, and repack it for shipping. 21 _____21. Disable / Enable lock. 22 Simplified System Administration. 23 Prime EXL-316 Cabling Information. DETAILED DESCRIPTIONS These instructions have been written by a programmer, to a programmer. If you are not a programmer and you can't fake it, then you really should go and get one. In many instances, we have given very exacting detail, but things can go wrong. Also, the instructions are given in a way that each step could be performed separately. However, generally, you can get a lot of overlap in by combining steps and not rebooting the system until you have to in order to test something. Below is a diagram showing you the port layout on the EXL. Please note that the EXL ports are numbered in the octal number system. Prime EXL-316 ------------------- | | Where: | ( REAR VIEW ) | | | A=ttyax | | C=console | | V=Voltage selector | | | V | Number=tty ports | | | A | | C 00 10 20 | | 01 11 21 | | 02 12 22 | | | | 03 13 23 | | 04 14 24 | | 05 15 25 | | 06 16 26 | | 07 17 27 | | | -------------------- FIGURE 1-1 Caution: Before doing anything set the voltage selector switch to 115V on the rear on the EXL. Step 1. (Getting the EXL ready) Unpack the computer using the instruction in the Prime installation and operation guide. Check the following list before doing anything to make sure you have all the tools you require to do the install. _____ Delivery of Prime EXL & terminals. _____ Jonas & Erickson software tape, (From Corporate Services). _____ Jonas & Erickson kernels tape, (From Corporate Services). _____ Prime EXL Operating Systems tape. _____ Prime EXL Extended Diagnostic tape. _____ Thoroughbred Basic tape. _____ Thoroughbred Basic manual _____ Thoroughbred Basic passport security device (small box). _____ Prime terminal cables. ( RJ45 to RS232 ) _____ Prime EXL-316 power cable. _____ Small Standard Screwdriver & 3/16" nut driver. Five manuals supplied by Prime. They are: _____ 1. Systems Administrator Reference Manual. _____ 2. Systems Administrator Guide. _____ 3. Users guide. _____ 4. Users Reference Manual. _____ 5. Installation and Operation Guide. INSTRUCTIONS: - Unpack and place the inserts for the Prime manuals in the correct sequence. - If you have not done so, set the voltage selector switch to 115 volts on the rear of the computer. - Remove the shipping insert that should be in the tape drive. - Connect the power cord & plug it in the wall. - Unpack the terminal & plug it in to the wall. - Connect the communications cable from the console port, (see diagram 1-1) to the fixed female connection on the passport. Notice that the cable has a removable sex-changer that must be removed & connected separately using a 3/16" nut driver. Connect the ribbon cable from the passport, (small box) to the main port on the terminal. - Set your terminal as follows: Terminal settings Baud rate : 9600 Data bits : 8 Stop bits : 1 Parity : none Handshake : XON/XOFF Communications : Full Duplex Emulation : TVI925 - Press the power on switch at the rear on the computer. (0 = Off, 1 = On) - Make sure the control panel key is set to ENABLE. Step 2. (Installing the Prime EXL UNIX operating system.) - Insert the tape marked "PRIME EXL tm Operating System" supplied by PRIME, into the tape drive. Make sure the indicator is in the safe position. (Insert opening in the tape to the left, metal plate face down.) - Press the START switch. The EXL will do some diagnostics, play some music, display some messages and after a few minutes will come up to the # prompt. - At the # prompt, enter: # install (CR) The system may display a date and time and ask if you wish to change the time zone plus the date & time. You should reply no since this is described later on. Change the time zone? [y,n,?,q] n(CR) Change the date and time? [y,n,?,q] n(CR) Formatting will start and will take approximately 10 minutes. You will see: Formatting.... . . . Partitioning the disk... Creating empty root file system on /dev/dsk/c0d0s0. Creating empty usr file system on /dev/dsk/c0d0s1.. Installing root file system on /dev/dsk/c0d0s1... Installing usr file system on /dev/dsk/c0d0s1... Rewinding tape... Writing boot block... When the installation is complete you will see: The PRIME EXL Operating System is now installed. Remove the cartridge tape and press STOP. - Do what it said. (The STOP key in on the front of the EXL.) Let the EXL power down completely. The operating system has been installed and two partitions have been installed. They are /root and /usr. - Press the START key. This should now boot the operating system off the disk. - At the Console Login: prompt type Console Login: root (CR) - Insert the "PRIME EXL tm Extended Diagnostics Monitor" tape provided by Prime. (Make sure the indicator is set to safe) - At the # prompt type: # cd /dedgmon (CR) then type: (Note: The next command is in upper case) # INSTALL (CR) You will be prompted to "install" tape and press key when ready. Do so. This will install the extended diagnostic on to the Prime EXL's operating system. (Takes about 1 minute) - Once you see "edmon installation complete" remove the tape from the tape drive and put it back in the plastic cover. Step 3 (Initial system setup) At the # prompt type: # cd / (CR) # sysadm setup (CR) You will be prompted to: 1. Set the time zone. 2. System date & time. 3. First user on the system. (mars) 4. To enter a root password 5. Naming the computer Note: sysadm is a utility that allows you to do most of the administrative work you would normally have to do by editing files. eg. Add users, delete user, add tty ports, change passwords etc (See page 19 of this manual for further details) For sysadm procedure most responses are: y=Yes, n=No, ?