













                                S e n t r y
                                ===========
                                    V3.2

                             Instruction Manual

                             Michael A. Bobbitt
                            NightShade Computing
                          Mike.Bobbitt@AcadiaU.Ca
               http//dragon.acadiau.ca/~910318b/Sentry.html



                                S e n t r y
                                ===========
                             Table of Contents

        1.0 Introduction
            1.1  Purpose of Sentry
                 1.1.1 In the Home
                 1.1.2 In the Business Environment
            1.2  Features of Sentry
                 1.2.1 General
                 1.2.2 Expiry Dates
            1.3  Distribution of Sentry

        2.0 Setup
            2.1  General Setup Issues
            2.2  The Initial Login
            2.3  First Priorities
            2.4  Using the Initialization Settings
            2.5  Modifying Your AUTOEXEC.BAT

        3.0 Securing Your Computer
            3.1  BIOS Password
            3.2  Boot Sequence
            3.3  Switches in CONFIG.SYS
            3.4  Passwords
            3.5  Placement in AUTOEXEC.BAT
            3.6  Keep a Backup

        4.0 Logging In
            4.1  The Login Procedure
            4.2  Changing Passwords

        5.0 The SuperUser Menu
            5.1  Create User
            5.2  Delete User
            5.3  View Users
            5.4  Toggle SuperUser Status
            5.5  Change Account Exipry Date
            5.6  Change Password Expiry Date
            5.7  View Log File
            5.8  Change Account Password
            5.9  Assign Max Invalid Logins
            5.10 Edit Initialization Settings
            5.11 Send a Message to a User
            5.12 Exit

        6.0 Using Sentry With Windows
            6.1  General
            6.2  Installation Procedure
            6.3  Additional Windows Security
            6.4  Windows 95

        7.0 Securing Other Programs
            7.1  General
            7.2  Setup

        8.0 Creating a new Instance of Sentry

        9.0 Registration
            9.1 General
            9.2 Benefits of Registration

        10.0 Revision History
             10.1  Pre-Release Notes
             10.2  Sentry V1.0
             10.3  Sentry V1.1
             10.4  Sentry V1.2
             10.5  Sentry V1.3
             10.6  Sentry V1.4
             10.7  Sentry V2.0
             10.8  Sentry V2.1
             10.9  Sentry V2.2
             10.10 Sentry V2.3
             10.11 Sentry V2.4
             10.12 Sentry V2.5
             10.13 Sentry V2.6
             10.14 Sentry V2.7
             10.15 Sentry V3.0
             10.16 Sentry V3.1
             10.17 Sentry V3.2

        11.0 Technical Notes
             11.1  Encoding Algorithm
             11.2  SuperUser Access
             11.3  Files
             11.4  File_id.diz
             11.5  Time / Date
             11.6  Environment Variables
             11.7  Virus Scanners
             11.8  General

        12.0 Potential Threats To Security
             12.1  Account Information
             12.2  Hardware Loopholes

        13.0 Troubleshooting
             13.1  Error messages
                   13.1.1  Environment overflow - not modified.
                   13.1.2  Error Reading Data Segment! [Append]
                   13.1.3  Error Reading Data Segment! [Open]
                   13.1.4  Error Reading Data Segment! [Scan]
                   13.1.5  Error in Initialization Settings!
                   13.1.6  Error in creating log file!
                   13.1.7  Error in time stamps.
                   13.1.8  Error opening log file!
                   13.1.9  Error opening temp file!
                   13.1.10 Internal Screen Error. [Reading]
                   13.1.11 Internal Screen Error. [Writing]
                   13.1.12 Out of memory!
                   13.1.13 Registration Error - Program Aborted!
                   13.1.14 This account has expired.
             13.2  Other problems

        14.0 Standard Disclaimer

        15.0 Contact Information

        16.0 Credits

                           ========================
 




                                S e n t r y
                                ===========
                     Security for the Home and Business





        1.0 Introduction
        ================

        Currently, almost all fields of computer security are growing
        and advancing, with a few notable exceptions. Networks, servers
        and public access systems are all tightening their access to
        avoid potential problems. But what of the non-networked PC? Is
        the information contained on these any less valuable? Often
        times not, yet adequate security programs do not exist for PC's.
        In my search for security, I discovered that PC's were virtually
        ignored, and those programs that did exist were weak and faulty.
        Faced with this situation, I decided to write my own security
        program from scratch, incorporating the tightest security
        measures possible, while allowing flexible, easy use.


        1.1 Purpose of Sentry

        Sentry is meant for one basic purpose only: to keep unwanted
        people off your PC. It is flexible enough that this single
        purpose can be used in many different ways, for many different
        reasons. Here are just a few.


        1.1.1 In the Home

        Most people have something on their home PC that they consider
        to be "sensitive". Maybe it's a private letter, maybe it's
        copies of e-mail, or maybe it's financial information. Or quite
        possibly, you just want to keep track of who is using your
        system. Sentry has the solution for all of these problems, by
        restricting access and logging all attempts to use the system.

        Alternatively, sometimes you just want to keep people out,
        period. It could be your nosy room mate, your little brother, or
        your boss at work. In any case, Sentry will keep them out, while
        letting a select group of people in.

        1.1.2 In the Business Environment

        Businesses will find Sentry valuable to guard against
        unauthorized entry into PC's. With Sentry, you can leave your
        terminals unattended while knowing that nobody can access the
        information held on them, unless you want them to. Many
        businesses have cleaners or other independent contractors come
        in during silent hours. A lot of businesses have PC's in open
        areas where a "passer-by" could use them. Most terminals are
        left unattended for a portion of the day (lunch, during errands,
        during meetings, etc.). There's no guarantee that an unauthorized
        person won't attempt to use your PC's when you're not around.

        For businesses that work in groups, Sentry is useful for keeping
        track of who used the PC's and when. Supervisors could have
        SuperUser access on all PC's in their group, allowing them to
        manage and control access as required. Also, the log that Sentry
        keeps could be a valuable tool in determining who was doing
        what, and when.

        You may not need to use Sentry on your system. You might never
        have a security problem to worry about. But the truth is that
        Security isn't something to take a chance on. It is a serious
        problem in today's computing society, and many legitimate users
        find themselves helpless or confused about the real issues. It
        is a shame that the immoral few have ruined it for the rest, but
        we cannot let them get in the way of our daily business. With
        the proper tools and knowledge, we can fight back by closing up
        the common loopholes that attackers use.


        1.2 Features of Sentry

        1.2.1 General

        Sentry will allow you to set up accounts on your computer, one
        account for each person you want to have access. If someone
        doesn't have an account, they don't get in. It's that simple.
        Each person has their own account, with their own password,
        making it easy to track who logs in and when. Since Sentry
        doesn't use a "master access" password, you can wipe a single
        users account without affecting any other users.

        Sentry records each login attempt in a log file which can be
        viewed by a SuperUser at any time.

        1.2.2 Expiry Dates

        You can set accounts to expire on a certain date, effectively
        barring access to the specified user after that. For example, if
        you know that Joe will be leaving on April 14th, you can set his
        account to expire on April 15th. That means you don't have to
        remember to delete his account on the 15th... It will expire on
        it's own, and you can delete it whenever you remember.

        You can also set expiry dates for passwords, meaning that a user
        will have to enter a new password once his old one has expired.
        In addition, you can set the period of time that new passwords
        are good for.

        Sentry can be used to restrict access when you first turn on
        your PC, to block DOS access from within Windows, to secure a
        single program from general use, or any combination of the
        above.


        1.3 Distribution of Sentry

        Sentry is a copywritten piece of work, however distribution of
        the ShareWare version is allowed and encouraged. The only
        stipulation is that it must be unmodified, and must contain all
        of the original files (and no others). Essentially, the
        SentryXX.zip file you initially received is the only format that
        Sentry is distributable in.

