Part I Security Overview
1. Security Services (Overview)
Solaris Cryptographic Services
Authentication With Encryption
Part II System, File, and Device Security
2. Managing Machine Security (Overview)
3. Controlling Access to Systems (Tasks)
4. Virus Scanning Service (Tasks)
5. Controlling Access to Devices (Tasks)
6. Using the Basic Audit Reporting Tool (Tasks)
7. Controlling Access to Files (Tasks)
Part III Roles, Rights Profiles, and Privileges
8. Using Roles and Privileges (Overview)
9. Using Role-Based Access Control (Tasks)
10. Role-Based Access Control (Reference)
11. Privileges (Tasks)
12. Privileges (Reference)
Part IV Solaris Cryptographic Services
13. Solaris Cryptographic Framework (Overview)
14. Solaris Cryptographic Framework (Tasks)
15. Solaris Key Management Framework
Part V Authentication Services and Secure Communication
16. Using Authentication Services (Tasks)
17. Using PAM
18. Using SASL
19. Using Solaris Secure Shell (Tasks)
20. Solaris Secure Shell (Reference)
Part VI Kerberos Service
21. Introduction to the Kerberos Service
22. Planning for the Kerberos Service
23. Configuring the Kerberos Service (Tasks)
24. Kerberos Error Messages and Troubleshooting
25. Administering Kerberos Principals and Policies (Tasks)
26. Using Kerberos Applications (Tasks)
27. The Kerberos Service (Reference)
Part VII Solaris Auditing
28. Solaris Auditing (Overview)
29. Planning for Solaris Auditing
30. Managing Solaris Auditing (Tasks)
31. Solaris Auditing (Reference)
System security ensures that the system's resources are used properly. Access controls can
restrict who is permitted access to resources on the system. The Solaris OS
features for system security and access control include the following:
Login administration tools – Commands for monitoring and controlling a user's ability to log in. See Securing Logins and Passwords (Task Map).
Hardware access – Commands for limiting access to the PROM, and for restricting who can boot the system. See SPARC: Controlling Access to System Hardware (Task Map).
Resource access – Tools and strategies for maximizing the appropriate use of machine resources while minimizing the misuse of those resources. See Controlling Access to Machine Resources.
Role-based access control (RBAC) – An architecture for creating special, restricted user accounts that are permitted to perform specific administrative tasks. See Role-Based Access Control (Overview).
Privileges – Discrete rights on processes to perform operations. These process rights are enforced in the kernel. See Privileges (Overview).
Device management – Device policy additionally protects devices that are already protected by UNIX permissions. Device allocation controls access to peripheral devices, such as a microphone or CD-ROM drive. Upon deallocation, device-clean scripts can then erase any data from the device. See Controlling Access to Devices.
Basic Audit Reporting Tool (BART) – A snapshot, called a manifest, of the file attributes of files on a system. By comparing the manifests across systems or on one system over time, changes to files can be monitored to reduce security risks. See Chapter 6, Using the Basic Audit Reporting Tool (Tasks).
File permissions – Attributes of a file or directory. Permissions restrict the users and groups that are permitted to read, write, or execute a file, or search a directory. See Chapter 7, Controlling Access to Files (Tasks).
Antivirus software – A vscan service checks files for viruses before an application uses the files. A file system can invoke this service to scan files in real time for the most recent virus definitions before the files are accessed by any clients of the file system.
The real-time scan is performed by third-party applications. A file can be scanned when it is opened and after it is closed. See Chapter 4, Virus Scanning Service (Tasks).