=Display more info, q=Quit Date and Time: Current time and zone is : 15:55 EDT Change the time zone? [y,n,?,q] If the time zone is not correct then type y (CR) You will be prompted to choose between 10 time zones. Enter (1-10) This will edit the /etc/TIMEZONE file. Does your time zone use Daylight Savings Time during the year? Answer y or n. (CR) Change the date and time [y,n,q,?] If you answer y (CR) then you will be prompted to enter the hour and minute etc. Setting up the first login: You will prompted: Enter user's full name [?,q]: mars (CR) Enter user's login ID [?,q]: mars (CR) Enter user ID number (default 100) [?,q]: (CR) Enter group ID number or group name (default 1) [?,q]: (CR) Enter the user's login (home) directory name. (default '/usr/mars') [?,q]: (CR) This is the information for the new login: User's name: mars login ID: mars user ID: 100 group ID: 1 home directory: /usr/mars Do you want to install,edit, or skip this entry [i,e,s,q]? i (CR) Login installed. Do you want to give the user a password? [y,n] n (CR) Do you want to add another login? [y,n,q] n (CR) Assigning a password to root Do you want to give passwords to administrative logins [y,n,?,q] n (CR) Do you want to give password to system logins? [y,n,q,?] n (CR) Naming the machine This machine is currently called "exl". Do you want to change it? [y,n,q,?] n (CR) Step 4. ( Restoring J & E kernels ) Restoring J & E kernels The commands are as follows: -put in the J&E EXL kernel tape into the tape drive. # cd / (CR) # cpio -icvdumaB < /dev/rct/c0d5 (CR) ... (restores the file ... When complete remove the tape & return it to its plastic covering (Note: Should restore three files) You now have four versions of unix on the system disk, the system that was distributed, as well as three new versions. They are: /unix (Distributed version) /je.unix.8 (Eight user version) /je.unix.16 (Sixteen user version) /je.unix.24 (Twenty-four user version) /je.DOC (A copy of this manual) Future use ---> /je.create.t1 (Makes nodes for tty20-tty27) Future use ---> /je.create.t2 (Makes nodes for tty30-tty57) Start by making a backup of the current kernel. cp /unix /unix.save(CR) If you have a 8 user system you simply copy /je.unix.8 to /unix. If you have a 16 user system you copy /je.unix.16 to /unix etc. In this example we are assuming you have a 24 user system, so we would type: Warning: If you don't have a 24 user system do not use the bigger shell. There are memory restrictions. mv /je.unix.24 /unix (CR) Now sync the disks by typing: sync;sync;sync (CR) Now, press the STOP button (on the front of the machine). Ignore warning messages which may appear. They appear because the current "/unix" is not the same as the one which was booted. Once the system is powered down completely, press the START button. The new kernel you just installed is now being booted. Step 5. ( Configuring terminals and printers ) The file /etc/inittab configures the terminal ports on the system. Please note that this controls login terminals only. Ports to be used for serial printers will have to be turned off here and configured in /etc/rc2. Other ports that you would want turned off would include transport ports, and ports for any serial devices which are not login terminals such as point-of- sale devices. Modems count as login terminals. Our first task here is to determine the correspondence between the physical port labels, and the unix terminal device names (tty numbers). On EXL-316s Port tty00 is the port on the first communications board labelled channel 1 (the first communications board is the left most when viewed from the rear, labelled 1 to 8). It is important to know the ports are numbered in octal. They go 0 to 7, 10 to 17, 20 to 27 etc. Also there are two ports that Prime has installed that are called ttyax and console. The ttyax will be used for the modem and console is the system console. (See diagram 1-1). Port tty00 is the port labeled channel 1. Ports tty00 through tty07 are on the first RS232 expansion board. The second RS232 expansion board is further right consisting of ports tty10 through tty17, and so on (Remember the ports are numbered in octal). The RS232 expanders come in 8 port version. All versions use 8-pin RJ45 connectors. (Big telephone jacks). What we have to do, is determine which ports will physically be connected to a login terminal, and make sure that the corresponding lines in /etc/inittab are enabled. Take some time at this point to decide which equipment you will be plugging into which port. After you have determined which ports can physically have terminals it is necessary to edit /etc/inittab to tell the system what's what. J&E's standard is to always connect the support modem to ttyax, and to assign ports to non-terminal devices (such as printers) starting at the end and working back. The format of a line in /etc/inittab is as follows: nn:X:Y:/etc/getty T Z where-nn is the port number (co=console, ta=ttyax, ##=number of tty port, in octal.) -X is the word off if the port is to be turned off. If the port is to be turned on, then X will be a number which must contain the digit 2. -Y should be the word respawn. If it is the word off, then the port is again turned off (Note: This is the preferred way of turning off a port). -T is the tty number -Z is a label corresponding