        DO NOT distribute any registered versions whatsoever. (By
        distributing a registered version, you are giving out copies of
        a specific encoding scheme, which can be used against the
        registered user).


        2.0 Setup
        =========

        Since you are reading this, I can safely assume you have
        unzipped Sentry. Along with that, I will also assume that you
        have created a directory for Sentry, and that all Sentry files
        are currently in it. (If this is not true, do it now). You may
        want to read the section entitled "Creating a new Instance of
        Sentry" below.


        2.1 General Setup Issues

        The very first thing you should do is make sure you keep a copy
        of all the Sentry files somewhere safe. Copying them to a floppy
        disk and storing it is a good idea.

        From here, installation is painfully simple. Just run the
        program called INSTALL.EXE. This program will automatically
        search to see if your copy of Sentry already has initialization
        settings. If it does, you will be asked if you wish to
        over-write them. Enter 'y' if you wish to overwrite them. Any
        other input aborts the action. If you do not already have
        initialization settings, the install program will automatically
        use the defaults.

        Please note that the install program deletes itself after
        running. This is so it cannot be run by a regular user to gain
        access. Make sure you keep a backup of the install program in
        case you need it.


        2.2 The Initial Login

        Now the next thing you must do is to change the password and
        login provided with the initial copy of Sentry. To do this, you
        must run the Sentry.exe program. If it displays an error
        message, check the troubleshooting section at the end of this
        file.

        When it asks for a login, use "Sentry", with the password
        "Sentry". You can turn case sensitivity off via the
        initialization settings, but only for logins. The password must
        be entered exactly as shown (sentry or SENTRY will not work).
        The Sentry account has SuperUser access, meaning you can create
        and delete accounts while logged in as Sentry. To log in as a
        SuperUser, enter Sentry for a login, and instead of pressing
        enter, hold down the CONTROL key and press enter. This tells the
        Sentry program that you want to log in as a SuperUser. Then
        enter your password normally, and instead of dropping to DOS,
        you will go to the SuperUser menu. (See the section below on
        "The SuperUser Menu" for more information).

        From here, you should create a new user (you) and grant yourself
        SuperUser access. You can do this during creation by holding the
        CTRL key while pressing enter after typing your login name. You
        can also do this by using the "Create User" option normally and
        then using the "Toggle SuperUser Access" menu option to give
        yourself SuperUser privileges.


        2.3 First Priorities

        Once you have your account set up, you should delete the Sentry
        account, so nobody else can use it. This is very important as a
        potential intruder will probably try to enter through the
        default Sentry account first. (If you delete it, that closes the
        loophole).

        Sentry will not let you delete the last SuperUser, so you must
        create a new user with SuperUser access before deleting the
        Sentry account.

        From here, you can create the other users of your system, and
        define their starting passwords, expiry dates and access rights.
        See the section below on "The SuperUser Menu" for more
        information.


        2.4 Using the Initialization Settings

        Sentry can be configured to your needs by way of the
        initialization settings. These settings contain information that
        you may wish to change, allowing Sentry to adapt to many
        different situations.

        You can edit the initialization settings from the SuperUser
        menu. You can do this by selecting the "Edit Initialization
        Settings" option (see section 5.10). Each setting includes
        helpful hints and information to simplify customization. Any
        changes you make will not take effect until the next time you
        use Sentry.


        2.5 Modifying Your AUTOEXEC.BAT

        Simply add the following line to the top of your AUTOEXEC.BAT
        file:

        ----------------- CUT ----------------
        \Sentry\Sentry
        ----------------- CUT ----------------

        The above example assumes you have installed Sentry on
        c:\Sentry, which may not be true. Adjust the path in the first
        line to reflect the location of Sentry on your system.

        NOTE: These lines MUST be the first lines in your AUTOEXEC.BAT
        file. If not, the user may be given a chance to bypass Sentry by
        pressing CTRL-C or CTRL-BREAK.

        If Sentry is installed on a drive other than the one you boot
        from (drive D in the example below), then add these lines
        instead:

        ----------------- CUT ----------------
        d:
        \Sentry\Sentry
        c:
        ----------------- CUT ----------------


        3.0 Securing Your Computer
        ==========================

        Sentry is essentially useless unless you take the appropriate
        additional security measures for your machine. Below I have
        outlined some of the things you can do to increase the security
        of your system.


        3.1 BIOS Password

        Protect your BIOS! It has a built in password, so set it!
        Without the password, any user can get into your BIOS and change
        your critical system settings. I have seen several different
        types of BIOS setups, but generally, you use the CHANGE PASSWORD
        command (Sometimes also listed as SUPERVISOR PASSWORD) from the
        main menu and set the SECURITY OPTION to setup (as opposed to
        system) in the BIOS FEATURES SETUP screen. Depending on the
        layout of your BIOS, you may have a CHANGE SETUP PASSWORD option
        right on the main menu.


        3.2 Boot Sequence

        Change your boot sequence. Again, in your BIOS, under the BIOS
        FEATURES SETUP screen, set your BOOT SEQUENCE to boot from your
        hard drive first. (This usually means set it to C,A as opposed
        to A,C). This will ensure that no-one can bypass Sentry by means
        of a boot disk.


        3.3 Switches in CONFIG.SYS

        Add "switches /n/f" as the first line of your CONFIG.SYS file.
        The /n will disallow pressing F8 to step through the CONFIG.SYS
        and AUTOEXEC.BAT files. This means that users cannot bypass
        Sentry by this method. The /f switch is optional, it simply
        speeds up your boot-up time (by about 2 seconds).


        3.4 Passwords

        Pick a good password. Short passwords are a bad idea, as well as
        birthdays, girlfriends names, etc. Anything that is easy to
        guess should be avoided. Good passwords are not words at all,
        but made up from a "mnemonic" sentence. For example, the
        sentence "I'll wait for you" turns into "Illw84u" (trust me).
        Mixing lower case letters, upper case letters, and numbers
        increases the security of a password, and passwords of this type
        are near impossible to guess or crack. Do not write your
        password down, especially near your computer. Try to memorize it
        if possible. Change your password, but not too often. People who
        change their passwords too often (less than 6 months or so) tend
        to write them down, which is a bigger risk. Don't enter your
        password with someone looking over your shoulder. If someone is
        in the room, block their view, or wait until they leave.


        3.5 Placement in AUTOEXEC.BAT

        When you are installing Sentry, make sure it is the FIRST file
        in your AUTOEXEC.BAT! Otherwise, the user may be able to exit
        when another program is running and avoid Sentry all together!


        3.6 Keep a Backup

        Keep a backup copy of all your Sentry files! If something
        happens to these files, you may be locked out your computer if
        you don't have a backup. It is best to copy your entire Sentry
        directory to a floppy disk about once a week, so you won't be
        caught short.


        4.0 Logging In
        ==============

        4.1 The Login Procedure

        When you first run Sentry, you should see the standard startup
        screen. Your registration information is contained here. (The
        shareware release simply says it is registered to Shareware).
        You should also see a prompt asking you to enter your login (or
        user name). If instead you see an error message, check at the
        end of this file for help.

        While entering your user name, if you have SuperUser access, you
        can log in as such. You can do this by holding down the CTRL key
        while pressing enter (CTRL-ENTER). If you do not have SuperUser
        access, or do not wish to log in as such, simply press enter. In
        either case, this will send you to the password prompt.

        Once you have reached the password prompt, you simply enter your
        password, and hit enter when you are finished. Your password is
        not echoed to the screen.

        The minimum and maximum length of both the login and password
        are set by initialization settings. If you wish to change these,
        you must do so from the SuperUser menu.

        After correctly entering your password, Sentry will search for
        any messages addressed to you. If you have a message waiting, it
        will be displayed. Pressing 'd' will delete that message, any
        other key will keep it for the next time you log in. Each
        message is displayed individually.

