System Administration Guide: Security Services
Previous Next

S

-S option, st_clean script, Device-Clean Scripts
-s option
audit command, auditd Daemon
praudit command, praudit Command
safe protection level, Overview of Kerberized Commands
SASL
environment variable, SASL Environment Variable
options, SASL Options
overview, SASL (Overview)
plug-ins, SASL Plug-ins
saslauthd_path option, SASL and, SASL Options
saving, failed login attempts, How to Monitor Failed Login Attempts
scope (RBAC), description, Name Service Scope and RBAC
scp command
copying files with, How to Copy Files With Solaris Secure Shell
description, Solaris Secure Shell Commands
scripts
audit_startup script, audit_startup Script
audit_warn script, audit_warn Script
bsmconv effect, system File
bsmconv for device allocation, How to Make a Device Allocatable
bsmconv script, bsmconv Script
bsmconv to enable auditing, How to Enable the Auditing Service
checking for RBAC authorizations, How to Add RBAC Properties to Legacy Applications
device-clean scripts
See also device-clean scripts
for cleaning devices, Device-Clean Scripts
monitoring audit files example, Auditing Efficiently
processing praudit output, praudit Command
running with privileges, Assigning Privileges to a Script
securing, How to Add RBAC Properties to Legacy Applications
use of privileges in, How to Run a Shell Script With Privileged Commands
SCSI devices, st_clean script, device_allocate File
SEAM Administration Tool
and limited administration privileges, Using the SEAM Tool With Limited Kerberos Administration Privileges
and list privileges, Using the SEAM Tool With Limited Kerberos Administration Privileges
and X Window system, Command-Line Equivalents of the SEAM Tool
command-line equivalents, Command-Line Equivalents of the SEAM Tool
context-sensitive help, Print and Online Help Features of the SEAM Tool
creating a new policy
How to Create a New Kerberos Principal
How to Create a New Kerberos Policy
creating a new principal, How to Create a New Kerberos Principal
default values, How to Start the SEAM Tool
deleting a principal, How to Delete a Kerberos Principal
deleting policies, How to Delete a Kerberos Policy
displaying sublist of principals, How to View the List of Kerberos Principals
duplicating a principal, How to Duplicate a Kerberos Principal
files modified by, The Only File Modified by the SEAM Tool
Filter Pattern field, How to View the List of Kerberos Principals
gkadmin command, Ways to Administer Kerberos Principals and Policies
.gkadmin file, The Only File Modified by the SEAM Tool
help, Print and Online Help Features of the SEAM Tool
Help Contents, Print and Online Help Features of the SEAM Tool
how affected by privileges, Using the SEAM Tool With Limited Kerberos Administration Privileges
kadmin command, Ways to Administer Kerberos Principals and Policies
login window, How to Start the SEAM Tool
modifying a policy, How to Modify a Kerberos Policy
modifying a principal, How to Modify a Kerberos Principal
online help, Print and Online Help Features of the SEAM Tool
or kadmin command, SEAM Administration Tool
overview, SEAM Administration Tool
panel descriptions, SEAM Tool Panel Descriptions
privileges, Using the SEAM Tool With Limited Kerberos Administration Privileges
setting up principal defaults, How to Set Up Defaults for Creating New Kerberos Principals
starting, How to Start the SEAM Tool
table of panels, SEAM Tool Panel Descriptions
viewing a principal's attributes, How to View a Kerberos Principal's Attributes
viewing list of policies, How to View the List of Kerberos Policies
viewing list of principals, How to View the List of Kerberos Principals
viewing policy attributes, How to View a Kerberos Policy's Attributes
secondary audit directory, audit_control File
secret keys
creating
How to Generate a Symmetric Key by Using the dd Command
How to Generate a Symmetric Key by Using the pktool Command
generating
using the dd command, How to Generate a Symmetric Key by Using the dd Command
using the pktool command, How to Generate a Symmetric Key by Using the pktool Command
generating for Secure RPC, Implementation of Diffie-Hellman Authentication
secure connection
across a firewall, How to Set Up Default Connections to Hosts Outside a Firewall
logging in, How to Log In to a Remote Host With Solaris Secure Shell
Secure NFS, NFS Services and Secure RPC
Secure RPC
alternative, Authentication and Authorization for Remote Access
and Kerberos, Kerberos Authentication
description, Overview of Secure RPC
implementation of, Implementation of Diffie-Hellman Authentication
keyserver, Implementation of Diffie-Hellman Authentication
overview, Authentication and Authorization for Remote Access
securing
logins task map, Securing Logins and Passwords (Task Map)
passwords task map, Securing Logins and Passwords (Task Map)
scripts, How to Add RBAC Properties to Legacy Applications
security
across insecure network, How to Set Up Default Connections to Hosts Outside a Firewall
auditing and, How Is Auditing Related to Security?