to an entry in the file /etc/gettydefs. IT IS NOT the baud rate, although the labels used usually correspond to a baud rate for convenience. The usual values for Z are either 9600, h1200, or h300 (for modems). You should only need to change this to set modem ports. There are three ways to turn a port off. The preferred way is to change the word Y from respawn to off. The second way is to change the number X to the word OFF. The third way is to place a colon as the first character of the line making the entire line a comment. You should ensure that all the ports that the machine physically will have login terminals connected to are turned on. Do not turn on any ports that will not have a terminal connected, even if the client will be adding terminals in a little while, as this will slow down the system. If you turn on a port that the machine does not physically have then T0 (console) will get periodic error messages, messing up the screen displays. After making changes to /etc/inittab, they will automatically go into effect in about 5-10 minutes, or following a reboot. You can also put them into effect immediately by the root command: # telinit q(CR) # On a typical new system, only console will be turned on. If you are not familiar with any Unix editor, then the following is intended as a key by key guide for someone setting up /etc/inittab for the first time, but this would be a good time to learn the ed editor as its multi-line replacement will save you some time. Console Login: root(CR) # ed /etc/inittab(CR) <-- invoke line editor 1227 <-- system responds with the # of chars (May differ) /nn(CR) <--finds the definition line for ttynn nn:X:Y:/etc/getty tttttt Z <--note X, Y and Z will have some value that we will check <-- make sure that X is 2 - if it isn't then change it by s/3/2(CR) <-- eg. X was "3" but we wanted "2" <-- make sure that Y is respawn - if it isn't then change it s/off/respawn(CR) <-- eg. Y was "off" but we wanted "respawn" <-- make sure that Z is correct for the login device you are using as follows: 9600 for normal 9600 baud login terminal, h1200 for 1200 baud modem, h300 for 300 baud modem <-- if Z is incorrect, then change it by s/9600/h1200(CR) <-- eg. Z was 9600 but we wanted h1200 <-- after each "s" for substitute command above, the system will respond by echoing back the new line Repeat the above sequence for each login port until all the ones that you are going to use are turned on. Also, make sure that any ports that you will use for special equipment such as serial printers, cash registers, transport ports, etc. (anything that is not a login terminal) are left turned off (ie. off instead of respawn). When you are done editing, exit the editor as follows: w <-- rewrite the file 1397 <-- responds with the new number of chars (May differ) q <-- to quit the editor On the EXL's we've seen so far, only the console port is turned on by default. Also, you will probably want to change the baud rate on the ttyax post to be h1200 (or h300). Step 6. (Editing gettydefs) You should change /etc/gettydefs on all EXL-316s. Basically, this file contains the initial stty options for terminals 'respawn'ed by 'getty' as per 'inittab' (remember inittab?). Each line in gettydefs starts with a label used in inittab, and ends with another label to use if the user hits the break key while logging in. This is how variable baud rates are handled on a single port as the labels, by convention, correspond to baud rates. The trouble with this is that autobaud detect modems get confused, so its better to disable this. Caution: as the file /etc/gettydefs contains lines that are more than 200 characters long, we recommend that you do not use vi to make the changes. The steps below, effect the change using the ed editor. Console Login: root(CR) # ed /etc/gettydefs(CR) <-- invoke line editor 1002 <-- response is # of chars (May differ) /B300(CR) <-- find the 300 baud label ... s/9600/300(CR) <-- change it to loop to itself ... /B1200(CR) <-- find the 1200 baud label ... s/300/1200(CR) <-- change it to loop to itself ... /B2400(CR) <-- find 2400 baud label ... s/1200/2400(CR) <-- change it to loop to itself ... <-- response is new login line w(CR) <-- rewrite the file 1002 <-- response is new # of chars (May differ) q(CR) <-- quit to Unix # The new parameters will go into effect following the next shutdown and reboot. Step 7. (Editing rc2) The file /etc/rc2 is a Unix shell script that runs every time the system is rebooted. There are two things that we have had occasion to change in this file. These are as follows: a. Define communications parameters for serial printers. Basically this involves getting a "sleep" command going on the port and using "stty" to set the baud rate, etc. The following key by key example adds the commands necessary to define a printer on tty17 with 8-bits, no parity and x-on/x-off flow control (our standard for serial printers on CT's). Console Login: root(CR) # ed /etc/rc2(CR) <-- invoke the line editor 1290 <-- system response is # of chars (May differ) $a(CR) <-- editor command to append at the bottom (there is no prompt in response) sleep 2000000 > /dev/tty17 &(CR) <-- add sleep command stty 9600 cs8 -parenb ixon ixoff ixany -echo < /dev/tty17 &(CR) .