        Next, the date and time of your last login will be displayed. If
        there have been any invalid login attempts made against your
        account since the last valid login, you will be told so, and how
        many. If the number of invalid login attempts against your
        account has exceeded the maximum allowed, your account will be
        locked out until the SuperUser resets it.

        If your account has expired, it will say so, and subsequently
        lock you out. If your password has expired, it will also say so,
        but will then prompt you to enter a new password. You may not
        re-use your old password, and you must pick a password that
        corresponds to the length limits set out by the initialization
        settings. Once you have entered and verified your new password,
        it is given a new expiry date according to the default (again
        determined by the initialization settings).

        If you have logged in as a SuperUser, and have SuperUser access,
        you will now be in the SuperUser menu (see the section below).
        If not, you will simply be dropped to DOS, and the login
        procedure is complete.


        4.2 Changing Passwords

        If you wish to change your password at any time, you can do so
        by entering the pass key. The pass key is defined in the
        initialization settings, and is displayed when Sentry starts up.
        The default pass key is "passwd". To change your password,
        simply enter your user name as usual, and when prompted for your
        password, enter the pass key. You will then be prompted for your
        old  password (to make sure it is really you), and then you will
        be asked for your new password, which will be verified and saved
        to disk. Your new password will expire in the number of days
        designated by the initialization settings.

        Changing your password has no effect on SuperUser access.


        5.0 The SuperUser Menu
        ======================

        5.1 Create User

        This option allows you to create users on your system. First of
        all, you must enter the username (or login) you wish to assign
        to that user. If you wish to create a user with SuperUser
        status, type in the username and hold down the CONTROL key when
        pressing enter. Otherwise, just press enter. Once that is
        complete, Sentry asks for the password. The password is not
        echoed to the screen. The user should choose and enter their own
        password. SuperUsers need not know what the passwords are since
        they can still manage the accounts without knowing them. The
        password is entered twice to ensure no typos were made, and then
        saved in encoded form. The ESCAPE key will abort this operation
        at any time.

        Note: There is currently a maximum of 100 users allowed. This
        limit can be bypassed if required (contact me for a larger
        capacity version).


        5.2 Delete User

        The delete option is very simple. It brings up a list of all
        users, and you simply use the cursor keys to highlight the user
        you wish to delete. SuperUsers are denoted by a * to the right
        of their username. Press enter to select the appropriate user.
        If the selected user is a SuperUser, Sentry will give a warning.
        SuperUser or not, Sentry will then ask if you are sure you want
        to delete them. Any input other than a 'y' will not perform the
        delete. The ESCAPE key will abort this option at any time.


        5.3 View Users

        This option allows you to view all users who currently have
        accounts on your system. SuperUsers are again denoted by a * to
        the right of their login name. The last login date/time, account
        expiry date and password expiry date are also shown to the right
        of the user's login name. In addition, the number of invalid
        logins since the users last valid login are shown with the
        number of invalid logins allowed before an account is locked up.
        An "X" in the "Max Inv Log" (Maximum Number of Invalid Logins
        Allowed) column means there is no limit. You can use the PAGE UP
        and PAGE DOWN keys to scroll forward and back if there are
        multiple pages of users. Arrows (- and ) will be present if
        there are additional pages above/below. The ESCAPE key will exit
        back to the main menu.


        5.4 Toggle SuperUser Status

        When this option is selected, it first brings up a list of all
        users on the system. Again, SuperUsers are denoted by a *. Once
        you have selected a user, Sentry will ask you if you want to
        grant/revoke SuperUser access to/from the appropriate user. Any
        input other than a 'y' will not change that users status. Now
        the user must enter a password. (Since the SuperUser status is
        encoded in the password, and the password can never be decoded,
        I can't change SuperUser access without resetting the password).
        The user can re-enter their old password, or enter a new one
        (the old one will be over-written). In a worst case scenario,
        the SuperUser can re-assign a new password to the user if he is
        unavailable to enter a new password himself. (A hostile user can
        have SuperUser access revoked without having to enter a new
        password; you can do it for him).


        5.5 Change Account Expiry Date

        This option lets you define when an account will expire on your
        system. Expired accounts no longer have access. This option is
        useful if a user will be leaving. Then you don't have to
        remember to delete their account on the day they leave. You can
        set it to expire, and delete it when you remember.

        This option also works in conjunction with the "Assign Max
        Invalid Logins" option. Once an account reaches it's maximum
        number of sequential invalid logins, it expires. The only way to
        re-activate the account is to change the expiry date with this
        option.

        Once you select this option, some information about the account
        will be displayed. If it is a SuperUser account, Sentry will
        tell you so. It will then display the account's current expiry
        date. You will be asked if you are sure you want to change that
        user's expiry date. Any input other than a 'y' will abort the
        process, otherwise you will be prompted for the year the account
        will expire. The year must be entered as 4 digits (IE: 1997). If
        you enter 'N' at the year prompt, no expiry date is assigned to
        that account (it is valid forever). If you enter a valid year,
        you will then be prompted for the expiry month, which is entered
        as 2 digits (IE: 06 for June) followed by the expiry day, which
        is also entered as 2 digits. Accounts expire at one second past
        midnight on the date of expiry.


        5.6 Change Password Expiry Date

        This option lets you define when a users password will expire.
        Once the password has expired, the user must enter a new one.
        This forces the user to change their password. Once a password
        has expired, the next time the user logs in he will be forced to
        enter a new password. The new password is valid for the number
        of days set by the initialization settings. Once a password has
        expired, the user cannot re-enter it. He must select a new
        password. (NOTE: Sentry does not keep historical records on
        passwords, so a user may alternate back and forth between 2
        passwords. This is not a secure practice and should be avoided).

        Once you select this option, some information about the account
        will be displayed. If it is a SuperUser account, Sentry will
        tell you so. It will then display the current expiry date for
        the password. You will be asked if you are sure you want to
        change that user's expiry date. Any input other than a 'y' will
        abort the process, otherwise you will be prompted for the year
        the password will expire. The year must be entered as 4 digits
        (IE: 1997). If you enter 'N' at the year prompt, no expiry date
        is assigned to that password (it is valid forever). If you enter
        a valid year, you will then be prompted for the expiry month,
        which is entered as 2 digits (IE: 06 for June) followed by the
        expiry day, which is also entered as 2 digits. Passwords expire
        at one second past midnight on the date of expiry.


        5.7 View Log File

        Every time a user logs in, a record is kept on disk. If you want
        to view that online record, select this option. The log file
        will be displayed, one screen at a time. Once the entire log
        file has been displayed, Sentry will ask you if you want to
        clear the log file. Any input other than 'y' will exit, leaving
        the log file in tact. If you answer with a 'y', Sentry will
        clear out the old entries. The log file itself will not consume
        much disk space, and so it should be left in tact for historical
        reasons. You may find it necessary to refer back to the log file
        to verify certain events. If disk space is a constraint, you can
        copy the log file onto a floppy disk for storage.

        You should always keep a close eye on the log file as this will
        often tell you when something is wrong on your system. All error
        messages are saved to the log file, so you can see if Sentry has
        run into any problems. Also, it records the current time, and
        the username of the user attempting to log in. This will help
        you to identify any potential attacks on your system. The log
        file is hidden by Sentry, but you should also place it somewhere
        safe so that users cannot tamper with it. You can set the
        location of the log file via the initialization settings.


        5.8 Change Account Password

        This option allows the SuperUser to change an account's
        password, in case the user forgot it, or some other strange
        disaster has occurred. When assigning a new password to an
        account, you should set the expiry date to be immediately, so the
        user is forced to choose a new one. If the previous password had
        no expiry date, none is assigned to the new password. Otherwise
        the password expires in the number of days assigned in the
        initialization settings. You can abort at any time by pressing
        the ESCAPE key.


        5.9 Assign Max Invalid Logins

        This allows you to set the maximum number of invalid logins
        allowed before an account is disabled. The default number is
        defined in the initialization settings, and is assigned to all
        accounts when they are first used.

