Document Information
Preface
Part I Security Overview
1. Security Services (Overview)
Part II System, File, and Device Security
2. Managing Machine Security (Overview)
3. Controlling Access to Systems (Tasks)
4. Virus Scanning Service (Tasks)
5. Controlling Access to Devices (Tasks)
6. Using the Basic Audit Reporting Tool (Tasks)
7. Controlling Access to Files (Tasks)
Part III Roles, Rights Profiles, and Privileges
8. Using Roles and Privileges (Overview)
9. Using Role-Based Access Control (Tasks)
10. Role-Based Access Control (Reference)
11. Privileges (Tasks)
12. Privileges (Reference)
Part IV Solaris Cryptographic Services
13. Solaris Cryptographic Framework (Overview)
14. Solaris Cryptographic Framework (Tasks)
15. Solaris Key Management Framework
Part V Authentication Services and Secure Communication
16. Using Authentication Services (Tasks)
17. Using PAM
18. Using SASL
19. Using Solaris Secure Shell (Tasks)
20. Solaris Secure Shell (Reference)
Part VI Kerberos Service
21. Introduction to the Kerberos Service
22. Planning for the Kerberos Service
23. Configuring the Kerberos Service (Tasks)
24. Kerberos Error Messages and Troubleshooting
25. Administering Kerberos Principals and Policies (Tasks)
26. Using Kerberos Applications (Tasks)
27. The Kerberos Service (Reference)
Part VII Solaris Auditing
28. Solaris Auditing (Overview)
29. Planning for Solaris Auditing
30. Managing Solaris Auditing (Tasks)
31. Solaris Auditing (Reference)
Glossary
Index
|
S
- -S option, st_clean script, Device-Clean Scripts
- -s option
- audit command, auditd Daemon
- praudit command, praudit Command
- safe protection level, Overview of Kerberized Commands
- SASL
- environment variable, SASL Environment Variable
- options, SASL Options
- overview, SASL (Overview)
- plug-ins, SASL Plug-ins
- saslauthd_path option, SASL and, SASL Options
- saving, failed login attempts, How to Monitor Failed Login Attempts
- scope (RBAC), description, Name Service Scope and RBAC
- scp command
- copying files with, How to Copy Files With Solaris Secure Shell
- description, Solaris Secure Shell Commands
- scripts
- audit_startup script, audit_startup Script
- audit_warn script, audit_warn Script
- bsmconv effect, system File
- bsmconv for device allocation, How to Make a Device Allocatable
- bsmconv script, bsmconv Script
- bsmconv to enable auditing, How to Enable the Auditing Service
- checking for RBAC authorizations, How to Add RBAC Properties to Legacy Applications
- device-clean scripts
- See also device-clean scripts
for cleaning devices, Device-Clean Scripts
- monitoring audit files example, Auditing Efficiently
- processing praudit output, praudit Command
- running with privileges, Assigning Privileges to a Script
- securing, How to Add RBAC Properties to Legacy Applications
- use of privileges in, How to Run a Shell Script With Privileged Commands
- SCSI devices, st_clean script, device_allocate File
- SEAM Administration Tool
- and limited administration privileges, Using the SEAM Tool With Limited Kerberos Administration Privileges
- and list privileges, Using the SEAM Tool With Limited Kerberos Administration Privileges
- and X Window system, Command-Line Equivalents of the SEAM Tool
- command-line equivalents, Command-Line Equivalents of the SEAM Tool
- context-sensitive help, Print and Online Help Features of the SEAM Tool
- creating a new policy
- How to Create a New Kerberos Principal
- How to Create a New Kerberos Policy
- creating a new principal, How to Create a New Kerberos Principal
- default values, How to Start the SEAM Tool
- deleting a principal, How to Delete a Kerberos Principal
- deleting policies, How to Delete a Kerberos Policy
- displaying sublist of principals, How to View the List of Kerberos Principals
- duplicating a principal, How to Duplicate a Kerberos Principal
- files modified by, The Only File Modified by the SEAM Tool
- Filter Pattern field, How to View the List of Kerberos Principals
- gkadmin command, Ways to Administer Kerberos Principals and Policies
- .gkadmin file, The Only File Modified by the SEAM Tool
- help, Print and Online Help Features of the SEAM Tool
- Help Contents, Print and Online Help Features of the SEAM Tool
- how affected by privileges, Using the SEAM Tool With Limited Kerberos Administration Privileges
- kadmin command, Ways to Administer Kerberos Principals and Policies
- login window, How to Start the SEAM Tool