(CR) <-- editor command to get out of append mode w(CR) <-- to rewrite the file 1379 <-- system response, is # of chars. (May differ) q(CR) <-- to quit the editor # <-- shutdown and reboot to get new stty parameters set Note the ampersand (&) at the end of the sleep and stty commands. It is critically important as the /etc/rc2 script file will never finish executing if the cable is ever pulled out, and consequently, the system will never finish booting! If this happens, call for help. You'll need to boot from tape to get the system going again (or plug the cable back in). b. Start spooler if necessary. Since you should only do this under very special circumstances the Unix spooler is not covered here. Please refer to the separate document in the System Administrator Reference manual and/or call for help. Step 8. (Editing profile) The file /etc/profile is executed for each terminal that logs in to Unix in a standard manner. Please note that the way we set up basic users does not pass through this, so it's not very useful to J&E. You may have occasion to use it if you are setting up logins for other Unix applications or using the help command in unix. The file /.profile is executed each time you login as root. The default file sets the file creation parameters so that if root creates a file, other login's cannot use it. We recommend changing this in case any Basic work is ever done from root. Console Login: root (CR) # cd /etc(CR) # ed profile(CR) ... <-- system response in number of chars /umask(CR) <-- find umask line umask 022 <-- response is current setting s/22/00(CR) <-- change 022 to 000 umask 000 <-- response is changed line /pt200 <-- find pt200 line s/pt200/tvi925 <-- change terminal type to TVI925 export TERM; TERM=tvi925 #default terminal type <-- response w(CR) <-- rewrite the file 887 <-- new number of chars (May differ) q(CR) <-- quit the editor Step 9. (Creating directories) For Thoroughbred Basic (formerly SMC Basic), the J&E standard is to set up a directory called "JE" on each file system on the machine. This allows us to distinguish our stuff from other Unix stuff, while still permitting Basic to get at all of the available disk space. Before you create the directories, get started with the following commands. They set the default permissions on the files so that any user can have full access. Console Login: root(CR) # umask 0(CR) <-- set default full permissions # The next step is to get a list of the file systems on the machine. Type in: # df -t(CR) <-- "disk free" command lists file systems Each file system has a two line description. The first part is the part which we need - the full pathname of the mount point (directory) of the file system. Also, make note of the number of free blocks (of 1024 bytes each) on each file system. On a typical EXL-316 with one 258Mb drive, you will have the following file systems; / and /usr, with /usr having the most free space. (About 200 mb). Create an JE directory on each file system except the root file system (/) with the mkdir command. (In this case we would create a "JE" directory on /usr only.) It is a bad idea to allow JE to create files on the root file system. There's typically not a lot of space there and you could create problems if a large file gets accidently created on this file system and fills the root directory. For this reason, the following installation procedure does NOT create a /JE directory. In effect, your client's machine will have some "spare" disk space that you could make available in the future if the system gets close to being full. (on a 258 mb drive this is on 7 mb) Using the EXL-316 example, the command would be: # mkdir /usr/JE(CR) Within the JE directory, we must now create sub-directories for various uses by basic. There will be one "main working directory" for basic where all the programs, all the work files and the Thoroughbred Basic interpreter itself reside. The remaining data files may be spread around as desired to make best use of the available disk space. To create the sub-directories for the main JE directory use: # mkdir /usr/JE/WORK /usr/JE/DATA0 /usr/JE/PGM(CR) (Note that the UTILS directory for the Basic utilities will be created automatically when we install the interpreter). Please number your data directories in order of preference of using up space. Generally, number them in order from most available space to least. In a later step, we will configure Basic to assign a "logical disk" number to each JE sub-directory (in IPLINPUT). Step 10.(Installing Thoroughbred) The installation steps are as follows: - put the Thoroughbred tape in the drive (Openings in tape to left, metal plate face down. Make sure safe indicator is to safe position). Console Login: root(CR) # cd /usr/JE(CR) <-- change to the main directory for Basic # cpio -icvdumaB < /dev/rct/c0d5(CR) <-- to restore tape ...... <-- will list the files as they're loaded nn blocks # (Note: This takes about 1 minute to restore) - When completed Remove the tape from the tape drive. Step 11. (Installing J & E programs) J&E's convention for programs is to install all programs on the main working directory for Basic (/usr/JE always) under the subdirectory PGM. If the systems that you require came on more than one tape, then repeat these steps for each tape. - put the tape in the drive (Openings in tape to left, metal plate face down.) Console Login: root(CR) # cd /usr/JE/PGM(CR) <-- change to the main directory for Basic - subdirectory PGM for programs # cpio -icvdumaB < /dev/rct/c0d5(CR) <-- to restore tape tape will list the files as they're (and overwrite any previous programs with the same name. nn blocks # (Note: This takes about 2-5 minutes, depending on the number of programs being restored). - When completed Remove the tape