        To assign a new maximum, simply select the "Assign Max Invalid
        Logins" option from the SuperUser menu. From here you will be
        shown the complete user list, and asked to select the user you
        wish to change. Pressing the ESCAPE key will abort the operation
        here.

        Once you have selected the user, you will be informed if that
        user is a SuperUser. NOTE: You should not assign a maximum
        number of invalid logins to your last SuperUser account. If you
        do, and someone attempts to break in to that account, you could
        be locked out of the SuperUser menu!

        Next you will be told what the user's current max invalid login
        setting is, and asked if you want to change it. Any input other
        than a 'Y' will abort the operation. Now you will be asked to
        enter the number of invalid login attempts before an account is
        disabled. Entering 'N' or a 0 will mean that there can be
        unlimited invalid login attempts made.

        Please note that a value of less than 10 may cause you more
        trouble than good. You may be spending a lot of time re-setting
        accounts if you pick too low a value, so consider this
        carefully. Also note that when an account is locked up, it is
        actually set to expire immediately. As a result, if you wish to
        re-activate an account, you must change the account's expiry
        date (see above). This is also handy for determining when the
        account was actually de-activated. The expiry date for that
        account it set the day it was locked out.

        Every time a successful login is made to an account, the invalid
        login counter is reset. This means that an account will not be
        locked out if it has a valid login before the maximum is
        reached. (For example, say an account has a maximum of 10
        invalid logins. If there are 7 invalid logins before a
        successful login, and then 5 more invalid logins, the account
        will not be locked up. There must be 10 sequential invalid
        logins for the account to be disabled.)

        Once you have finished making the change, you can view the user
        list to make sure it is acceptable.


        5.10 Edit Initialization Settings

        This option allows you to edit the initialization settings.
        After installation, it is critical that you go through each and
        every attribute, and make sure it is set to your liking. Many of
        the initialization settings have serious implications on
        security. Once this option is selected, all of the attributes
        are displayed. Simply select the attribute you wish to modify,
        and you will be given the following information:

                - A one line description of the attribute.

                - A brief description of the attribute and it's uses.

                - Valid settings for the attribute, if applicable.

                - Any security notes, if applicable.

                - The default value for the attribute.

                - The current value for the attribute.

        At this time, you will be prompted to enter a new value for the
        attribute. Pressing ENTER on a blank line, or pressing the ESC
        key abort any changes the current value.

        Sentry performs strict checking on the values you enter, and
        will not save an invalid value.


        5.11 Send a Message to a User

        This option allows the SuperUser to send a one-line message to
        any user on the system (including themself). Once this option is
        selected, you must pick the user you wish to send a message to
        from the list of all users. Once this is done, you will be
        prompted for your one-line message. If you wish to send more
        than one line, simply send two messages to the same user. After
        you have entered your message, you will be returned to the
        SuperUser menu. The next time that person logs in, your message
        will be displayed, including:

          - Who the message is from
          - The time and date the message was sent
          - The message itself

          The user then has the option to delete the message. If they do
          not delete the message, they will also see it on their next
          login.

          NOTE: Messages are displayed before any login information, so
          you can send messages to users that are locked out. That way,
          if you wish to send an explaination, you can.


        5.11 Exit

        This simply returns you to the DOS prompt. It is the same as
        pressing the ESCAPE key.


        6.0 Using Sentry With Windows
        =============================

        6.1 General

        Sentry is also adaptable to Windows, allowing you to keep users
        away from DOS. This may be desirable if you enter Windows
        immediately upon startup (I.E.: your AUTOEXEC.BAT contains "win"
        as a command). If you want to limit access to your system as a
        whole, you could install Sentry in the usual way. This would
        keep out unwanted users all together. If you want to also limit
        access to the DOS prompt from Windows, you can do that too. All
        you must do is create a new instance of Sentry (see below), and
        then simply set up your windows to run Sentry when you drop to
        DOS. The example setup below assumes you have installed an
        instance of Sentry in c:\Sentry\Inst1, but you can substitute
        your actual directory names in where applicable.


        6.2 Installation Procedure

        Installing Sentry in the Windows environment is simple. Included
        in the Sentry zip file are 2 files:

        Sentry.grp
        Sentry.pif

        Copy both of these files into your windows directory. Now, enter
        Windows and from the Program Manager, select [F]ile, then [N]ew.
        Next select Program Group. When prompted, enter "Sentry" for
        both description and file name. Now you should see a new program
        group called Sentry. The Sentry program group should contain a
        single icon, labeled MS-DOS. This icon actually points to
        sentry.pif, which contains specific information about running
        Sentry.

        You can edit the new icon (highlight it and press ALT-ENTER) and
        change the working directory to point to your Sentry files.

        IE: c:\Sentry, or c:\Sentry\Inst1, etc.

        From here, run the Pif Editor program (the icon is a little
        tag), and open Sentry.pif. Now change the "Program Filename" to
        point to your Sentry.exe file.

        IE: c:\Sentry\Sentry.exe, or c:\Sentry\Inst1\Sentry.exe, etc.

        In Addition, change the "Working Directory" to be the same as
        the working directory for the icon (see above). Once you save
        the .pif file, you are all set.

        At this point you should test out the new Sentry icon to make
        sure it works ok. When you double click on the new icon, it
        should take you directly to Sentry. Once you have entered a
        correct username and password, it will then drop you to a
        regular DOS shell. You can type "EXIT" to return to Windows at
        any time.

        Once you are sure it works, remove your old MS-DOS icon, so that
        users cannot use it to drop straight to DOS. You can drag your
        new icon into the same location as your old MS-DOS icon, so
        everything will look the same.

        Now there is one last step. If a user were to exit Windows, they
        would be at the DOS level, which is not what we want. Since your
        AUTOEXEC.BAT file is running windows on startup, you can block
        people from exiting by forcing them to go through Sentry. You
        can do this by adding a call to Sentry after the win command in
        your AUTOEXEC.BAT.

        For example, the last lines of your AUTOEXEC.BAT might look like
        this:

        ----------------- CUT ----------------
        win
        \Sentry\Inst1\Sentry
        ----------------- CUT ----------------

        Alternatively, you can add the security measures described in
        section 6.3 below.

        And that's it. If it seems like a complicated process, just try
        the steps one at a time, and make sure everything works ok. The
        end result is that when you click on the MS-DOS icon, it will
        run Sentry before dropping you to the DOS shell. That means that
        you can limit access to the operating system, without pulling
        any fancy tricks in Windows. Since you have made a new instance
        of Sentry, you could have one instance run when you boot up
        (giving access to windows), and have another instance run when
        you click on the DOS icon (giving access to the operating
        system). That way, a user that has access to your PC may not be
        able to drop to DOS.

        Be warned however that Sentry will still lock up your DOS
        session when a user fails to log in. This may cause you to lose
        any information you have not saved in your Windows session, if
        Windows becomes unstable.

        If Sentry does lock up your DOS session, you may be able to
        recover back to Windows by pressing CTRL-ALT-DELETE and closing
        the DOS prompt. This will still not allow access to DOS, but you
        will not lose anything you were working on.


        6.3 Additional Windows Security

        There are additional security measures built into Windows that
        should be considered when using Sentry. After all, securing the
        MS-DOS icon won't do any good if someone can edit it back to the
        way it was.

        To add more security to your Windows system, just add this
        Restriction section to your progman.ini file:

        ----------------- CUT ----------------
        [Restrictions]

        EditLevel=4
        rem Stops the creation, movement, copying, deletion, or
        rem modification of ANY groups or icons.

        Noclose=1
        rem Prevents a user from exiting windows.

        NoRun=1
        rem Disables the run command selection from the file menu.

        NoSave=1
        rem Stops the selection of save settings on exit from program
        rem manager.

