Document Information
Preface
Part I Security Overview
1. Security Services (Overview)
Part II System, File, and Device Security
2. Managing Machine Security (Overview)
3. Controlling Access to Systems (Tasks)
4. Virus Scanning Service (Tasks)
5. Controlling Access to Devices (Tasks)
6. Using the Basic Audit Reporting Tool (Tasks)
7. Controlling Access to Files (Tasks)
Part III Roles, Rights Profiles, and Privileges
8. Using Roles and Privileges (Overview)
9. Using Role-Based Access Control (Tasks)
10. Role-Based Access Control (Reference)
11. Privileges (Tasks)
12. Privileges (Reference)
Part IV Solaris Cryptographic Services
13. Solaris Cryptographic Framework (Overview)
14. Solaris Cryptographic Framework (Tasks)
15. Solaris Key Management Framework
Part V Authentication Services and Secure Communication
16. Using Authentication Services (Tasks)
17. Using PAM
18. Using SASL
19. Using Solaris Secure Shell (Tasks)
20. Solaris Secure Shell (Reference)
Part VI Kerberos Service
21. Introduction to the Kerberos Service
22. Planning for the Kerberos Service
23. Configuring the Kerberos Service (Tasks)
24. Kerberos Error Messages and Troubleshooting
25. Administering Kerberos Principals and Policies (Tasks)
26. Using Kerberos Applications (Tasks)
27. The Kerberos Service (Reference)
Part VII Solaris Auditing
28. Solaris Auditing (Overview)
29. Planning for Solaris Auditing
30. Managing Solaris Auditing (Tasks)
31. Solaris Auditing (Reference)
Glossary
Index
|
D
- -D option
- auditreduce command, How to Merge Audit Files From the Audit Trail
- ppriv command, How to Determine Which Privileges a Program Requires
- d_passwd file
- creating, How to Create a Dial-Up Password
- description, Dial-Up Logins
- disabling dial-up logins temporarily, How to Temporarily Disable Dial-Up Logins
- -d option
- auditreduce command, How to Select Audit Events From the Audit Trail
- getfacl command, How to Display ACL Entries for a File
- praudit command, praudit Command
- setfacl command, How to Delete ACL Entries From a File
- daemons
- auditd, auditd Daemon
- kcfd, Administrative Commands in the Solaris Cryptographic Framework
- keyserv, How to Restart the Secure RPC Keyserver
- nscd (name service cache daemon)
- How to Create and Assign a Role by Using the GUI
- Commands That Manage RBAC
- rpc.nispasswd, How to Specify a New Password Algorithm for an NIS+ Domain
- running with privileges, Administrative Differences on a System With Privileges
- ssh-agent, How to Reduce Password Prompts in Solaris Secure Shell
- sshd, A Typical Solaris Secure Shell Session
- table of Kerberos, Kerberos Daemons
- vold, How to Authorize Users to Allocate a Device
- Data Encryption Standard, See DES encryption
- data forwarding, Solaris Secure Shell, Command Execution and Data Forwarding in Solaris Secure Shell
- databases
- audit_user, audit_user Database
- auth_attr, auth_attr Database
- backing up and propagating KDC, Backing Up and Propagating the Kerberos Database
- creating KDC, How to Configure a Master KDC
- cred for Secure RPC
- Diffie-Hellman Authentication and Secure RPC
- How to Set Up a Diffie-Hellman Key for an NIS+ Host
- exec_attr, exec_attr Database
- KDC propagation, Which Database Propagation System to Use
- NFS secret keys, Implementation of Diffie-Hellman Authentication
- prof_attr, prof_attr Database
- publickey for Secure RPC, Diffie-Hellman Authentication and Secure RPC
- RBAC, Databases That Support RBAC
- user_attr, user_attr Database
- with privilege information, Files With Privilege Information
- dd command, generating secret keys, How to Generate a Symmetric Key by Using the dd Command
- deallocate command
- allocate error state
- Allocate Error State
- Allocate Error State
- authorizations for, Device Allocation Commands
- authorizations required, Commands That Require Authorizations
- description, Device Allocation Commands
- device-clean scripts and, Device-Clean Scripts
- using, How to Deallocate a Device
- deallocating
- devices, How to Deallocate a Device
- forcibly, Forcibly Deallocating a Device
- microphone, How to Deallocate a Device
- debugging, privileges, How to Determine Which Privileges a Program Requires
- debugging sequence number, sequence Token
- decrypt command
- description, User-Level Commands in the Solaris Cryptographic Framework
- syntax, How to Encrypt and Decrypt a File
- decrypting
- conversation keys for Secure RPC, Implementation of Diffie-Hellman Authentication
- files, How to Encrypt and Decrypt a File
- NFS secret keys, Implementation of Diffie-Hellman Authentication
- secret keys, Implementation of Diffie-Hellman Authentication