from the tape drive. Step 12. (Editing IPLINPUT) The file IPLINPUT in the main working directory for Basic is the interface configuration file between Basic and the unix operating system. It is used to associate the names of system devices and disk directories between what unix uses, and what Basic uses. The IPLINPUT file as released requires at least the addition of one or two disk directories. In addition, you would have to change IPLINPUT for the following: - serial printers - transport ports - foreign devices (eg. POS cash registers) - a spooled printer (Note: The EXL-316 does not support parallel printers) It is possible to have several completely separate IPLINPUT files on the same machine, thereby setting up individual working environments that have no overlap (or even that do have some overlap). While this is good for an in-house development environment, we strongly advise against it on a client system. The IPLINPUT file as released with the Thoroughbred Basic tape contains the following: CNF 1,5,1,18,CUTERR <-- 5 must match the # of DEV statements PTN 1,60000 DEV D0,1,,,,,,UTILS DEV D2,1,,,,,,WORK DEV T0,1,,,,,,tty DEV LP,4,,136,,,,lp DEV P7,4,,,,,,null IPL 1,2,T0,*JPSD END By now, you should be fairly familiar with the workings of the editor, so the following descriptions will not give the key-by- key commands to make changes to IPLINPUT. Change IPLINPUT to look like the following: CNF 1,6,1,18,CUTERR <-- Notice 6 matches number of DEV PTN 1,60000 DEV D0,1,,,,,,UTILS DEV D1,1,,,,,,WORK DEV D2,1,,,,,,PGM DEV D3,1,,,,,,DATA0 DEV T0,7,,,,,,tty DEV LP,4,,136,,,,tty17 IPL 1,2,T0,GO <-- starts program GO on initial login END UPDATE: for all of these devices to be accessible to Basic users, you will need to change the default permissions on the device special files in the /dev directory. For example, for the above mentioned device, the commands would be: # chmod a+rwx /dev/tty17(CR) <-- for serial printing Step 13.(Adding terminals to "TERMINAL" / Adjust terminal types) There is a file called "TERMINAL" in the /usr/JE directory. This file should contain one entry called console. TERMINAL is the file that contains all the valid terminal that can access Thoroughbred basic. So, you must add all the terminals that will be used by Thoroughbred Basic. An example of what the file should contain is listed below. Remember the terminal numbers are using the octal number system. Also Thoroughbred has a limit to the number of entries that can be in this file. The label on the passport device will tell you how many terminals you can configure. Example of 16 user system: console ttyax tty00 tty01 tty02 tty03 tty04 tty05 tty06 tty07 tty10 tty11 tty12 tty13 tty14 tty15 The TCONFIG file defines for Basic exactly what the characteristics are of each terminal on the system. The TCONFIG file can be modified using the *NPSD utility. The terminal names are in the Basic format Tx. Run the utility program *NPSD to change the terminal model codes to TVI950. If you have any old MAI terminals on the system, you will have to use *NPSD to change their model code to B4 7250 (Note the space in the name). To access *NPSD directly type: Console Login: root(CR) cd /usr/JE(CR) ./b ./IPLINPUT.term(CR) Note: The terminal numbering system starts at T0 thru T9 then TA, TB, TC etc. Warning: Do not use this method of getting into BASIC after the system is in production as you always get T0 reguardless of which terminal you really are. Step 14. (Adding J & E utilities) To each EXL machine, we add four utility shell scripts. Three of these (/mars, /fullback and /printbu) are identical on every system. The fourth and most important (/backup) depends on the disk structure used in configuring the system. The contents of the shell scripts and a description of their functions follows. As you should be familiar with the operation of one of the editors by now, the detail has been left out. /mars shell script - this script is simply used by J&E staff to get into Thoroughbred Basic if we have logged in as root instead of the normal customer login. The contents are as follows: echo '... and AWAY we go ...' cd /usr/JE ./b /fullback shell script - this script is used for performing a full backup on the system. This will include everything on every disk on the machine. The contents are as follows: cd / find . -print | cpio -ovcB > /dev/rct/c0d5 /printbu shell script - this script is used for listing the contents of a backup tape on the parallel line printer. The contents are as follows: cpio -icvdumtaB < /dev/rct/c0d5 > /dev/tty17 Note:(/dev/tty17 is an example only.) The fourth and final (and most important) shell script is the /backup script. This is the script that the client will use for their critical nightly backups. It is vitally important that you get this one right, and that you carefully test it before installing the machine. An example follows: cd / find usr/JE -print > /bulist find u/JE -print >> /bulist (Note: only if /u exists) cpio -ovcB < /bulist > /dev/rct/c0d5 Basically, this procedure is building up a list of all of the files and sub-directories in all of the Basic disk directories. This list is then passed as input to the cpio backup routine. The differences between this example, and what you require for your system would be only in the number of find commands. Note the use of the Unix redirection symbols > and >> for sending the output of the find command into the file /bulist. The first find command in the script file has only one > which means to replace any