        NoSaveSettings=1
        rem Disables the save settings on exit command, so any changes
        rem made to the your program manager group icons and windows
        rem cannot be saved upon exiting windows.
        ----------------- CUT ----------------

        To reverse any of these entries, remove it or change the value
        from to 0.  You can delete the file manager Icon as an additional
        security precaution.


        6.4 Windows 95

        Sentry is easily adaptable to use in a Windows 95 environment.
        In most respects, the setup is the same as in a DOS/Windows
        environment.

        As before, ensure that the call to Sentry is at the beginning of
        your AUTOEXEC.BAT file. The Sentry.pif file and Sentry.grp file
        will still work with Windows 95, although at this time I have
        not drawn up specific instructions for installation.

        I have not yet conducted thorough tests in a Windows 95
        environment, however documentation for this should be
        forthcoming in a future revision.


        7.0 Securing Other Programs
        ===========================

        7.1 General

        In some cases, it might be beneficial to secure a single
        program. It might be a word-processor, a mail program, or even
        Windows. In any case, you can secure it with Sentry, even if you
        don't use Sentry during boot-up. You will probably want to
        create a new instance of Sentry (see below) for each program you
        want to secure. That will allow you to have different accounts
        and passwords for each program.


        7.2 Setup

        To set this up, all you have to do is write a batch file of the
        following format, and stick it in a directory in your path.
        (C:\DOS is almost always in your path, so you could stick these
        batch files there). In this example, we will secure the program
        called RUNME (located at C:\prog\runme.exe):

        ----------BEGIN RUNME.BAT-----------------
        @echo off
        c:
        \Sentry\Inst2\Sentry
        cd \prog
        runme
        cd \
        -----------END RUNME.BAT------------------

        The program as shown above will run Sentry before it runs
        RUNME.EXE. As long at the batch file is in your path ahead of
        RUNME.EXE, RUNME.BAT will execute first, barring the user from
        running RUNME.EXE without running Sentry first. C:\DOS is almost
        always first in your path, so this will work for everything but
        DOS programs. You can add a new directory to you path by editing
        your AUTOEXEC.BAT. If you add it to the beginning, and place all
        your batch files there, they will run first. The only exception
        to this rule is that if the user is in the directory containing
        RUNME.EXE they will not execute RUNME.BAT first.

        This is not by any means a perfect method of securing a program.
        It will work in most cases, but with the proper knowledge and
        patience, this method can be defeated. If your users are
        skilled, don't rely on this method to be "bullet-proof." (Sentry
        was not designed for this purpose, it is merely an additional
        use).

        Future versions of Sentry may have an "automated" method for
        doing this if the need exists.


        8.0 Creating a new Instance of Sentry
        =====================================

        In some of the scenarios listed above, you may be required to
        create a new "instance" of Sentry. That is to say, a completely
        new copy of Sentry, that works independently of all other
        copies. This is a fairly simple process, that you can perform as
        many times as required.

        The first thing you must do when creating a new instance is to
        create the directory you wish to place it under. If you plan to
        have several instances, you may want to create a Sentry main
        directory, with your instances branching off of that. For
        example:

        c:\Sentry
             |
             +----+------- Inst1
                  |
                  +------- Inst2

        This will allow you to keep all your Sentry files well
        organized, and separate from your other programs. Create a
        directory for each instance you anticipate you will need. From
        there, simply copy ALL of the Sentry files into each directory.

        The final step is to set up the accounts of each instance
        according to your needs. To do this, you must go into each
        directory individually and run Sentry. Now log in as a SuperUser
        and set up all the required accounts. Remember that each
        instance is independent of the others. Your account information
        will not be the same for any 2 instances (otherwise there is no
        advantage to having 2 instances).

        You should always test out each instance and make sure it works
        before using it.


        9.0 Registration
        ================

        9.1 General

        If you use Sentry on your machine(s), I urge you to register. I
        have put a lot of time and effort into making Sentry a viable
        security program, and I would appreciate the effort very much.

        On the other hand, I realize that not everyone can afford to
        register. In that case, please feel free to continue to use the
        ShareWare version. There are no limitations on how long or how
        many times it can be used. My intention with Sentry was to make
        a contribution to PC security, and to make it available to
        everyone. All I ask is that if you use Sentry, and are able,
        please register.

        The shareware version of Sentry has all the functionality of the
        registered version, with one exception: it does not encode
        passwords. This will allow you to test out all the functions of
        Sentry before you commit to purchasing it. The ShareWare version
        in itself is a very secure program as is, however if you are
        serious about Security, plaintext passwords are not a viable
        option.

        To order, simply fill out the order form provided (Order.frm)
        and e-mail or snail-mail a copy to me.


        9.2 Benefits of Registration

        As a registered user, you will receive:

              - The full Sentry program (with password encryption) and
                related files on 3.5" disk.

              - A laser printed user's manual (essentially this file,
                with a few changes in format and content).

              - Online internet support via e-mail.

              - Free upgrades as soon as they are available.

              - Notices about any potential security risks, and
                instructions on how to protect yourself.

              - The ability to request specific features in future
                versions of Sentry.

              - A clear conscience knowing that you paid for your
                software.

        NOTE: Registered versions are not inter-compatible. That is,
        user X's account information is encrypted differently than user
        Y's. The version of Sentry that you receive is good only for you
        and your files. (Likewise, nobody else can use their copy of
        Sentry with your account information). See the order form for
        information on obtaining compatible versions of Sentry.


        10.0 Revision History
        =====================

        10.1 Pre-Release Notes

        March 95   - My search for DOS security programs is
                     unsuccessful. The general idea for Sentry is
                     formed.

        April 95   - Coding for Sentry begins.

        May 95     - Still coding...

        June 95    - Sentry is now a complete program.

        July 95    - Beta testing. Many updates made.


        10.2 Sentry V1.0

        Release Date: 20 July 95

        - Sentry V1.0 (Shareware) is released. Contains basic
          functionality. At this point, Sentry is approximately 1700
          lines of code.


        10.3 Sentry V1.1

        Release Date: 27 July 95

        - Sentry V1.1 Released. V1.1 fixes some serious bugs in V1.0,
          and has these additions:

          * Date format is selectable.

          * Users with no password expiration are not assigned an expiry
            date on entering a new password.

          * Incorrect password verification displayed immediately when
            creating a new user, or toggling SuperUser status.


        10.4 Sentry V1.2

        Release Date: 29 July 95

        - Sentry V1.2 Released. Some more minor bugs are repaired and
          several areas are updated. Additions are:

          * Memory management improved.

          * All user stats now shown instead of just login name.

          * The keyboard buffer is flushed after an invalid login
            attempt.


        10.5 Sentry V1.3

        Release Date: 01 Aug 95

        - Sentry V1.3 Released. Again, more bugs were fixed in this
          version. Additions are:

          * The log file is now much more detailed than before, and
            includes a time stamp on every action.

          * A bug with deleting a user listed as 15th or later in the
            password file has been fixed. (Regardless of what page the
            user you selected to delete was on, a user from the first
            page was always deleted).

          * A bug in the multi-user display was fixed. (If the last page
            contained one user, you could not page down to see him).


        10.6 Sentry V1.4

        Release Date: 08 Aug 95

        - Sentry V1.4 Released. Some minor changes have been made,
          mostly for the sake of appearance. Additions are:

          * The Sentry.ini file now allows the user to select the
            colours to be used for normal and highlighted text.

          * Input routines have been improved and simplified.
            Inappropriate characters have been stripped from the input
            stream.


        10.7 Sentry V2.0

        Release Date: 11 Aug 95

        - Sentry V2.0 Released. Many revisions, fixes and additions have
          been made to the program for this release. Most of the update
          ideas came from Bret Jacobsen. Additions include:

          * Invalid login/password length messages (both to the screen
            and log file) are user-definable in the Sentry.ini file.

          * If a normal user attempts to log in as a SuperUser, it is
            recorded in the log file.

