S

-S option, st_clean script, Device-Clean Scripts

-s option

audit command

How to Refresh the Audit Service

How to Refresh the Audit Service

How to Enable the Audit Service

safe protection level, Overview of Kerberized Commands

SASL

environment variable, SASL Environment Variable

options, SASL Options

overview, SASL (Overview)

plug-ins, SASL Plug-ins

saslauthd_path option, SASL and, SASL Options

saving, failed login attempts, How to Monitor Failed Login Attempts

scope (RBAC), description, Name Service Scope and RBAC

scp command

copying files with, How to Copy Files With Secure Shell

description, Secure Shell Commands

scripts

audit_warn script

How to Configure the audit_warn Email Alias

Audit Service Man Pages

checking for RBAC authorizations, How to Add RBAC Properties to Legacy Applications

device-clean scripts

See also device-clean scripts

for cleaning devices, Device-Clean Scripts

monitoring audit files example, Auditing Efficiently

processing praudit output, How to View the Contents of Binary Audit Files

running with privileges, Assigning Privileges to a Script

securing, How to Add RBAC Properties to Legacy Applications

use of privileges in, How to Run a Shell Script With Privileged Commands

SCSI devices, st_clean script, device_allocate File

SEAM Tool

and limited administration privileges, Using the SEAM Tool With Limited Kerberos Administration Privileges

and list privileges, Using the SEAM Tool With Limited Kerberos Administration Privileges

and X Window system, Command-Line Equivalents of the SEAM Tool

command-line equivalents, Command-Line Equivalents of the SEAM Tool

context-sensitive help, Print and Online Help Features of the SEAM Tool

creating a new policy

How to Create a New Kerberos Principal

How to Create a New Kerberos Policy

creating a new principal, How to Create a New Kerberos Principal

default values, How to Start the SEAM Tool

deleting a principal, How to Delete a Kerberos Principal

deleting policies, How to Delete a Kerberos Policy

displaying sublist of principals, How to View the List of Kerberos Principals

duplicating a principal, How to Duplicate a Kerberos Principal

files modified by, The Only File Modified by the SEAM Tool

Filter Pattern field, How to View the List of Kerberos Principals

gkadmin command, Ways to Administer Kerberos Principals and Policies

.gkadmin file, The Only File Modified by the SEAM Tool

help, Print and Online Help Features of the SEAM Tool

Help Contents, Print and Online Help Features of the SEAM Tool

how affected by privileges, Using the SEAM Tool With Limited Kerberos Administration Privileges

kadmin command, Ways to Administer Kerberos Principals and Policies

login window, How to Start the SEAM Tool

modifying a policy, How to Modify a Kerberos Policy

modifying a principal, How to Modify a Kerberos Principal

online help, Print and Online Help Features of the SEAM Tool

or kadmin command, SEAM Tool

overview, SEAM Tool

panel descriptions, SEAM Tool Panel Descriptions

privileges, Using the SEAM Tool With Limited Kerberos Administration Privileges

setting up principal defaults, How to Set Up Defaults for Creating New Kerberos Principals

starting, How to Start the SEAM Tool

table of panels, SEAM Tool Panel Descriptions

viewing a principal's attributes, How to View a Kerberos Principal's Attributes

viewing list of policies, How to View the List of Kerberos Policies

viewing list of principals, How to View the List of Kerberos Principals

viewing policy attributes, How to View a Kerberos Policy's Attributes

secret keys

creating

How to Generate a Symmetric Key by Using the dd Command

How to Generate a Symmetric Key by Using the pktool Command

generating

using the dd command, How to Generate a Symmetric Key by Using the dd Command

using the pktool command, How to Generate a Symmetric Key by Using the pktool Command

generating for Secure RPC, Implementation of Diffie-Hellman Authentication

Secure by Default installation option, Using the Secure by Default Configuration

secure connection

across a firewall, How to Set Up Default Connections to Hosts Outside a Firewall

logging in, How to Log In to a Remote Host With Secure Shell

Secure NFS, NFS Services and Secure RPC

Secure RPC

alternative, Authentication and Authorization for Remote Access

and Kerberos, Kerberos Authentication

description, Overview of Secure RPC

implementation of, Implementation of Diffie-Hellman Authentication

keyserver, Implementation of Diffie-Hellman Authentication

overview, Authentication and Authorization for Remote Access

Secure Shell

administering, A Typical Secure Shell Session

administrator task map

Secure Shell (Task Map)