- default/login file, description, Solaris Secure Shell Files
- default_realm section
- krb5.conf file
- How to Configure a Master KDC
- How to Configure a KDC to Use an LDAP Data Server
- defaultpriv keyword, user_attr database, Files With Privilege Information
- defaults
- ACL entries for directories
- ACL Entries for Directories
- ACL Entries for Directories
- audit_startup script, audit_startup Script
- praudit output format
- praudit Command
- praudit Command
- privilege settings in policy.conf file, Files With Privilege Information
- system-wide auditing, Audit Classes
- system-wide in policy.conf file, Password Encryption
- umask value, Default umask Value
- delegating, RBAC authorizations, Delegation Authority in Authorizations
- delete_entry command, ktutil command, How to Temporarily Disable Authentication for a Service on a Host
- deleting
- ACL entries
- Commands for Administering ACLs
- How to Delete ACL Entries From a File
- archived audit files, How to Prevent Audit Trail Overflow
- audit files, How to Merge Audit Files From the Audit Trail
- host's service, How to Temporarily Disable Authentication for a Service on a Host
- not_terminated audit files, How to Clean Up a not_terminated Audit File
- policies (Kerberos), How to Delete a Kerberos Policy
- principal (Kerberos), How to Delete a Kerberos Principal
- rights profiles, How to Create or Change a Rights Profile
- DenyGroups keyword, sshd_config file, Keywords in Solaris Secure Shell
- DenyUsers keyword, sshd_config file, Keywords in Solaris Secure Shell
- DES encryption
- kernel provider, How to List Available Providers
- Secure NFS, DES Encryption With Secure NFS
- destroying, tickets with kdestroy, Destroying Kerberos Tickets
- determining
- files with setuid permissions, How to Find Files With Special File Permissions
- if file has ACL, How to Check if a File Has an ACL
- privileges on a process, How to Determine the Privileges on a Process
- privileges task map, Determining Your Privileges (Task Map)
- /dev/arp device, getting IP MIB-II information, How to Retrieve IP MIB-II Information From a /dev/* Device
- /dev/urandom device, How to Generate a Symmetric Key by Using the dd Command
- devfsadm command, description, Device Policy Commands
- device_allocate file
- description, device_allocate File
- format, device_allocate File
- sample
- How to Change Which Devices Can Be Allocated
- device_allocate File
- device allocation
- adding devices, Managing Device Allocation (Task Map)
- allocatable devices
- device_allocate File
- device_allocate File
- allocate command, Device Allocation Commands
- allocate error state, Allocate Error State
- allocating devices, How to Allocate a Device
- auditing, How to Audit Device Allocation
- authorizations for commands, Device Allocation Commands
- authorizing users to allocate, How to Authorize Users to Allocate a Device
- changing allocatable devices, How to Change Which Devices Can Be Allocated
- commands, Device Allocation Commands
- components of mechanism, Components of Device Allocation
- configuration file, device_maps File
- deallocate command, Device Allocation Commands
- device-clean scripts and, Device-Clean Scripts
- using, How to Deallocate a Device
deallocating devices, How to Deallocate a Device
- device_allocate file, device_allocate File
- device-clean scripts
- audio devices, Device-Clean Scripts
- CD-ROM drives, Device-Clean Scripts
- description, Device-Clean Scripts
- diskette drives, Device-Clean Scripts
- options, Device-Clean Scripts
- tape drives
- device_allocate File
- Device-Clean Scripts
- writing new scripts, Device-Clean Scripts
device_maps file, device_maps File
- disabling, How to Disable the Auditing Service
- enabling
- How to Make a Device Allocatable
- How to Make a Device Allocatable
- examples, How to Allocate a Device
- forcibly allocating devices, Forcibly Allocating a Device
- forcibly deallocating devices, Forcibly Deallocating a Device
- making device allocatable, How to Make a Device Allocatable
- managing devices, Managing Device Allocation (Task Map)
- mounting devices, How to Mount an Allocated Device
- not requiring authorization, How to Change Which Devices Can Be Allocated
- preventing, How to Change Which Devices Can Be Allocated
- requiring authorization, How to Change Which Devices Can Be Allocated
- task map, Managing Device Allocation (Task Map)
- unmounting allocated device, How to Deallocate a Device
- user procedures, Allocating Devices (Task Map)
- using, Allocating Devices (Task Map)
- using allocate command, How to Allocate a Device
- viewing information, How to View Allocation Information About a Device