old /bulist file with the new list. The remaining find commands have two >> which means to APPEND the output from the find command to the target file /bulist. To test the procedure, run the backup as documented in the user startup/shutdown/backup procedures, and run a /printbu on the tape. Carefully check the output and make sure that all JE directories and files were backed up. When a file is created by the ed or vi editors, the default permissions exclude execute permission. Therefore, before these four script files can be run, you need to use the chmod (change mode) command to add execute permissions as follows: # chmod a+rwx /mars /backup /fullback /printbu(CR) Step 15. ( Adding users ) Change is required to the /usr/JE/.profile file so when a user logs in, it will automatically take them to BASIC. Console Login: root(CR) cd /usr/JE(CR) ed .profile(CR) <-- edit .profile file 1i(CR) <-- insert to top of file stty -lcase(CR) <-- Set terminal to lower case .(CR) <-- end append mode w(CR) <-- write changes to file 21 <-- Displays number of char. in file q(CR) <-- quit editor The above file should now contain: stty -lcase ./b exit The file /etc/passwd defines all the legal user's to the system and (optionally) associates a password with each. Our purpose here is to simply define several logins that automatically run Basic on login, and automatically log-out when you RELEASE from Basic. This protects the client from having to learn anything about Unix. Please note that passwords are not covered here. If your customer is concerned about security, and wants passwords on the user logins, then you should refer them to the administrators manual (sysadm modusr command. covered later in this document). Suppose the client's company name is RCH Construction, and you decide to pick the letters rch as the client login (must be lower case), then you would add the following lines to /etc/passwd. The first number is the 'user number' and must be different for each login, so you should first look at the last line in /etc/passwd and find the highest used number. Suppose its 105, then the logins to add are: mars::106:1:mars:/usr/JE: rch::107:1:mars:/usr/JE: rch1::108:1:mars:/usr/JE: ... rch10::117:1:mars:/usr/JE: Please note in step 3 you added a user called mars. The "sysadm adduser" command will only let you create a home directory if it does not exist. Therefore a directory was created which is /usr/mars. In order to make mars working directory correct you must change the user mars working directory from /usr/mars to /usr/JE IMPORTANT: Encourage the client to use a different login on each terminal as some unix tables are maintained by the user name instead of by terminal. There are 6 fields in each line of the /etc/passwd file. They are separated by colons (:) and are described as follows: 1) user name - this is what you type in response to the login: prompt 2) password - always leave blank - passwords are added by logging in and using the passwd command. 3) user number - just use the next available number in the file. 4) group number - always use 1 - groups may go away in a future version of unix. 5) comment - memo field only, we usually put in the word mars. 6) home directory - this should be the main working directory for Basic. (ie. /usr/JE). If you'd like to be really friendly, you can setup logins to match the names of the departments or people within the client's organization. Step 16. (Editing motd) The file /etc/motd is printed on every screen during the login process. If you wish, you can add a line similar to the following: Welcome to Jonas & Erickson Software Systems Step 17. (Reboot) The system reboot puts our changes (/etc/inittab, /etc/rc2, etc, etc, etc) into effect. Be sure to do a proper shutdown first. Refer to the user startup/shutdown/backup procedures documentation for instructions on setting the system date and time with the unix date command. These instructions should be part of the client's J & E Primer. At the # prompt type: # shutdown(CR) or Press the STOP button on the front of the Prime EXL. Step 18. (define J & E files) The first time you run Basic, mars will create a login password J&E with only the security system defined. There may also exist programs for automatically creating all of the data files for each of the systems you are installing. At the time of this writing, the initialization programs are being sent out with the machines, but there is no documentation as yet. If there is no initialization program for some of your systems, you will have to create the files yourself from the file layouts. NOTE: the initial login password may be mars instead of J&E. Step 19. (Test) Test as much as you can think of. When testing printers, its a good idea to make sure they work from unix first, before trying to access them from Basic. An easy way to do this is to use the calendar command and redirect the output to the device special file. For example, testing a serial printer on tty17: # cal > /dev/tty17(CR) With serial printers, be sure to test for proper handling of xon/xoff flow control by letting a large listing start, taking the printer off-line, waiting long enough 'till you're sure the buffer has filled, putting the printer back on-line, and making sure the report is OK. Step 20. (Label ports) Label any ports that you have specially defined so that your hardware installer knows where to plug things in. According to Murphy's law, it is practically guaranteed that you will have a hard disk crash during final shipping