- modifying a policy, How to Modify a Kerberos Policy
- modifying a principal, How to Modify a Kerberos Principal
- online help, Print and Online Help Features of the SEAM Tool
- or kadmin command, SEAM Administration Tool
- overview, SEAM Administration Tool
- panel descriptions, SEAM Tool Panel Descriptions
- privileges, Using the SEAM Tool With Limited Kerberos Administration Privileges
- setting up principal defaults, How to Set Up Defaults for Creating New Kerberos Principals
- starting, How to Start the SEAM Tool
- table of panels, SEAM Tool Panel Descriptions
- viewing a principal's attributes, How to View a Kerberos Principal's Attributes
- viewing list of policies, How to View the List of Kerberos Policies
- viewing list of principals, How to View the List of Kerberos Principals
- viewing policy attributes, How to View a Kerberos Policy's Attributes
- secondary audit directory, audit_control File
- secret keys
- creating
- How to Generate a Symmetric Key by Using the dd Command
- How to Generate a Symmetric Key by Using the pktool Command
- generating
- using the dd command, How to Generate a Symmetric Key by Using the dd Command
- using the pktool command, How to Generate a Symmetric Key by Using the pktool Command
generating for Secure RPC, Implementation of Diffie-Hellman Authentication
- secure connection
- across a firewall, How to Set Up Default Connections to Hosts Outside a Firewall
- logging in, How to Log In to a Remote Host With Solaris Secure Shell
- Secure NFS, NFS Services and Secure RPC
- Secure RPC
- alternative, Authentication and Authorization for Remote Access
- and Kerberos, Kerberos Authentication
- description, Overview of Secure RPC
- implementation of, Implementation of Diffie-Hellman Authentication
- keyserver, Implementation of Diffie-Hellman Authentication
- overview, Authentication and Authorization for Remote Access
- securing
- logins task map, Securing Logins and Passwords (Task Map)
- passwords task map, Securing Logins and Passwords (Task Map)
- scripts, How to Add RBAC Properties to Legacy Applications
- security
- across insecure network, How to Set Up Default Connections to Hosts Outside a Firewall
- auditing and, How Is Auditing Related to Security?
- BART, BART Security Considerations
- computing digest of files, How to Compute a Digest of a File
- computing MAC of files, How to Compute a MAC of a File
- devices, Controlling Access to Devices
- DH authentication, Implementation of Diffie-Hellman Authentication
- encrypting files, How to Encrypt and Decrypt a File
- installation options, Using the netservices limited Configuration
- netservices limited installation option, Using the netservices limited Configuration
- NFS client-server, Implementation of Diffie-Hellman Authentication
- password encryption, Password Encryption
- pointer to JASS toolkit, Using the Solaris Security Toolkit
- policy overview, Security Policy
- preventing remote login, How to Restrict and Monitor Superuser Logins
- protecting against denial of service, Using Solaris Resource Management Features
- protecting against Trojan horse, Setting the PATH Variable
- protecting devices, Device-Clean Scripts
- protecting hardware, Controlling Access to System Hardware
- protecting PROM, Controlling Access to System Hardware
- system hardware, Controlling Access to System Hardware
- security attributes
- checking for, Applications That Check UIDs and GIDs
- considerations when directly assigning, Security Considerations When Directly Assigning Security Attributes
- description, Solaris RBAC Elements and Basic Concepts
- Printer management rights profile, Solaris RBAC Elements and Basic Concepts
- privileges on commands, Applications That Check for Privileges
- special ID on commands, Applications That Check UIDs and GIDs
- using to mount allocated device, How to Authorize Users to Allocate a Device
- security mechanism, specifying with -m option, Overview of Kerberized Commands
- security modes, setting up environment with multiple, How to Set Up a Secure NFS Environment With Multiple Kerberos Security Modes
- security policy, default (RBAC), Databases That Support RBAC
- security service, Kerberos and, Kerberos Security Services
- selecting
- audit classes, How to Modify the audit_control File
- audit records, How to Select Audit Events From the Audit Trail