- device-clean scripts
- and object reuse, Device-Clean Scripts
- audio devices, Device-Clean Scripts
- CD-ROM drives, Device-Clean Scripts
- description, Device-Clean Scripts
- diskette drives, Device-Clean Scripts
- options, Device-Clean Scripts
- tape drives
- device_allocate File
- device_allocate File
- Device-Clean Scripts
- writing new scripts, Device-Clean Scripts
- device management, See device policy
- device_maps file
- description, device_maps File
- format, device_maps File
- sample entries, device_maps File
- device policy
- add_drv command, Device Policy Commands
- auditing changes, How to Audit Changes in Device Policy
- changing, How to Change the Device Policy on an Existing Device
- commands, Device Policy Commands
- configuring, Configuring Device Policy
- kernel protection, Device Protection (Reference)
- managing devices, Configuring Device Policy (Task Map)
- overview
- Controlling Access to Devices
- Device Policy (Overview)
- removing from device, How to Change the Device Policy on an Existing Device
- task map, Configuring Device Policy (Task Map)
- update_drv command
- How to Change the Device Policy on an Existing Device
- Device Policy Commands
- viewing, How to View Device Policy
- Device Security (RBAC), creating role, How to Create and Assign a Role by Using the GUI
- devices
- adding device policy, How to Change the Device Policy on an Existing Device
- allocating for use, Allocating Devices (Task Map)
- auditing allocation of, How to Audit Device Allocation
- auditing policy changes, How to Audit Changes in Device Policy
- authorizing users to allocate, How to Authorize Users to Allocate a Device
- changing device policy, How to Change the Device Policy on an Existing Device
- changing which are allocatable, How to Change Which Devices Can Be Allocated
- deallocating a device, How to Deallocate a Device
- /dev/urandom device, How to Generate a Symmetric Key by Using the dd Command
- device allocation
- See device allocation
forcibly allocating, Forcibly Allocating a Device
- forcibly deallocating, Forcibly Deallocating a Device
- getting IP MIB-II information, How to Retrieve IP MIB-II Information From a /dev/* Device
- listing, How to View Device Policy
- listing device names, How to View Allocation Information About a Device
- login access control, Remote Logins
- making allocatable, How to Make a Device Allocatable
- managing, Configuring Device Policy (Task Map)
- managing allocation of, Managing Device Allocation (Task Map)
- mounting allocated devices, How to Mount an Allocated Device
- not requiring authorization for use, How to Change Which Devices Can Be Allocated
- policy commands, Device Policy Commands
- preventing use of all, How to Change Which Devices Can Be Allocated
- preventing use of some, How to Change Which Devices Can Be Allocated
- privilege model and, Privileges and Devices
- protecting by device allocation, Controlling Access to Devices
- protecting in the kernel, Controlling Access to Devices
- removing policy, How to Change the Device Policy on an Existing Device
- security, Controlling Access to Devices
- superuser model and, Privileges and Devices
- unmounting allocated device, How to Deallocate a Device
- viewing allocation information, How to View Allocation Information About a Device
- viewing device policy, How to View Device Policy
- zones and, Controlling Access to Devices
- dfstab file, sharing files, Sharing Files Across Machines
- DH authentication
- configuring in NIS, How to Set Up a Diffie-Hellman Key for an NIS Host
- configuring in NIS+, How to Set Up a Diffie-Hellman Key for an NIS+ Host
- description, Diffie-Hellman Authentication and Secure RPC
- for NIS+ client, How to Set Up a Diffie-Hellman Key for an NIS+ Host
- for NIS client, How to Set Up a Diffie-Hellman Key for an NIS Host
- mounting files with, How to Share NFS Files With Diffie-Hellman Authentication
- sharing files with, How to Share NFS Files With Diffie-Hellman Authentication
- DHCP Management (RBAC), creating role, How to Create and Assign a Role by Using the GUI
- dial-up passwords
- creating, How to Create a Dial-Up Password
- disabling, Dial-Up Logins
- disabling temporarily, How to Temporarily Disable Dial-Up Logins
- /etc/d_passwd file, Dial-Up Logins
- security, Dial-Up Logins
- dialups file, creating, How to Create a Dial-Up Password
- Diffie-Hellman authentication, See DH authentication
- digest command
- description, User-Level Commands in the Solaris Cryptographic Framework
- example, How to Compute a Digest of a File
- syntax, How to Compute a Digest of a File