          * The SuperUser Login flag is cleared after an invalid login.
            (This is a bug fix: previously if CTRL-ENTER was pressed
            during an invalid login attempt, the next successful login
            attempt would be as a SuperUser, as long as the user had
            access).

          * A bug with the Toggle SuperUser Access option corrupting the
            time stamps has been fixed.

          * The log file is again re-organized to be more "readable."

          * You can no longer delete the last SuperUser on your system
            (thereby locking yourself out). Sentry performs a check
            previous to deletion and will abort if you are deleting the
            last SuperUser.

          * A bug with the input skipping characters was fixed.

          * After a successful login, the number of invalid login
            attempts since your last successful login is now shown.

          * The user can now abort a password change, unless the
            password has expired.

          * The option to reset an account's password has been added to
            the SuperUser menu.

          * You can now define the number of invalid logins permissible
            before an account expires (locks up). The default setting is
            defined in the Sentry.ini file, and the settings for
            individual accounts can be modified from the SuperUser menu.


        10.8 Sentry V2.1

        Release Date: 20 Aug 95

        - Modifications include:

          * Input no longer automatically ends after "MaxPasswordLen"
            characters have been entered at the login or password
            prompts. Input continues as required, however only
            "MaxPasswordLen" characters are used. Any extra characters
            are discarded.

          * Case sensitivity for logins can now be turned on and off via
            the Sentry.ini file. This is applicable to logins only,
            passwords are still case sensitive.


        10.9 Sentry V2.2

        Release Date: 10 Sep 95

        - Modifications include:

          * Sentry now uses windowed screens for all output, as opposed
            to simply directing output to the entire screen.

          * When entering dates, the year is now checked. If it is not 4
            characters, the user is forced to re-enter it. This was
            causing problems with Sentry accepting '96' as a valid year,
            and subsequently not translating correctly.

          * A bug with the password encoding scheme has been fixed. The
            encryption used to truncate passwords at length 8, causing
            only the first 8 characters to be recognized. For
            SuperUsers, this meant that passwords over 8 would not
            contain the SuperUser stamp (it was truncated). This problem
            has now been rectified, and passwords are significant for
            MaxPasswordLen characters. All in all, this seriously
            increases the amount of security available from Sentry.

            NOTE: Because of the above modification, older versions of
            Sentry cannot use password files from V2.2 and up. The
            reverse is not true however, as Sentry V2.2 can use password
            files all the way back to V1.0.

            Also note that to use passwords over 8 characters, you must
            re-create the old passwords. This can be easily done by
            selecting the "Change Account Password" option from the
            SuperUser menu.


        10.10 Sentry V2.3

        Release Date: 24 Sep 95

        - Modifications include:

          * Small bugs with windowed mode have been fixed.

          * Windowed mode is now optional. For those that prefer
            "normal" operation, you can set that in the Sentry.ini file.

          * Log file viewing can now handle long lines, and you can skip
            to the end of the file by pressing the ESC key once.

          * Quickstart instructions are now included in the Qstart.txt
            file.


        10.11 Sentry V2.4

        Release Date: 06 Oct 95

        - Modifications include:

          * The Sentry.ini file can now be edited from the SuperUser
            menu. The user can get information on each attribute,
            including a brief description, security notes, default
            setting, and the current setting just by selecting which
            attribute they wish to change.


        10.12 Sentry V2.5

        Release Date: 10 Oct 95

        - Modifications include:

          * Sentry can now be run from any location. The user does not
            have to be in the Sentry home directory for it to work
            properly.


        10.13 Sentry V2.6

        Release Date: 25 Oct 95

        - Modifications include:

          * The SuperUser may modify the "Login:" and "Password:"
            prompts to suit their custom environment. These are changed
            either through the Sentry.ini file or via the SuperUser
            menu.

          * Any setting changes made via the SuperUser menu are now
            recorded in the log file. This will help SuperUser keep a
            history of setting changes, which is useful in the case of a
            security audit.

          * An environment variable is now set by Sentry upon successful
            login. The variable is set to the username of the person
            logging in. This can be very useful if you wish other
            programs to link with Sentry and perform specific actions
            depending on who is logging in. (For example: if it is a
            SuperUser logging in, you may wish to display some system
            stats, or you may want to display individual greetings (or
            warnings) based on who is logging in).


        10.14 Sentry V2.7

        Release Date: 28 Oct 95

        - Modifications include:

          * Sentry now uses a screen saver to blank the screen during
            idle periods. Although this feature does not add to Sentry's
            security, it now means that users can run Sentry before
            leaving their terminal and not worry about burn-in.


        10.15 Sentry V3.0

        Release Date: 10 Nov 95

        - Modifications include:

          * The old password and Sentry.ini files are no more!
            These files have been done away with, since they posed a
            slight security risk. This removes the need to edit the
            initialization settings by hand.

          * You can no longer revoke SuperUser access from the last
            SuperUser on your system. By doing this, you could
            potentially lock yourself out of your system, so it is not a
            valid option any more.

          * "Exploding Windows" are now available. These can be turned
            on via the initialization settings. This is for appearance
            only, and has no effect on functionality.

          * The user can now select a message to appear randomly on the
            screen during the screen saver. This fixes a bug in previous
            versions where the cursor remained in the upper left corner
            during the screen saver, which could case burn-in.

          * Upon exiting the SuperUser menu, the screen is restored to
            the way it was before Sentry was run. This eliminates the
            problem of sensitive information remaining on your screen.


        10.16 Sentry V3.1

        Release Date: 03 Dec 95

        - Modifications include:

          * The user can now select the character to be echoed to the
            screen when a password is entered. In addition, the user can
            chose to have no character or the actual character echoed.

          * The log file now records when the Sentry DOS shell is
            entered and exited.


        10.17 Sentry V3.2

        Release Date: 07 Dec 95

        - Modifications include:

          * The maxixum number of invalid logins can now be set during
            user creation.

          * The initialization settings contain a parameter for
            automatically expiring accounts that have been inactive for
            a given amount of time.

          * SuperUsers can now send a one-line memo to any user
            (including themself). This is useful for reminders,
            warnings, or explainations (why is user X locked out?).

        11.0 Technical Notes
        ====================

        11.1 Encoding Algorithm

        The encoding algorithm used is the standard UNIX crypt()
        algorithm. It is a one-way encoding algorithm that incorporates
        the Data Encryption Standard (DES) and RSA technology. It is
        used on UNIX systems to secure passwords. (As a note, the
        encryption code is not included with the ShareWare version, so
        no amount of examining the code will reveal the algorithm).

        The users' passwords are never decoded. They are stored on disk
        and in memory in an encoded format. The entered passwords are
        encoded using the same algorithm and matched in an encoded form.
        This prevents disk or memory scans from revealing the password
        to prying eyes.

        I have begun running some tests on cracking the passwords, and I
        will include my results. So far, this is what I have found:

        Password Length          Maximum Time to Break
        ------------------------------------------------
        4                        22 days
        5                        1368 days or 3.75 years
        6                        232.4 years
        7                        14409 years
        8                        893357 years

        All times listed are approximated as using a Pentium 90MHz CPU
        and an alpha-numeric password.

        These figures may be adjusted as my testing becomes more
        accurate. The above figures also assume you know the length of
        the password, which cannot be determined by looking at the
        encrypted version. As a result, the search time may be much
        greater.

        11.2 SuperUser Access

        SuperUser access is also encoded in the password. I tried many
        different ways before finally settling on this. It is the most
        secure method. Actually, SuperUser access is stored on the
        password (which is then encoded), and then stored again on the
        encoded password. That looks like:

        password                      <-- Password as entered.

        super(password)               <-- Password with SuperUser stamp.
                                          * This is the stamp that is
                                          used to determine access.

        crypt(super(password))        <-- Encoded password with
                                          SuperUser stamp.

        super(crypt(super(password))) <-- SuperUser stamped encoded
                                          password with SuperUser stamp.
                                          * This is the stamp that is
                                          used to "see" who has
                                          SuperUser access.

