Information Security

Assessment Tools for Unix and Mac OS X O/S

Most of the incidents at Tufts are virus/worm infections. To analyze the rare Macintosh worm or virus, run the Norton-Antirus program already installed on your computer. Although your computer may be blocked from the network, the local software should still work. If it's not working, it may have been disabled by the malicious code and you should contact your IT support organization for a clean disk for analysis and reinstallation.

Tufts neither provides nor supports an antivirus solution for unix hosts, but CLAM Antivirus is a GPL opensource program available for unix.

When you want to go further or the standard cleanup tools have missed a clever piece of code, the following steps and programs will get you started.

Unix/Max OS X analysis tools

1. Read CERT's Unix Intruder Detection Checklist.
2. Find out what ports are listening.
3. • Well Known Mac OS X Ports
   • Latest IANA port assignments from 1-49150
   • "Netstat -an" reports all open ports.
4. Examine log files for gaps, connections to unexpected places, reboots.
5. Look for setuid and setgid files.
6. Compare system binaries to known good copies or check their dates.
7. Look at all files run by 'cron' or 'at'.
8. Check for unauthorized services.
9. Check the /etc/password file for modifications.
10. Look for hidden files.

For Immediate Help, contact NOC.

Tufts Home | Inside Tufts | Contact University Information Technology
Privacy/Security Notices | Updated April 30 2008
© 2008 Trustees of Tufts College. All rights reserved.