- events from audit trail, How to Select Audit Events From the Audit Trail
- semicolon (;)
- device_allocate file, device_allocate File
- separator of security attributes, exec_attr Database
- sendmail command, authorizations required, Commands That Require Authorizations
- seq audit policy
- and sequence token
- Determining Audit Policy
- sequence Token
- description, Determining Audit Policy
- sequence audit token
- and seq audit policy, sequence Token
- format, sequence Token
- ServerKeyBits keyword, sshd_config file, Keywords in Solaris Secure Shell
- servers
- AUTH_DH client-server session, Implementation of Diffie-Hellman Authentication
- configuring for Solaris Secure Shell, Server Configuration in Solaris Secure Shell
- definition in Kerberos, Authentication-Specific Terminology
- gaining access with Kerberos, Gaining Access to a Service Using Kerberos
- obtaining credential for, Obtaining a Credential for a Server
- realms and, Kerberos Servers
- service
- definition in Kerberos, Authentication-Specific Terminology
- disabling on a host, How to Temporarily Disable Authentication for a Service on a Host
- obtaining access for specific service, Obtaining Access to a Specific Service
- service keys
- definition in Kerberos, Authentication-Specific Terminology
- keytab files and, Administering Keytab Files
- service management facility
- enabling keyserver, How to Restart the Secure RPC Keyserver
- refreshing cryptographic framework, How to Add a Software Provider
- restarting cryptographic framework, How to Refresh or Restart All Cryptographic Services
- restarting Solaris Secure Shell, How to Configure Port Forwarding in Solaris Secure Shell
- service principal
- adding to keytab file
- Administering Keytab Files
- How to Add a Kerberos Service Principal to a Keytab File
- description, Kerberos Principals
- planning for names, Client and Service Principal Names
- removing from keytab file, How to Remove a Service Principal From a Keytab File
- session ID, audit, Process Audit Characteristics
- session keys
- definition in Kerberos, Authentication-Specific Terminology
- Kerberos authentication and, How the Kerberos Authentication System Works
- setfacl command
- -d option, How to Delete ACL Entries From a File
- description, Commands for Administering ACLs
- examples, How to Change ACL Entries on a File
- -f option, How to Copy an ACL
- syntax, How to Add ACL Entries to a File
- setgid permissions
- absolute mode
- File Permission Modes
- How to Change Special File Permissions in Absolute Mode
- description, setgid Permission
- security risks, setgid Permission
- symbolic mode, File Permission Modes
- setpin subcommand, pktool command, How to Generate a Passphrase by Using the pktool setpin Command
- setting
- audit policy, How to Configure Audit Policy
- principal defaults (Kerberos), How to Set Up Defaults for Creating New Kerberos Principals
- setuid permissions
- absolute mode
- File Permission Modes
- How to Change Special File Permissions in Absolute Mode
- description, setuid Permission
- finding files with permissions set, How to Find Files With Special File Permissions
- security risks
- Restricting setuid Executable Files
- setuid Permission
- symbolic mode, File Permission Modes
- sftp command
- copying files with, How to Copy Files With Solaris Secure Shell
- description, Solaris Secure Shell Commands
- sh command, privileged version, Profile Shell in RBAC
- SHA1 kernel provider, How to List Available Providers
- sharing files
- and network security, Sharing Files Across Machines
- with DH authentication, How to Share NFS Files With Diffie-Hellman Authentication
- shell, privileged versions, Profile Shell in RBAC
- shell commands
- /etc/d_passwd file entries, Dial-Up Logins
- passing parent shell process number, How to Determine the Privileges on a Process
- shell process, listing its privileges, How to Determine the Privileges on a Process
- shell scripts, writing privileged, How to Run a Shell Script With Privileged Commands
- short praudit output format, praudit Command
- shosts.equiv file, description, Solaris Secure Shell Files
- .shosts file, description, Solaris Secure Shell Files
- signal received during auditing shutdown, audit_warn Script
- signing providers, cryptographic framework, Plugins to the Solaris Cryptographic Framework
- single-sign-on system, Kerberos User Commands
- Kerberos and, What Is the Kerberos Service?