        That way when you use the "View Users" command, you can see
        which ones are SuperUsers. However, since the non-encoded
        SuperUser stamp can be edited, it is only used for viewing. The
        encoded SuperUser stamp is used for access. If anyone attempts
        to alter the SuperUser stamp, a warning will be displayed in
        the log file each time that user logs in.


        11.3 Files

        The following files are included with this release of Sentry:

        Sentry.exe      This is the executable program.
        Install.exe     The installation program.
        File_id.diz     Short description file.
        Readme.com      Displays this file.
        Readme.txt      This file.
        Order.frm       The order form.
        Qstart.txt      Quickstart instructions.
        Sentry.grp      The Sentry Group file for Windows.
        Sentry.pif      The Sentry .pif file for Windows.
        License.txt     The license agreement.
        Whatsnew.txt    A short description of modifications to the
                        latest version.

        If you do not have all of these files, Sentry may not work for
        you. You can pick up a complete copy of Sentry (and updates as
        they become available) at:

              http://dragon.acadiau.ca/~910318b/Sentry.html


        11.4 File_id.diz

        The actual contents of the file_id.diz file are shown below. If
        any modification has been made to the original file, please
        re-create it from the following section.

        NOTE: this is primarily for SysOps of BBS's. Single users can
        delete the file_id.diz if they wish. (However, please make sure
        that all files are present if you distribute the program.)

        -------------------CUT-----------------------
        (V3.2) Sentry - Security for DOS/Windows.
        Sentry is a highly customizable security
        program that allows you to control and
        monitor access to your PC. It supports up to
        100 users with normal and "SuperUser" access.
        It can be used in Windows to secure the DOS
        icon. Used correctly, Sentry is an extremely
        powerful security tool for your PC.
        http://dragon.acadiau.ca/~910318b/Sentry.html
        Mike Bobbitt [Mike.Bobbitt@AcadiaU.Ca]
        -------------------CUT-----------------------


        11.5 Time / Date

        NOTE: I have found one date which always seems to cause an
        error. 01/01/1997 translates to 01/15/1995 (1st day of the 15th
        month of 1997). This is obviously incorrect. I have determined
        it is a bug in Borland's date conversion routines. It is the
        ONLY date that causes problems, to my knowledge, all others
        translate fine. I advise against using 01/01/1997 for any expiry
        dates.

        This problem is under investigation.


        11.6 Environment Variables

        When a user successfully logs in, a DOS environment variable is
        set to that user's login name. This can be a very useful feature
        as it allows custom programs to link with Sentry in a meaningful
        way.

        For example, if you are running Sentry from a batch file, you
        can check to see who logged in, and take appropriate action.

        Shown below is a short batch file which can be used for this
        type of function:

        -----------CUT-----------
        @echo off
        rem *** Run Sentry.
        \sentry\sentry
        cls
        rem *** Test to see who logged in.
        if %user==ROBERT goto robert
        if %user==DANNY goto dan
        rem *** Use a line like the one above for each user.
        goto end
        :robert
        rem *** Note that individual users have their own commands.
        echo SuperUser (Robert) logged in.
        defrag c:
        goto end
        :dan
        echo Dan logged in.
        goto end
        rem *** add more users as you see fit
        :end
        -----------CUT-----------

        NOTE: Batch files are not secure! No critical functions should
        be placed here unless it's absolutely necessary!

        An alternative (and more secure) method is to write a program in
        another language (like C) and compile it. Most programming
        languages allow you to read environment variables. This means
        that you can write your own custom extensions to Sentry, which
        will execute after a person logs in.

        Please also note that the usernames in the environment variables
        are all capital letters. (Sentry becomes SENTRY when it is set).

        ** NOTE: Although the environment variables are secure
        immediately after Sentry runs, they may not be secure after
        other programs have run. By this I mean that another program
        could alter the environment variables to make it LOOK like a
        different user logged in. As a result, try to do all your
        checking immediately after Sentry runs.

        11.7 Virus Scanners

        If you scan your system with a virus scanner such as Microsoft
        Anti-Virus, you may find that Sentry will show up quite often.
        The reason for this is that some virus scanners record
        statistics on executable files. When the next scan is performed,
        if the executable files do not match the statistics, the scanner
        panics. This can SOMETIMES be evidence of a virus on your
        system. Sentry modifies itself (in a manner similar to
        a virus) and so may be picked up on occasion, however please be
        aware that there is no threat from Sentry.

        SENTRY IS NOT A VIRUS!

        Every time you use Sentry, the executable is modified, and will
        cause your virus scanner to panic! Do not be alarmed, since this
        is normal operation for Sentry.


        11.8 General

        Sentry is written entirely in Borland C for DOS. As of version
        3.2, Sentry contains over 4200 lines of code. Portability
        between machines is not an issue, since Sentry has been designed
        and tested on standard MS-DOS machines.

        Sentry is verified compatible with Windows 3.x and Windows 95.


        12.0 Potential Threats To Security
        ==================================

        Never underestimate your users. And never be satisfied that your
        system is completely "air-tight". Users are incredibly apt at
        finding loopholes in security, and once found, these holes can
        be exploited. Because of this, I am listing below all of the
        security loopholes that I am aware of at this time.


        12.1 Account Information

        With the release of Sentry V3.0, account information has become
        much more secure. It is still POSSIBLE however that a user can
        find and dissect the account information. The probability of
        this is remote though, since the information is not easily
        edited or understood. Also, all of these methods require a
        working knowledge of how Sentry operates, and that is not
        commonly available. The best source for that information would
        be from this file, which is deliberately missing some key pieces
        of "technical" information.

        If a user did manage to decipher the account information, he
        could do any of the following:

        - Add/Remove an expiry date (account or password)
              This is not a serious issue for passwords, as the user
              would still have to enter their old one before being
              notified that their password has expired. An attacker can
              NOT expire a password and then log in to that account.

        - Edit a username
              This would effectively lock out that user, unless they
              could guess their new user name.

        - Delete a user
              Users can be deleted, but not created.

        - Destroy a password
              Since passwords are encoded, there is no way to change a
              password to something usable. An edited password will
              likely lock that user out of their account, until the
              password is reset.

        - Change "last login" information
              Not critical, but could be used to cover an attackers
              tracks.

        - Change "number of invalid logins since last login" information
              Same as above.

        - Add/Remove restrictions on the number of invalid login attempts
              Could allow a "brute force" technique to work on an
              account password if the restriction was lifted. Also, if
              an attacker set this restriction to 1 invalid login, that
              account would be disabled if a single failed login attempt
              was made.

        It is important to know however, that a renegade user can never
        grant himself SuperUser privileges, nor can he ever attempt to
        effectively modify a password. To perform any of these
        functions, he MUST be logged in as a SuperUser. In addition,
        NOBODY (not even SuperUsers) can view passwords.
        (They can never be decrypted, remember?)

        In essence:
        Sentry does it's part for security, but you must do yours as
        well...
                       GUARD YOUR SUPERUSER PASSWORDS!


        12.2 Hardware Loopholes

        Although it is unlikely that a user will do this, there is a
        potential security risk to Sentry. Fortunately, this method can
        only be implemented by highly technical users. If a user really
        wants to get into your system, he can disassemble it, and take
        the battery out of your BIOS. This will reset your BIOS to the
        standard setup, which does not include password protection. From
        there, the user can enter your BIOS, and change the boot
        sequence from C,A to A,C. This means that your computer will
        search for a boot disk before booting from your hard drive.
        Therefore, the user can get in if he has a pre-made boot disk.

        Like I said, it's unlikely, but possible. If you want to fix up
        this back door, you can re-wire your floppy disk drive so that
        it is never used on boot up. I do not have instructions for that
        at this time, however I am looking, and will include them in
        future.