BART, BART Security Considerations
computing digest of files, How to Compute a Digest of a File
computing MAC of files, How to Compute a MAC of a File
devices, Controlling Access to Devices
DH authentication, Implementation of Diffie-Hellman Authentication
encrypting files, How to Encrypt and Decrypt a File
installation options, Using the netservices limited Configuration
netservices limited installation option, Using the netservices limited Configuration
NFS client-server, Implementation of Diffie-Hellman Authentication
password encryption, Password Encryption
pointer to JASS toolkit, Using the Solaris Security Toolkit
policy overview, Security Policy
preventing remote login, How to Restrict and Monitor Superuser Logins
protecting against denial of service, Using Solaris Resource Management Features
protecting against Trojan horse, Setting the PATH Variable
protecting devices, Device-Clean Scripts
protecting hardware, Controlling Access to System Hardware
protecting PROM, Controlling Access to System Hardware
system hardware, Controlling Access to System Hardware
security attributes
checking for, Applications That Check UIDs and GIDs
considerations when directly assigning, Security Considerations When Directly Assigning Security Attributes
description, Solaris RBAC Elements and Basic Concepts
Printer management rights profile, Solaris RBAC Elements and Basic Concepts
privileges on commands, Applications That Check for Privileges
special ID on commands, Applications That Check UIDs and GIDs
using to mount allocated device, How to Authorize Users to Allocate a Device
security mechanism, specifying with -m option, Overview of Kerberized Commands
security modes, setting up environment with multiple, How to Set Up a Secure NFS Environment With Multiple Kerberos Security Modes
security policy, default (RBAC), Databases That Support RBAC
security service, Kerberos and, Kerberos Security Services
selecting
audit classes, How to Modify the audit_control File
audit records, How to Select Audit Events From the Audit Trail
events from audit trail, How to Select Audit Events From the Audit Trail
semicolon (;)
device_allocate file, device_allocate File
separator of security attributes, exec_attr Database
sendmail command, authorizations required, Commands That Require Authorizations
seq audit policy
and sequence token
Determining Audit Policy
sequence Token
description, Determining Audit Policy
sequence audit token
and seq audit policy, sequence Token
format, sequence Token
ServerKeyBits keyword, sshd_config file, Keywords in Solaris Secure Shell
servers
AUTH_DH client-server session, Implementation of Diffie-Hellman Authentication
configuring for Solaris Secure Shell, Server Configuration in Solaris Secure Shell
definition in Kerberos, Authentication-Specific Terminology
gaining access with Kerberos, Gaining Access to a Service Using Kerberos
obtaining credential for, Obtaining a Credential for a Server
realms and, Kerberos Servers
service
definition in Kerberos, Authentication-Specific Terminology
disabling on a host, How to Temporarily Disable Authentication for a Service on a Host
obtaining access for specific service, Obtaining Access to a Specific Service
service keys
definition in Kerberos, Authentication-Specific Terminology
keytab files and, Administering Keytab Files
service management facility
enabling keyserver, How to Restart the Secure RPC Keyserver
refreshing cryptographic framework, How to Add a Software Provider
restarting cryptographic framework, How to Refresh or Restart All Cryptographic Services
restarting Solaris Secure Shell, How to Configure Port Forwarding in Solaris Secure Shell
service principal
adding to keytab file
Administering Keytab Files
How to Add a Kerberos Service Principal to a Keytab File
description, Kerberos Principals
planning for names, Client and Service Principal Names
removing from keytab file, How to Remove a Service Principal From a Keytab File
session ID, audit, Process Audit Characteristics
session keys
definition in Kerberos, Authentication-Specific Terminology
Kerberos authentication and, How the Kerberos Authentication System Works
setfacl command
-d option, How to Delete ACL Entries From a File
description, Commands for Administering ACLs
examples, How to Change ACL Entries on a File
-f option, How to Copy an ACL
syntax, How to Add ACL Entries to a File
setgid permissions
absolute mode
File Permission Modes
How to Change Special File Permissions in Absolute Mode
description, setgid Permission