of the system to the customer, unless you take a full backup at this point. For EXL you should find a blank tape with the machine which you could use for this backup. Step 21. (Enable / Lock) The switch on the front of the Prime EXL marked ENABLE/LOCK is used for safety purposes. If the switch is in the LOCK position then this disables all three buttons on the front. Therefore we suggest that for normal day to day operations this switch should be set to the LOCK position. This will prevent any accidental shutdown of the machine. Simplified System Administration Within the Prime's EXL-316 operating system there is built in commands to simplify operating functions, such as: * Assigning passwords to administrative logins * Assigning passwords to system logins * Adding users to the system * Performing system backups * Installing optional add-on hardware * Creating file systems The sysadm command uses interactive software programs with menus, subcommands, instructions, questions, and user input. As you enter you responses, sysadm guides you step by step through a system administration task. After you become familiar with sysadm, you can bypass the menus and enter the subcommands directly. eg. sysadm modtty (Will allow you to modify port settings) Below is a list of sysadm commands which we believe to be of help to you. Refer to Prime EXL 316 Installation and Operation Guide for a complete listing. Description Command Add a user adduser Add user group addgroup Assign root password admpasswd Change root password admpasswd Change port settings modtty Change user information moduser Change users password moduser Delete a user deluser List larger files filesize List older files fileage List users lsuser Modify ports modtty Modify users information moduser Set date and time datetime Shutdown powerdown Note: adduser is of little use for adding basic users as it cannot set the home directory to /usr/JE. There is also a on-line help command to assist you with UNIX commands. To start it up type: help(CR) For further information see Operating System Users Guide. Cabling Information The cable connection at the back of the EXL-316 use an RJ45 connection which is like a big modular telephone jack. Since this is a none standard type of connection, we are including with every order a 12 foot "adapter cables" which will convert from the RJ45 connector to the standard DB25 connector. Note, however, that these adapter cables end up "crossing pins 2 & 3". Therfore, the pin specification for cables to terminals and printers is as follows: DB25 Male DB25 Male 1 - - - - - - - - - -1 2--------------------2 3--------------------3 4-| |-4 5-| |-5 6-| |-6 7--------------------7 8-| |-8 20-| |-20 Below is the cabling specs. of the cable supplied by Prime : Pin positions for RJ45 |XX| |XX| <------ Cable |XX| |XX| ------------------------- | | | FRONT VIEW | | | -+--+--+--+--+--+--+--+--- 1 2 3 4 5 6 7 8 RJ45 Connector DB25 Connector Signal Name | | 1 | 6 --> -| TO | Data Set Ready 2 | 5 --> | EXL | Clear To Send 3 | 3 --> -| 316 | Receive Data 4 | 7 | Ground 5 | 7 | Ground 6 | 2 <-- -| FROM | Send Data 7 | 4 <-- | EXL | Request to Send 8 | 20 <-- -| 316 | Data Terminal Ready ----------------------------------------------------------------------------- / / / NIA072 / File 6 / / / / NETWORK MISCELLANY / / / / File1: FEDIX by P.H.R.A.C.K. / / File2: Toll-Codes by David Leibold / / / --- ________________________________________________________ | | | :-) FEDIX | | On-Line Information Service | | | | Written by the people at FEDIX | | | | Submitted to NIA by | | | | Progressive Hegemony of Radical Activist Computer Kids | | | | "Supporting the Concept of Freedom of Information" | |________________________________________________________| What is FEDIX? FEDIX is an on-line information service that links the higher education community and the federal government to facilitate research, education, and services. The system provides accurate and timely federal agency information to colleges, universities, and other research organizations. There are NO REGISTRATION FEES and NO ACCESS CHARGES for using FEDIX. The only cost is for the phone call. FEDIX provides daily information updates on: - Federal EDUCATION and RESEARCH PROGRAMS (including descriptions, eligibility, funding, deadlines). - SCHOLARSHIPS, FELLOWSHIPS, and GRANTS - Available used government RESEARCH EQUIPMENT - New funding for specific research and education activities from the COMMERCE BUSINESS DAILY, FEDERAL REGISTER, and other sources. - MINORITY ASSISTANCE research and education programs - NEWS & CURRENT EVENTS within participating agencies - GENERAL INFORMATION such as agency history, budget, organizational structure, mission statement, etc. PARTICIPATING AGENCIES Currently FEDIX provides information on 7 federal agencies broken down into 2 general categories: 1. Comprehensive Education and Research Related Agency Information - The Department of Energy (DOE) - Office of Naval Research (ONR) - National Aeronautics and Space Administration (NASA) - Federal Aviation Administration (FAA) 2. Minority Assistance Information - National Science Foundation (NSF) - Department of Housing and Urban Development (HUD) - Department of Commerce (DOC) Additional government agencies are expected to join FEDIX in the future. REQUIRED HARDWARE AND SOFTWARE Any microcomputer with communications software (or a dumb terminal) and a modem operating at 1200 or 2400 baud can access the system. HOURS OF OPERATION The system operates 