        Along the same lines, a user could replace your hard drive (the
        one containing Sentry)  with another hard-drive. This way he
        could then boot up using the new hard drive, and never have to
        worry about Sentry. Also, if he kept your hard drive on the
        system (as drive D for example), he could still access your
        data. This kind of trickery is highly improbable, but not
        impossible.

        The above two methods take more technical skill than the average
        user possesses, and should not be considered a serious threat. I
        include them simply so you can be aware such things exist. If
        you are concerned about attacks of this nature, you should
        secure your system's case to the frame (IE: make it impossible
        to open the case with a screwdriver - install a locking
        mechanism or fuse the screws to the frame).

        It is critical to realize that it is EXTREMELY difficult to
        repel a determined and well-organized attack. Using Sentry does
        not guarantee your computer's safety. It does however greatly
        reduce the threat of a successful attack, and more importantly,
        it can alert you to potential threats before they become a
        serious problem. Your ability to defend is much greater once you
        know you are under attack. Sentry can keep you informed of
        suspicious actions on your PC, as well as being is a powerful
        tool in defeating most threats.


        13.0 Troubleshooting
        ====================

        13.1 Error messages

        Below are listed all possible error messages you can get while
        running Sentry. With each is a brief description of what it
        means, probable causes, and how to fix it.

        Please be aware that ALL of these errors cause Sentry to
        lock-up. This may be an inconvenience at times, but it is done
        for security reasons (that way an attacker can't "induce" an
        error and get into the system).

        13.1.1  Environment overflow - not modified.

        There was an error trying to set modify the DOS environment. If
        this error occurs, you are generally using too many environment
        variables for the amount of space you have allotted. See your
        DOS manual for ways of increasing environment space.


        13.1.2  Error Reading Data Segment! [Append]

        This error only occurs during user creation. If you encounter
        this error, make sure that your Sentry.exe file is not
        read-only.


        13.1.3  Error Reading Data Segment! [Open]

        This occurs when the initialization settings or account
        information is not acting as expected. Make sure that you have
        about 80k of disk space free, and that your Sentry.exe file is
        not read-only.

        13.1.4  Error Reading Data Segment! [Scan]

        This usually indicates that there are no initialization
        settings. The easiest way to remedy this is to re-install Sentry
        (see section 2 for details). That will create initialization
        settings, or over-write the old settings if they are invalid.


        13.1.5  Error in Initialization Settings!

        Your initialization settings are corrupt or could not be read.
        The best bet here is to re-install Sentry from scratch, and
        over-write the current settings. If you find this occurring
        frequently, it is probably a bug of some sort, and I should be
        contacted.


        13.1.6  Error in creating log file!

        The file that logs all transactions to your computer cannot be
        created. Make sure you have specified a valid pathname for this
        setting, and make sure you have about 80k of free space on your
        drive. If a log file already exists, it will be appended to.
        Otherwise it will be created.


        13.1.7  Error in time stamps.

        This means there is a problem with the time stamps on a user's
        account. You can either try restoring your sentry.exe file from
        backup, or you can re-install it (see section 2 for details). If
        you continue to use corrupt account information, you will
        find you are locked out quite frequently. It should be a top
        priority to fix the account info.


        13.1.8  Error opening log file!

        There is a problem with the log file. Make sure that the log
        file pointed to by the initialization settings is not
        write-protected.


        13.1.9 Error opening temp file!

        A temporary storage file cannot be opened. Make sure you have at
        around 80k of disk space left when you run Sentry.


        13.1.10 Internal Screen Error. [Reading]

        This error should never occur. Having said that, if it does,
        your best bet is to check your video mode. Sentry has only been
        tested in 80x25 text mode, so make sure that is what you are
        using. If this error crops up, please contact me with the
        details.


        13.1.11 Internal Screen Error. [Writing]

        See above.


        13.1.12 Out of memory!

        When this error appears, it means that for some reason, Sentry
        didn't have enough memory to run. This is extremely rare, since
        Sentry requires very little memory. If this error occurs, try
        freeing up some memory by unloading some un-needed programs, or
        rebooting.


        13.1.13 Registration Error - Program Aborted!

        Someone (probably you) has tried unsuccessfully to change the
        registration information. Very naughty, but if you want to fix
        it, simply restore Sentry.exe from your backup copy. (Again, a
        good reason to keep a backup somewhere!)


        13.1.14 This account has expired.

        Sorry, you're out of luck. The SuperUser(s) have set your
        account to expire, and so it has. If you ARE the SuperUser,
        silly you (you shouldn't let your own account expire!). In that
        case, you will have to restore the Sentry.exe from a backup,
        and make the necessary changes to get your system running.


        13.2 Other problems

        When I run Sentry, is displays a warning saying I have
        newer/older initialization settings.

        A: You should probably get the latest version of Sentry (see
        section 11.3 for info on obtaining the latest version). Replace
        all your current files with the files you retrieve. This warning
        may not be a problem in itself, however it is not a good idea to
        use initialization settings from a different version.


        I get a warning about users being tampered with in the log file.

        A: Someone has been tampering with your users (obviously). They
        thought they could change the SuperUser access on your system,
        but really couldn't. The only side effect of this is that some
        users may appear to have SuperUser access when they don't (and
        vice-versa) when you view them from the SuperUser menu. The
        users' actual access has not changed. To remedy this situation,
        you can get the user to enter another password (this can easily
        be done by expiring their current password). As soon as the new
        password is entered, the problem will disappear.


        I can't log in at all.

        A: Make sure you are a user on the system. Make sure your
        initialization settings have been set up correctly. Have you run
        the install program?


        I can't log in as a SuperUser.

        A: Did you give yourself SuperUser access? Are you remembering
        to hold down CTRL when you hit enter?


        My account information is corrupt or deleted.

        A: Pray you kept a backup somewhere. At the very least, you
        should have the install program sent with Sentry. In that case,
        re-install, and log in as Sentry. Since Sentry is initially a
        SuperUser, you can re-create your users (don't forget to delete
        the Sentry user when you are finished!).


        I can't create a c:\Sentry directory on my drive.

        A: If you are using MS-DOS's Undelete program, it may create a
        directory called "Sentry" off of your root directory. This
        directory is hidden, and can only be seen with the "dir /a"
        command. (This only occurs if you are using the "delete sentry"
        mode). Possible fixes are to stop using "delete sentry" mode, or
        to create your Sentry directory as something else (eg:
        c:\Sentry2, c:\Secur\Sentry, etc etc).


        14.0 Standard Disclaimer
        ========================

        Inexperienced users should take care with this program, as you
        may lock yourself out of your computer!

        If you feel you want to use it, but don't feel completely
        confident, leave a "back door" for you to use. (IE: don't
        implement all of the security measures listed in "Securing Your
        Computer"), so that if you DO get locked out, you can still get
        in somehow. Once you are satisfied that all is well, lock up the
        back door too.

        Please read the document "LICENSE.TXT" included with this
        software for the entire licensing agreement.

        15.0 Contact Information
        ========================

        I would greatly appreciate any comments you might have about
        this program (either positive or negative). If you find any
        problems, or have a suggestion for making Sentry better, please
        let me know, and I'll try to put it in a future release. I look
        forward to hearing from you.

        You can contact me via e-mail at Mike.Bobbitt@AcadiaU.Ca and I
        will reply as quickly as I can. If you do not have internet
        access, you can contact me via surface mail at:

        Michael A. Bobbitt
        P.O. Box 1336
        Wolfville, NS
        B0P 1X0
        CANADA


        16.0 Credits
        ============

        My thanks go out to these people:

        Mark Saarinen for the encryption algorithm.

        Richard Brittain for use of his DOS environment variable code.

        D.J. Houghton and Rob Coombs for testing and advising during the
        design phase.

        Bret Jacobsen for finding some serious errors in the first
        release, as well as continually making suggestions for
        improvement. Bret has given invaluable assistance in the
        development of Sentry.

        ...And my wife for listening to me talk incessantly about it.