- size of audit files
- reducing
- How to Merge Audit Files From the Audit Trail
- auditreduce Command
- reducing storage-space requirements, Auditing Efficiently
- slave_datatrans file
- description, Kerberos Files
- KDC propagation and, Backing Up and Propagating the Kerberos Database
- slave_datatrans_slave file, description, Kerberos Files
- slave KDCs
- automatically configuring, How to Automatically Configure a Slave KDC
- configuring, How to Configure a Slave KDC
- definition, Kerberos-Specific Terminology
- interactively configuring, How to Interactively Configure a Slave KDC
- master KDC and, Kerberos Servers
- or master, Configuring KDC Servers
- planning for, The Number of Slave KDCs
- swapping with master KDC, Swapping a Master KDC and a Slave KDC
- slot, definition in cryptographic framework, Terminology in the Solaris Cryptographic Framework
- smattrpop command, description, Commands That Manage RBAC
- smexec command, description, Commands That Manage RBAC
- smmultiuser command, description, Commands That Manage RBAC
- smprofile command
- changing rights profile, How to Create or Change a Rights Profile
- description, Commands That Manage RBAC
- smrole command
- changing properties of role
- How to Change the Password of a Role
- How to Change the Properties of a Role
- description, Commands That Manage RBAC
- using, How to Create a Role From the Command Line
- smuser command
- changing user's RBAC properties, How to Change the RBAC Properties of a User
- description, Commands That Manage RBAC
- socket audit token, socket Token
- soft limit
- audit_warn condition, audit_warn Script
- minfree line description, audit_control File
- soft string, audit_warn script, audit_warn Script
- Solaris auditing task map, Solaris Auditing (Task Map)
- Solaris Cryptographic Framework, See cryptographic framework
- solaris.device.revoke authorization, Device Allocation Commands
- Solaris Secure Shell
- adding to system, Solaris Secure Shell Packages and Initialization
- administering, A Typical Solaris Secure Shell Session
- administrator task map
- Solaris Secure Shell (Task Map)
- Configuring Solaris Secure Shell (Task Map)
- authentication
- requirements for, Solaris Secure Shell Authentication
authentication methods, Solaris Secure Shell Authentication
- authentication steps, Authentication and Key Exchange in Solaris Secure Shell
- basis from OpenSSH, Solaris Secure Shell Enhancements in the Solaris 10 Release
- changes in current release, Solaris Secure Shell Enhancements in the Solaris 10 Release
- changing passphrase, How to Change the Passphrase for a Solaris Secure Shell Private Key
- command execution, Command Execution and Data Forwarding in Solaris Secure Shell
- configuring clients, Client Configuration in Solaris Secure Shell
- configuring port forwarding, How to Configure Port Forwarding in Solaris Secure Shell
- configuring server, Server Configuration in Solaris Secure Shell
- connecting across a firewall, How to Set Up Default Connections to Hosts Outside a Firewall
- connecting outside firewall
- from command line, How to Set Up Default Connections to Hosts Outside a Firewall
- from configuration file, How to Set Up Default Connections to Hosts Outside a Firewall
copying files, How to Copy Files With Solaris Secure Shell
- creating keys, How to Generate a Public/Private Key Pair for Use With Solaris Secure Shell
- data forwarding, Command Execution and Data Forwarding in Solaris Secure Shell
- description, Solaris Secure Shell (Overview)
- files, Solaris Secure Shell Files
- forwarding mail, How to Use Port Forwarding in Solaris Secure Shell
- generating keys, How to Generate a Public/Private Key Pair for Use With Solaris Secure Shell
- keywords, Keywords in Solaris Secure Shell
- local port forwarding
- How to Use Port Forwarding in Solaris Secure Shell
- How to Use Port Forwarding in Solaris Secure Shell
- logging in fewer prompts, How to Reduce Password Prompts in Solaris Secure Shell
- logging in to remote host, How to Log In to a Remote Host With Solaris Secure Shell