security risks, setgid Permission
symbolic mode, File Permission Modes
setpin subcommand, pktool command, How to Generate a Passphrase by Using the pktool setpin Command
setting
audit policy, How to Configure Audit Policy
principal defaults (Kerberos), How to Set Up Defaults for Creating New Kerberos Principals
setuid permissions
absolute mode
File Permission Modes
How to Change Special File Permissions in Absolute Mode
description, setuid Permission
finding files with permissions set, How to Find Files With Special File Permissions
security risks
Restricting setuid Executable Files
setuid Permission
symbolic mode, File Permission Modes
sftp command
copying files with, How to Copy Files With Solaris Secure Shell
description, Solaris Secure Shell Commands
sh command, privileged version, Profile Shell in RBAC
SHA1 kernel provider, How to List Available Providers
sharing files
and network security, Sharing Files Across Machines
with DH authentication, How to Share NFS Files With Diffie-Hellman Authentication
shell, privileged versions, Profile Shell in RBAC
shell commands
/etc/d_passwd file entries, Dial-Up Logins
passing parent shell process number, How to Determine the Privileges on a Process
shell process, listing its privileges, How to Determine the Privileges on a Process
shell scripts, writing privileged, How to Run a Shell Script With Privileged Commands
short praudit output format, praudit Command
shosts.equiv file, description, Solaris Secure Shell Files
.shosts file, description, Solaris Secure Shell Files
signal received during auditing shutdown, audit_warn Script
signing providers, cryptographic framework, Plugins to the Solaris Cryptographic Framework
single-sign-on system, Kerberos User Commands
Kerberos and, What Is the Kerberos Service?
size of audit files
reducing
How to Merge Audit Files From the Audit Trail
auditreduce Command
reducing storage-space requirements, Auditing Efficiently
slave_datatrans file
description, Kerberos Files
KDC propagation and, Backing Up and Propagating the Kerberos Database
slave_datatrans_slave file, description, Kerberos Files
slave KDCs
automatically configuring, How to Automatically Configure a Slave KDC
configuring, How to Configure a Slave KDC
definition, Kerberos-Specific Terminology
interactively configuring, How to Interactively Configure a Slave KDC
master KDC and, Kerberos Servers
or master, Configuring KDC Servers
planning for, The Number of Slave KDCs
swapping with master KDC, Swapping a Master KDC and a Slave KDC
slot, definition in cryptographic framework, Terminology in the Solaris Cryptographic Framework
smattrpop command, description, Commands That Manage RBAC
smexec command, description, Commands That Manage RBAC
smmultiuser command, description, Commands That Manage RBAC
smprofile command
changing rights profile, How to Create or Change a Rights Profile
description, Commands That Manage RBAC
smrole command
changing properties of role
How to Change the Password of a Role
How to Change the Properties of a Role
description, Commands That Manage RBAC
using, How to Create a Role From the Command Line
smuser command
changing user's RBAC properties, How to Change the RBAC Properties of a User
description, Commands That Manage RBAC
socket audit token, socket Token
soft limit
audit_warn condition, audit_warn Script
minfree line description, audit_control File
soft string, audit_warn script, audit_warn Script
Solaris auditing task map, Solaris Auditing (Task Map)
Solaris Cryptographic Framework, See cryptographic framework
solaris.device.revoke authorization, Device Allocation Commands
Solaris Secure Shell
adding to system, Solaris Secure Shell Packages and Initialization
administering, A Typical Solaris Secure Shell Session
administrator task map
Solaris Secure Shell (Task Map)
Configuring Solaris Secure Shell (Task Map)
authentication
requirements for, Solaris Secure Shell Authentication
authentication methods, Solaris Secure Shell Authentication
authentication steps, Authentication and Key Exchange in Solaris Secure Shell
basis from OpenSSH, Solaris Secure Shell Enhancements in the Solaris 10 Release
changes in current release, Solaris Secure Shell Enhancements in the Solaris 10 Release
changing passphrase, How to Change the Passphrase for a Solaris Secure Shell Private Key
command execution, Command Execution and Data Forwarding in Solaris Secure Shell
configuring clients, Client Configuration in Solaris Secure Shell
configuring port forwarding, How to Configure Port Forwarding in Solaris Secure Shell
