Titan Titan runs all the shell scripts in the $TITANDIR/bin/modules directory that are a) files and b) executable. Titan accepts the -C (config + [filename]), -I (intro), -F (fix) or -V (verify) flag.
Titan.top just a copy of Titan with the paths changed so that when Titan-Config makes a copy in the topmost directory things work as intended.
TitanReport This module runs all titan modules in the "-verify" mode and sends the results via e-mail. This is intended to run as a cron job or as a audit utility. See the FAQ for more.
Sample.Server, sample.config , and sample.list These files are used as templates for use when running "Titan -c config-file" . See the FAQ for more in sample.configs
backtit.sh This modules is called by "Titan-Config" when run "Titan-Config -i" (install). Backtit.sh makes a backup copy of all the files Titan modifies (backtit.sh currently does not backup file permission changes)
untit.sh Untit.sh is called by "Titan-Config" when run 'Titan-Config -d" (deinstall) Untit.sh replaces the files modified by Titan with the original un-secure versions, and is provided as a recovery mechanism if we were to aggressive about securing the system.
aliases.sh aliases.sh goes through /etc/aliases looking for "|" and disabling them when found.
decode.sh checks /etc/aliases for decode alias, and removes it. Separate from aliases.sh since you may have a different policy for servers and desktops. This one only removes the decode alias not the other "|" from /etc/aliases.
duplicate-root.sh Checks for any accounts that are uid 0 that are not named "root"
hosts-equiv.sh Checks for the infamous "+" in /etc/hosts.equiv
inetd.sh Disables most all inbound services from /etc/inetd.conf. These daemons give out information or are potential "denial of service" problems. rexd, ftp, finger, systat, netstat, rusersd, sprayd, and walld. Modify the chatty daemons variable to add subtract things you wish to leave running.
is_root this is not intended to be run by users. The other scripts call this as a generic check for execution as root.
mkshadow.sh This script was modified from a script originally written by Scott Leadley. The script sets up shadowed password files in SunOS. A required piece is the rpc.pwdauthd either from SunOS C2/BSM package or from the patch containing rpc.pwdauthd.
optional directory. This directory contains two compressed tar files. The first one noshell.tar.Z contains a replacement program for the login shell of non-users such as "bin" or "lp" This code was written by Michele D. Crabb, and is not a part of Titan or Titan's License agreement. It is provided here strictly because I think its a useful program and an enhancement to titan functionality. The second piece in the optional directory is a NON-Supported (by Sun) patch for the SunOS kernel which turns off the forwarding of source routed packets. The file is called source-routing-patch.tar.Z for obvious reasons. I originally released this back in 1991 to the firewalls alias.
passwd.sh Check for accounts with no password
rhosts.sh Check for null /.rhosts and of course "+" in /.rhosts
rootpath.sh Check root's path for the infamous "."
rootchk.sh A more strict version or rootpath.sh. This one also changes any files listed in roots path to be owned by root. important such that others can't modify binaries that root may run.
routed-quiet.sh Move /usr/etc/in.routed to /usr/etc/in.routed.asetorigional then build a wrapper starting routed -q. This is done to be compatible with the ASET package.
sanity_check This isn't intended to be run by users (thus no .sh extension) It is called by the other scripts to check to make sure scripts are called with at least one additional argument (-i/-v/-f)
tftp-disable.sh check that tftpd disabled used for systems that are not Diskless Servers
tftpServer.sh Add secure tftp switch Diskless Workstation Server
ttytab.sh Fix ttytab to disable b -s problem
tune-perms.sh. Runs a modified file permission fixes from 100103-12 patch Tune attributes on file system objects This portion will set file system object permissions to a more secure setting.
utmp.sh Checks /etc/utmp to ensure its not world writeable.
uucp-disabled.sh Disable login shell for uucp
ypserver-client.sh Checks that /etc/passwd on ypserver does not have the client line of ":0:+"