- digestmd5.so.1 plug-in, SASL and, SASL Plug-ins
- digests
- computing for file, How to Compute a Digest of a File
- of files
- How to Compute a Digest of a File
- How to Compute a Digest of a File
- dir line, audit_control file, audit_control File
- direct realms, How to Establish Direct Cross-Realm Authentication
- directories
- See also files
- ACL entries
- ACL Entries for Directories
- ACL Entries for Directories
- audit_control file definitions, audit_control File
- audit directories full
- auditd Daemon
- audit_warn Script
- auditd daemon pointer
- auditd Daemon
- auditd Daemon
- displaying files and related information
- Commands for Viewing and Securing Files
- How to Display File Information
- mounting audit directories, Audit Trail
- permissions
- defaults, Default umask Value
- description, UNIX File Permissions
public directories, Sticky Bit
- disabling
- abort sequence, How to Disable a System's Abort Sequence
- audit policy, How to Configure Audit Policy
- auditing service, How to Disable the Auditing Service
- cryptographic mechanisms, How to Prevent the Use of a User-Level Mechanism
- device allocation, How to Disable the Auditing Service
- dial-up logins temporarily, How to Temporarily Disable Dial-Up Logins
- dial-up passwords, How to Temporarily Disable Dial-Up Logins
- executable stacks, How to Disable Programs From Using Executable Stacks
- executables that compromise security, Preventing Executable Files From Compromising Security
- hardware mechanisms, How to Disable Hardware Provider Mechanisms and Features
- keyboard abort, How to Disable a System's Abort Sequence
- keyboard shutdown, How to Disable a System's Abort Sequence
- logging of executable stack messages, How to Disable Programs From Using Executable Stacks
- logins temporarily, How to Temporarily Disable User Logins
- programs from using executable stacks, How to Disable Programs From Using Executable Stacks
- remote root access, How to Restrict and Monitor Superuser Logins
- service on a host (Kerberos), How to Temporarily Disable Authentication for a Service on a Host
- system abort sequence, How to Disable a System's Abort Sequence
- user logins, How to Temporarily Disable User Logins
- disk partitioning, for binary audit files, How to Create Partitions for Audit Files
- disk-space requirements, Cost of Storage of Audit Data
- diskette drives
- allocating, How to Mount an Allocated Device
- device-clean scripts, Device-Clean Scripts
- displaying
- ACL entries
- Commands for Administering ACLs
- How to Check if a File Has an ACL
- How to Display ACL Entries for a File
- allocatable devices, How to View Allocation Information About a Device
- audit policies, How to Configure Audit Policy
- audit record formats, How to Display Audit Record Formats
- audit records, How to View the Contents of Binary Audit Files
- audit records in XML format, How to View the Contents of Binary Audit Files
- device policy, How to View Device Policy
- file information, How to Display File Information
- files and related information, Commands for Viewing and Securing Files
- format of audit records, How to Display Audit Record Formats
- providers in the cryptographic framework, How to List Available Providers
- roles you can assume
- How to Assume a Role in a Terminal Window
- Commands That Manage RBAC
- root access attempts, How to Restrict and Monitor Superuser Logins
- selected audit records, How to Merge Audit Files From the Audit Trail
- su command attempts, How to Restrict and Monitor Superuser Logins
- sublist of principals (Kerberos), How to View the List of Kerberos Principals
- user's login status
- How to Display a User's Login Status
- How to Display a User's Login Status
- users with no passwords, How to Display Users Without Passwords
- dminfo command, device_maps File
- DNS, Kerberos and, Client and Service Principal Names
- domain_realm section
- krb5.conf file
- Mapping Host Names Onto Realms
- How to Configure a Master KDC
- How to Configure a KDC to Use an LDAP Data Server
- dot (.)
- authorization name separator, Authorization Naming Conventions
- displaying hidden files, How to Display File Information
- double dollar sign ($$), parent shell process number, How to Determine the Privileges on a Process
- DSAAuthentication keyword, See PubkeyAuthentication keyword
- DTD for praudit command, praudit Command
- .dtprofile script, use in Solaris Secure Shell, How to Set Up the ssh-agent Command to Run Automatically in CDE
- duplicating, principals (Kerberos), How to Duplicate a Kerberos Principal
- DynamicForward keyword, ssh_config file, Keywords in Solaris Secure Shell
|