- login environment variables and, Solaris Secure Shell and Login Environment Variables
- naming identity files, Solaris Secure Shell Files
- packages, Solaris Secure Shell Packages and Initialization
- protocol versions, Solaris Secure Shell (Overview)
- public key authentication, Solaris Secure Shell Authentication
- remote port forwarding, How to Use Port Forwarding in Solaris Secure Shell
- scp command, How to Copy Files With Solaris Secure Shell
- TCP and, How to Configure Port Forwarding in Solaris Secure Shell
- typical session, A Typical Solaris Secure Shell Session
- user procedures, Using Solaris Secure Shell (Task Map)
- using port forwarding, How to Use Port Forwarding in Solaris Secure Shell
- using without password, How to Reduce Password Prompts in Solaris Secure Shell
- solaris security policy, exec_attr Database
- special permissions
- setgid permissions, setgid Permission
- setuid permissions, setuid Permission
- sticky bit, Sticky Bit
- square brackets ([]), bsmrecord output, Audit Record Analysis
- sr_clean script, description, Device-Clean Scripts
- ssh-add command
- description, Solaris Secure Shell Commands
- example
- How to Reduce Password Prompts in Solaris Secure Shell
- How to Reduce Password Prompts in Solaris Secure Shell
- storing private keys, How to Reduce Password Prompts in Solaris Secure Shell
- ssh-agent command
- configuring for CDE, How to Set Up the ssh-agent Command to Run Automatically in CDE
- description, Solaris Secure Shell Commands
- from command line, How to Reduce Password Prompts in Solaris Secure Shell
- in scripts, How to Set Up the ssh-agent Command to Run Automatically in CDE
- ssh command
- description, Solaris Secure Shell Commands
- overriding keyword settings, Solaris Secure Shell Commands
- port forwarding options, How to Use Port Forwarding in Solaris Secure Shell
- using, How to Log In to a Remote Host With Solaris Secure Shell
- using a proxy command, How to Set Up Default Connections to Hosts Outside a Firewall
- .ssh/config file
- description, Solaris Secure Shell Files
- override, Solaris Secure Shell Files
- ssh_config file
- configuring Solaris Secure Shell, Client Configuration in Solaris Secure Shell
- host-specific parameters, Host-Specific Parameters in Solaris Secure Shell
- keywords, Keywords in Solaris Secure Shell
- See specific keyword
override, Solaris Secure Shell Files
- .ssh/environment file, description, Solaris Secure Shell Files
- ssh_host_dsa_key file, description, Solaris Secure Shell Files
- ssh_host_dsa_key.pub file, description, Solaris Secure Shell Files
- ssh_host_key file
- description, Solaris Secure Shell Files
- override, Solaris Secure Shell Files
- ssh_host_key.pub file, description, Solaris Secure Shell Files
- ssh_host_rsa_key file, description, Solaris Secure Shell Files
- ssh_host_rsa_key.pub file, description, Solaris Secure Shell Files
- .ssh/id_dsa file, Solaris Secure Shell Files
- .ssh/id_rsa file, Solaris Secure Shell Files
- .ssh/identity file, Solaris Secure Shell Files
- ssh-keygen command
- description, Solaris Secure Shell Commands
- using, How to Generate a Public/Private Key Pair for Use With Solaris Secure Shell
- ssh-keyscan command, description, Solaris Secure Shell Commands
- ssh-keysign command, description, Solaris Secure Shell Commands
- .ssh/known_hosts file
- description, Solaris Secure Shell Files
- override, Solaris Secure Shell Files
- ssh_known_hosts file, Solaris Secure Shell Files
- .ssh/rc file, description, Solaris Secure Shell Files
- sshd command, description, Solaris Secure Shell Commands
- sshd_config file
- description, Solaris Secure Shell Files
- keywords, Keywords in Solaris Secure Shell
- See specific keyword
overrides of /etc/default/login entries, Solaris Secure Shell and Login Environment Variables
- sshd.pid file, description, Solaris Secure Shell Files
- sshrc file, description, Solaris Secure Shell Files
- st_clean script
- description, Device-Clean Scripts
- for tape drives, device_allocate File
- standard cleanup, st_clean script, Device-Clean Scripts
- starting
- audit daemon, How to Update the Auditing Service