configuring server, Server Configuration in Solaris Secure Shell
connecting across a firewall, How to Set Up Default Connections to Hosts Outside a Firewall
connecting outside firewall
from command line, How to Set Up Default Connections to Hosts Outside a Firewall
from configuration file, How to Set Up Default Connections to Hosts Outside a Firewall
copying files, How to Copy Files With Solaris Secure Shell
creating keys, How to Generate a Public/Private Key Pair for Use With Solaris Secure Shell
data forwarding, Command Execution and Data Forwarding in Solaris Secure Shell
description, Solaris Secure Shell (Overview)
files, Solaris Secure Shell Files
forwarding mail, How to Use Port Forwarding in Solaris Secure Shell
generating keys, How to Generate a Public/Private Key Pair for Use With Solaris Secure Shell
keywords, Keywords in Solaris Secure Shell
local port forwarding
How to Use Port Forwarding in Solaris Secure Shell
How to Use Port Forwarding in Solaris Secure Shell
logging in fewer prompts, How to Reduce Password Prompts in Solaris Secure Shell
logging in to remote host, How to Log In to a Remote Host With Solaris Secure Shell
login environment variables and, Solaris Secure Shell and Login Environment Variables
naming identity files, Solaris Secure Shell Files
packages, Solaris Secure Shell Packages and Initialization
protocol versions, Solaris Secure Shell (Overview)
public key authentication, Solaris Secure Shell Authentication
remote port forwarding, How to Use Port Forwarding in Solaris Secure Shell
scp command, How to Copy Files With Solaris Secure Shell
TCP and, How to Configure Port Forwarding in Solaris Secure Shell
typical session, A Typical Solaris Secure Shell Session
user procedures, Using Solaris Secure Shell (Task Map)
using port forwarding, How to Use Port Forwarding in Solaris Secure Shell
using without password, How to Reduce Password Prompts in Solaris Secure Shell
solaris security policy, exec_attr Database
special permissions
setgid permissions, setgid Permission
setuid permissions, setuid Permission
sticky bit, Sticky Bit
square brackets ([]), bsmrecord output, Audit Record Analysis
sr_clean script, description, Device-Clean Scripts
ssh-add command
description, Solaris Secure Shell Commands
example
How to Reduce Password Prompts in Solaris Secure Shell
How to Reduce Password Prompts in Solaris Secure Shell
storing private keys, How to Reduce Password Prompts in Solaris Secure Shell
ssh-agent command
configuring for CDE, How to Set Up the ssh-agent Command to Run Automatically in CDE
description, Solaris Secure Shell Commands
from command line, How to Reduce Password Prompts in Solaris Secure Shell
in scripts, How to Set Up the ssh-agent Command to Run Automatically in CDE
ssh command
description, Solaris Secure Shell Commands
overriding keyword settings, Solaris Secure Shell Commands
port forwarding options, How to Use Port Forwarding in Solaris Secure Shell
using, How to Log In to a Remote Host With Solaris Secure Shell
using a proxy command, How to Set Up Default Connections to Hosts Outside a Firewall
.ssh/config file
description, Solaris Secure Shell Files
override, Solaris Secure Shell Files
ssh_config file
configuring Solaris Secure Shell, Client Configuration in Solaris Secure Shell
host-specific parameters, Host-Specific Parameters in Solaris Secure Shell
keywords, Keywords in Solaris Secure Shell
See specific keyword
override, Solaris Secure Shell Files
.ssh/environment file, description, Solaris Secure Shell Files
ssh_host_dsa_key file, description, Solaris Secure Shell Files
ssh_host_dsa_key.pub file, description, Solaris Secure Shell Files
ssh_host_key file
description, Solaris Secure Shell Files
override, Solaris Secure Shell Files
ssh_host_key.pub file, description, Solaris Secure Shell Files
ssh_host_rsa_key file, description, Solaris Secure Shell Files
ssh_host_rsa_key.pub file, description, Solaris Secure Shell Files
.ssh/id_dsa file, Solaris Secure Shell Files
.ssh/id_rsa file, Solaris Secure Shell Files
.ssh/identity file, Solaris Secure Shell Files
ssh-keygen command
description, Solaris Secure Shell Commands
using, How to Generate a Public/Private Key Pair for Use With Solaris Secure Shell
ssh-keyscan command, description, Solaris Secure Shell Commands
ssh-keysign command, description, Solaris Secure Shell Commands
.ssh/known_hosts file
description, Solaris Secure Shell Files
override, Solaris Secure Shell Files
ssh_known_hosts file, Solaris Secure Shell Files