24 hours a day, 7 days a week. The only exceptions are for periodic system updating or maintenance. TELEPHONE NUMBERS * Computer (data line): 301-258-0953 or 1-800-232-4879 * HELPLINE (technical assistance): 301-975-0103. The HELPLINE (for problems or comments) is open Monday-Friday 8:30 AM-4:30 PM Eastern Daylight Time, except on federal holidays. SYSTEM FEATURES Although FEDIX provides a broad range of features for searching, scanning, and downloading, the system is easy to use. The following features will permit quick and easy access to agency databases: Menus -- Information in the system is organized under a series of branching menus. By selecting appropriate menu options (using either the OPTION NUMBER or the two-character MENU CODE), you may begin at the FEDIX Main Menu and work your way through various intermediate menus to a desired sub-menu. However, if you already know the menu code of a desired menu, you may bypass the intermediate menus and proceed directly to that menu by typing the menu code at the prompt. Help screens are available for key menus and can be viewed by typing '?' at the prompt. Capturing Data -- If you are using a microcomputer with communications software, it is likely that your system is capable of storing or "capturing" information as it comes across your screen. If you "turn capture on", you will be able to view information from the databases and store it in a file on your system to be printed later. This may be desirable at times when downloading is not appropriate. Refer to your communications software documentation for instructions on how to activate the capture feature. Downloading -- Throughout the system, options are available which allow you to search, list, and/or download files containing information on specific topics. The download feature can be used to deliver text files (ASCII) or compressed, self-extracting ASCII files to your system very quickly for later use at your convenience. Text files in ASCII format, tagged with a ".MAC" extension, are downloadable by Macintosh users. Compressed ASCII files, tagged with an ".EXE" extension, may be downloaded by users of IBM compatible computers. However, your system must be capable of file transfers. (See the documentation on your communication software). Mail -- An electronic bulletin board feature allows you to send and receive messages to and from the SYSTEM OPERATOR ONLY. This feature will NOT send messages between users. It can be used to inquire about operating the system, receive helpful suggestions from the systems operator, etc. Utility Menu -- The Utility Menu, selected from the FEDIX Main Menu, enables you to modify user information, prioritize agencies for viewing, search and download agency information, set a default calling menu, and set the file transfer protocol for downloading files. INDEX OF KEY INFORMATION ON FEDIX Key information for each agency is listed below with the code for the menu from which the information can be accessed. Please be advised that this list is not comprehensive and that a significant amount of information is available on FEDIX in addition to what is listed here. AGENCY/DATABASE MENU CODE DEPARTMENT OF ENERGY (DOE)/DOEINFO Available Used Research Equipment :EG: Research Program Information :IX: Education Program Information :GA: Search/List/Download Program Information :IX: Research and Training Reactors Information :RT: Procurement Notices :MM: Current Events :DN: NATIONAL AERONAUTICS AND SPACE ADMINISTRATION/NASINFO Research Program Information :RP: Education Program Information :EA: Search/List/Download Program Information :NN: Description/Activities of Space Centers :SC: Procurement Notices :EV: Proposal/Award Guidelines :NA: OFFICE OF NAVAL RESEARCH/ONRINFO Research Program Information :RY:,:AR: Special Programs (Special Research and Education Initiatives) :ON: Search/List/Download Program Information :NR: Description/Activities of Laboratories and other ONR Facilities :LB: Procurement Notices (Broad Agency Announcements, Requests for -- Proposals, etc. :NE: Information on the Preparation and Administration of Contracts, -- Grants, Proposals :AD: FEDERAL AVIATION ADMINISTRATION/FAAINFO Education Program Information - Pre-College :FE: Mio rity Aviation Education Programs :FY: Search/List/Download Program Information :FF: Aviation Education Resources (Newsletters, Films/Videos, -- Publications) :FR: Aviation Education Contacts (Government, Industry, Academic, -- Associations) :FO: College-Level Airway Science Curriculum Information :FC: Procurement Notice :FP: Planned Competitive and Noncompetitive Procurements for the -- Current Fiscal Year :F1: Employment Information :FN: Current Events :FV: MINORITY/MININFO U. S. Department of Commerce Research/Education Minority Assistance Programs :CP: Procurement Notices (ALL Notices for Agency) :M1: Current Events :M1: Minority Contacts :M1: Department of Energy Research/Education Minority Assistance Programs :EP: Procurement Notices (ALL Notices for Agency) :M2: Current Events :M2: Minority Contacts :M2: U.S. Department of Housing and Urban Development Research/Education Minority Assistance Programs :HP: Procurement Notices (ALL Notices for Agency) :M3: Current Events :M3: Minority Contacts :M3: National Aeronautics and Space Administration Research/Education Minority Assistance Programs :NP: Procurement Notices (ALL Notices for Agency) :M4: Current Events :M4: Minority Contacts :M4: National Science Foundation Research/Education Minority AssisdaXce Programs