- auditing, How to Enable the Auditing Service
- device allocation, How to Make a Device Allocatable
- KDC daemon
- How to Configure a Slave KDC
- How to Configure a Slave KDC to Use Full Propagation
- Secure RPC keyserver, How to Restart the Secure RPC Keyserver
- stash file
- creating
- How to Configure a Slave KDC
- How to Configure a Slave KDC to Use Full Propagation
- definition, Kerberos-Specific Terminology
- sticky bit permissions
- absolute mode
- File Permission Modes
- How to Change Special File Permissions in Absolute Mode
- description, Sticky Bit
- symbolic mode, File Permission Modes
- stopping, dial-up logins temporarily, How to Temporarily Disable Dial-Up Logins
- storage costs, and auditing, Cost of Storage of Audit Data
- storage overflow prevention, audit trail, How to Prevent Audit Trail Overflow
- storing
- audit files
- How to Plan Storage for Audit Records
- How to Create Partitions for Audit Files
- passphrase, How to Encrypt and Decrypt a File
- StrictHostKeyChecking keyword, ssh_config file, Keywords in Solaris Secure Shell
- StrictModes keyword, sshd_config file, Keywords in Solaris Secure Shell
- su command
- displaying access attempts on console, How to Restrict and Monitor Superuser Logins
- in role assumption
- How to Assume a Role in a Terminal Window
- How to Assume a Role in the Solaris Management Console
- monitoring use, How to Monitor Who Is Using the su Command
- su file, monitoring su command, How to Monitor Who Is Using the su Command
- subject audit token, format, subject Token
- Subsystem keyword, sshd_config file, Keywords in Solaris Secure Shell
- success
- audit class prefix, Audit Class Syntax
- turning off audit classes for, Audit Class Syntax
- sufficient control flag, PAM, How PAM Stacking Works
- sulog file, How to Monitor Who Is Using the su Command
- monitoring contents of, How to Monitor Who Is Using the su Command
- SUPATH in Solaris Secure Shell, Solaris Secure Shell and Login Environment Variables
- superuser
- compared to privilege model, Privileges (Overview)
- compared to RBAC model, RBAC: An Alternative to the Superuser Model
- differences from privilege model, Administrative Differences on a System With Privileges
- eliminating in RBAC, RBAC Roles
- monitoring access attempts, How to Restrict and Monitor Superuser Logins
- suser security policy, exec_attr Database
- svcadm command
- administering cryptographic framework
- Scope of the Solaris Cryptographic Framework
- Administrative Commands in the Solaris Cryptographic Framework
- enabling cryptographic framework, How to Refresh or Restart All Cryptographic Services
- enabling keyserver daemon, How to Restart the Secure RPC Keyserver
- refreshing cryptographic framework, How to Add a Software Provider
- restarting name service, How to Create and Assign a Role by Using the GUI
- restarting NFS server, How to Create Partitions for Audit Files
- restarting Solaris Secure Shell, How to Configure Port Forwarding in Solaris Secure Shell
- restarting syslog daemon
- How to Monitor All Failed Login Attempts
- How to Configure syslog Audit Logs
- svcs command
- listing cryptographic services, How to Refresh or Restart All Cryptographic Services
- listing keyserver service, How to Restart the Secure RPC Keyserver
- swapping master and slave KDCs, Swapping a Master KDC and a Slave KDC
- symbolic links, file permissions, UNIX File Permissions
- symbolic mode
- changing file permissions
- File Permission Modes
- How to Change File Permissions in Symbolic Mode
- How to Change File Permissions in Symbolic Mode
- description, File Permission Modes
- synchronizing clocks
- master KDC
- How to Configure a Master KDC
- How to Configure a KDC to Use an LDAP Data Server
- overview, Synchronizing Clocks Between KDCs and Kerberos Clients
- slave KDC
- How to Configure a Slave KDC
- How to Configure a Slave KDC to Use Full Propagation
- SYS privileges, Privilege Descriptions
- syslog.conf file
- and auditing, syslog.conf File
- audit.notice level, How to Configure syslog Audit Logs
- audit records, How Does Auditing Work?