.ssh/rc file, description, Solaris Secure Shell Files
sshd command, description, Solaris Secure Shell Commands
sshd_config file
description, Solaris Secure Shell Files
keywords, Keywords in Solaris Secure Shell
See specific keyword
overrides of /etc/default/login entries, Solaris Secure Shell and Login Environment Variables
sshd.pid file, description, Solaris Secure Shell Files
sshrc file, description, Solaris Secure Shell Files
st_clean script
description, Device-Clean Scripts
for tape drives, device_allocate File
standard cleanup, st_clean script, Device-Clean Scripts
starting
audit daemon, How to Update the Auditing Service
auditing, How to Enable the Auditing Service
device allocation, How to Make a Device Allocatable
KDC daemon
How to Configure a Slave KDC
How to Configure a Slave KDC to Use Full Propagation
Secure RPC keyserver, How to Restart the Secure RPC Keyserver
stash file
creating
How to Configure a Slave KDC
How to Configure a Slave KDC to Use Full Propagation
definition, Kerberos-Specific Terminology
sticky bit permissions
absolute mode
File Permission Modes
How to Change Special File Permissions in Absolute Mode
description, Sticky Bit
symbolic mode, File Permission Modes
stopping, dial-up logins temporarily, How to Temporarily Disable Dial-Up Logins
storage costs, and auditing, Cost of Storage of Audit Data
storage overflow prevention, audit trail, How to Prevent Audit Trail Overflow
storing
audit files
How to Plan Storage for Audit Records
How to Create Partitions for Audit Files
passphrase, How to Encrypt and Decrypt a File
StrictHostKeyChecking keyword, ssh_config file, Keywords in Solaris Secure Shell
StrictModes keyword, sshd_config file, Keywords in Solaris Secure Shell
su command
displaying access attempts on console, How to Restrict and Monitor Superuser Logins
in role assumption
How to Assume a Role in a Terminal Window
How to Assume a Role in the Solaris Management Console
monitoring use, How to Monitor Who Is Using the su Command
su file, monitoring su command, How to Monitor Who Is Using the su Command
subject audit token, format, subject Token
Subsystem keyword, sshd_config file, Keywords in Solaris Secure Shell
success
audit class prefix, Audit Class Syntax
turning off audit classes for, Audit Class Syntax
sufficient control flag, PAM, How PAM Stacking Works
sulog file, How to Monitor Who Is Using the su Command
monitoring contents of, How to Monitor Who Is Using the su Command
SUPATH in Solaris Secure Shell, Solaris Secure Shell and Login Environment Variables
superuser
compared to privilege model, Privileges (Overview)
compared to RBAC model, RBAC: An Alternative to the Superuser Model
differences from privilege model, Administrative Differences on a System With Privileges
eliminating in RBAC, RBAC Roles
monitoring access attempts, How to Restrict and Monitor Superuser Logins
suser security policy, exec_attr Database
svcadm command
administering cryptographic framework
Scope of the Solaris Cryptographic Framework
Administrative Commands in the Solaris Cryptographic Framework
enabling cryptographic framework, How to Refresh or Restart All Cryptographic Services
enabling keyserver daemon, How to Restart the Secure RPC Keyserver
refreshing cryptographic framework, How to Add a Software Provider
restarting name service, How to Create and Assign a Role by Using the GUI
restarting NFS server, How to Create Partitions for Audit Files
restarting Solaris Secure Shell, How to Configure Port Forwarding in Solaris Secure Shell
restarting syslog daemon
How to Monitor All Failed Login Attempts
How to Configure syslog Audit Logs
svcs command
listing cryptographic services, How to Refresh or Restart All Cryptographic Services
listing keyserver service, How to Restart the Secure RPC Keyserver
swapping master and slave KDCs, Swapping a Master KDC and a Slave KDC
symbolic links, file permissions, UNIX File Permissions
symbolic mode
changing file permissions
File Permission Modes
How to Change File Permissions in Symbolic Mode
How to Change File Permissions in Symbolic Mode
description, File Permission Modes
synchronizing clocks
master KDC
How to Configure a Master KDC
How to Configure a KDC to Use an LDAP Data Server
overview, Synchronizing Clocks Between KDCs and Kerberos Clients
slave KDC
How to Configure a Slave KDC
How to Configure a Slave KDC to Use Full Propagation
SYS privileges, Privilege Descriptions
syslog.conf file
and auditing, syslog.conf File
audit.notice level, How to Configure syslog Audit Logs
audit records, How Does Auditing Work?
executable stack messages, Preventing Executable Files From Compromising Security
kern.notice level, Preventing Executable Files From Compromising Security
priv.debug entry, Files With Privilege Information
saving failed login attempts, How to Monitor All Failed Login Attempts
SYSLOG_FAILED_LOGINS
in Solaris Secure Shell, Solaris Secure Shell and Login Environment Variables
system variable, How to Monitor All Failed Login Attempts
syslog format, audit records, syslog.conf File
SyslogFacility keyword, sshd_config file, Keywords in Solaris Secure Shell
System Administrator (RBAC)
assuming role, How to Assume a Role in a Terminal Window
creating role, How to Create and Assign a Role by Using the GUI
protecting hardware, How to Require a Password for Hardware Access
recommended role, RBAC: An Alternative to the Superuser Model
rights profile, System Administrator Rights Profile
system calls
arg audit token, arg Token
close, Definitions of Audit Classes
exec_args audit token, exec_args Token
exec_env audit token, exec_env Token
ioctl(), Definitions of Audit Classes
ioctl to clean audio device, Device-Clean Scripts
return audit token, return Token
system file, bsmconv effect on, system File
system hardware, controlling access to, Controlling Access to System Hardware
system properties, privileges relating to, Privilege Descriptions
system security
ACL, Using Access Control Lists to Protect Files
dial-up logins and passwords, Dial-Up Logins
dial-up passwords
disabling temporarily, How to Temporarily Disable Dial-Up Logins
displaying
user's login status
How to Display a User's Login Status
How to Display a User's Login Status
users with no passwords, How to Display Users Without Passwords
firewall systems, Firewall Systems
hardware protection
Maintaining Physical Security
Controlling Access to System Hardware
login access restrictions
Maintaining Login Control
Maintaining Login Control
machine access, Maintaining Physical Security
overview, Controlling Access to a Computer System
password encryption, Password Encryption
passwords, Managing Password Information
privileges, Privileges (Overview)
protecting from risky programs, Protecting Against Programs With Security Risk (Task Map)
restricted shell
Assigning a Restricted Shell to Users
Assigning a Restricted Shell to Users
restricting remote root access, How to Restrict and Monitor Superuser Logins
role-based access control (RBAC)
Configuring Role-Based Access Control to Replace Superuser
RBAC: An Alternative to the Superuser Model
root access restrictions
Restricting root Access to Shared Files
How to Restrict and Monitor Superuser Logins
saving failed login attempts, How to Monitor Failed Login Attempts
special logins, Special System Logins
su command monitoring
Limiting and Monitoring Superuser
How to Monitor Who Is Using the su Command
task map, Protecting Against Programs With Security Risk (Task Map)
system state audit class, Definitions of Audit Classes
System V IPC
ipc audit class, Definitions of Audit Classes
ipc audit token, ipc Token
ipc_perm audit token, ipc_perm Token
privileges, Privilege Descriptions
system variables
See also variables
CRYPT_DEFAULT, How to Specify an Algorithm for Password Encryption
KEYBOARD_ABORT, How to Disable a System's Abort Sequence
noexec_user_stack, How to Disable Programs From Using Executable Stacks
noexec_user_stack_log, How to Disable Programs From Using Executable Stacks
rstchown, How to Change the Owner of a File
SYSLOG_FAILED_LOGINS, How to Monitor All Failed Login Attempts
system-wide administration audit class, Definitions of Audit Classes
systems, protecting from risky programs, Protecting Against Programs With Security Risk (Task Map)
Previous Next