- executable stack messages, Preventing Executable Files From Compromising Security
- kern.notice level, Preventing Executable Files From Compromising Security
- priv.debug entry, Files With Privilege Information
- saving failed login attempts, How to Monitor All Failed Login Attempts
- SYSLOG_FAILED_LOGINS
- in Solaris Secure Shell, Solaris Secure Shell and Login Environment Variables
- system variable, How to Monitor All Failed Login Attempts
- syslog format, audit records, syslog.conf File
- SyslogFacility keyword, sshd_config file, Keywords in Solaris Secure Shell
- System Administrator (RBAC)
- assuming role, How to Assume a Role in a Terminal Window
- creating role, How to Create and Assign a Role by Using the GUI
- protecting hardware, How to Require a Password for Hardware Access
- recommended role, RBAC: An Alternative to the Superuser Model
- rights profile, System Administrator Rights Profile
- system calls
- arg audit token, arg Token
- close, Definitions of Audit Classes
- exec_args audit token, exec_args Token
- exec_env audit token, exec_env Token
- ioctl(), Definitions of Audit Classes
- ioctl to clean audio device, Device-Clean Scripts
- return audit token, return Token
- system file, bsmconv effect on, system File
- system hardware, controlling access to, Controlling Access to System Hardware
- system properties, privileges relating to, Privilege Descriptions
- system security
- ACL, Using Access Control Lists to Protect Files
- dial-up logins and passwords, Dial-Up Logins
- dial-up passwords
- disabling temporarily, How to Temporarily Disable Dial-Up Logins
displaying
- user's login status
- How to Display a User's Login Status
- How to Display a User's Login Status
- users with no passwords, How to Display Users Without Passwords
firewall systems, Firewall Systems
- hardware protection
- Maintaining Physical Security
- Controlling Access to System Hardware
- login access restrictions
- Maintaining Login Control
- Maintaining Login Control
- machine access, Maintaining Physical Security
- overview, Controlling Access to a Computer System
- password encryption, Password Encryption
- passwords, Managing Password Information
- privileges, Privileges (Overview)
- protecting from risky programs, Protecting Against Programs With Security Risk (Task Map)
- restricted shell
- Assigning a Restricted Shell to Users
- Assigning a Restricted Shell to Users
- restricting remote root access, How to Restrict and Monitor Superuser Logins
- role-based access control (RBAC)
- Configuring Role-Based Access Control to Replace Superuser
- RBAC: An Alternative to the Superuser Model
- root access restrictions
- Restricting root Access to Shared Files
- How to Restrict and Monitor Superuser Logins
- saving failed login attempts, How to Monitor Failed Login Attempts
- special logins, Special System Logins
- su command monitoring
- Limiting and Monitoring Superuser
- How to Monitor Who Is Using the su Command
- task map, Protecting Against Programs With Security Risk (Task Map)
- system state audit class, Definitions of Audit Classes
- System V IPC
- ipc audit class, Definitions of Audit Classes
- ipc audit token, ipc Token
- ipc_perm audit token, ipc_perm Token
- privileges, Privilege Descriptions
- system variables
- See also variables
- CRYPT_DEFAULT, How to Specify an Algorithm for Password Encryption
- KEYBOARD_ABORT, How to Disable a System's Abort Sequence
- noexec_user_stack, How to Disable Programs From Using Executable Stacks
- noexec_user_stack_log, How to Disable Programs From Using Executable Stacks
- rstchown, How to Change the Owner of a File
- SYSLOG_FAILED_LOGINS, How to Monitor All Failed Login Attempts
- system-wide administration audit class, Definitions of Audit Classes
- systems, protecting from risky programs, Protecting Against Programs With Security Risk (Task Map)
|