Configuring Secure Shell (Task Map)

authentication

requirements for, Secure Shell Authentication

authentication methods, Secure Shell Authentication

authentication steps, Authentication and Key Exchange in Secure Shell

basis from OpenSSH, Secure Shell and the OpenSSH Project

changes in current release, Secure Shell and the OpenSSH Project

changing passphrase, How to Change the Passphrase for a Secure Shell Private Key

command execution, Command Execution and Data Forwarding in Secure Shell

configuring clients, Client Configuration in Secure Shell

configuring port forwarding, How to Configure Port Forwarding in Secure Shell

configuring server, Server Configuration in Secure Shell

connecting across a firewall, How to Set Up Default Connections to Hosts Outside a Firewall

connecting outside firewall

from command line, How to Set Up Default Connections to Hosts Outside a Firewall

from configuration file, How to Set Up Default Connections to Hosts Outside a Firewall

copying files, How to Copy Files With Secure Shell

creating keys, How to Generate a Public/Private Key Pair for Use With Secure Shell

data forwarding, Command Execution and Data Forwarding in Secure Shell

description, Secure Shell (Overview)

files, Secure Shell Files

forwarding mail, How to Use Port Forwarding in Secure Shell

generating keys, How to Generate a Public/Private Key Pair for Use With Secure Shell

keywords, Keywords in Secure Shell

local port forwarding

How to Use Port Forwarding in Secure Shell

How to Use Port Forwarding in Secure Shell

logging in fewer prompts, How to Reduce Password Prompts in Secure Shell

logging in to remote host, How to Log In to a Remote Host With Secure Shell

login environment variables and, Secure Shell and Login Environment Variables

naming identity files, Secure Shell Files

protocol versions, Secure Shell (Overview)

public key authentication, Secure Shell Authentication

remote port forwarding, How to Use Port Forwarding in Secure Shell

scp command, How to Copy Files With Secure Shell

specifying exceptions to system defaults, How to Create User and Host Exceptions to SSH System Defaults

TCP and, How to Configure Port Forwarding in Secure Shell

typical session, A Typical Secure Shell Session

user procedures, Using Secure Shell (Task Map)

using port forwarding, How to Use Port Forwarding in Secure Shell

using without password, How to Reduce Password Prompts in Secure Shell

securing

logins task map, Securing Logins and Passwords (Task Map)

network at installation, Using the Secure by Default Configuration

passwords task map, Securing Logins and Passwords (Task Map)

scripts, How to Add RBAC Properties to Legacy Applications

security

across insecure network, How to Set Up Default Connections to Hosts Outside a Firewall

auditing, Auditing (Overview)

auditing and, How Is Auditing Related to Security?

BART

Using the Basic Audit Reporting Tool (Tasks)

BART Security Considerations

computing digest of files, How to Compute a Digest of a File

computing MAC of files, How to Compute a MAC of a File

Cryptographic Framework, Cryptographic Framework (Overview)

device allocation, Controlling Access to Devices (Tasks)

devices, Controlling Access to Devices

DH authentication, Implementation of Diffie-Hellman Authentication

encrypting files, How to Encrypt and Decrypt a File

installation options, Using the Secure by Default Configuration

key management framework, Key Management Framework

netservices limited installation option, Using the Secure by Default Configuration

NFS client-server, Implementation of Diffie-Hellman Authentication

password encryption, Password Encryption

policy overview, Security Policy

preventing remote login, How to Restrict and Monitor Superuser Logins

protecting against denial of service, Using Resource Management Features

protecting against Trojan horse, Setting the PATH Variable

protecting devices, Device-Clean Scripts

protecting hardware, Controlling Access to System Hardware (Tasks)

protecting PROM, Controlling Access to System Hardware (Tasks)

Secure by Default, Using the Secure by Default Configuration

Secure Shell, Using Secure Shell (Tasks)

system hardware, Controlling Access to System Hardware (Tasks)

systems, Managing Machine Security (Overview)

security attributes

checking for, Applications That Check UIDs and GIDs

considerations when directly assigning, Security Considerations When Directly Assigning Security Attributes

description, RBAC Elements and Basic Concepts

listing all RBAC, How to View All Defined Security Attributes

Network Security rights profile, RBAC Elements and Basic Concepts

order of search, Order of Search for Assigned Security Attributes

privileges on commands, Applications That Check for Privileges

special ID on commands, Applications That Check UIDs and GIDs

usability considerations when directly assigning, Usability Considerations When Directly Assigning Security Attributes

using to mount allocated device, How to Authorize Users to Allocate a Device

security mechanism, specifying with -m option, Overview of Kerberized Commands

security modes, setting up environment with multiple, How to Set Up a Secure NFS Environment With Multiple Kerberos Security Modes

security policy, default (RBAC), RBAC Databases

security service, Kerberos and, Kerberos Security Services

selecting

audit classes, How to Preselect Audit Classes

audit records, How to Select Audit Events From the Audit Trail

events from audit trail, How to Select Audit Events From the Audit Trail

semicolon (;), device_allocate file, device_allocate File

sendmail command, authorizations required, Selected Commands That Require Authorizations

seq audit policy

and sequence token

Understanding Audit Policy

sequence Token

description, Understanding Audit Policy

sequence audit token

and seq audit policy, sequence Token

format, sequence Token

ServerAliveCountMax keyword, ssh_config file, Keywords in Secure Shell

ServerAliveInterval keyword, ssh_config file, Keywords in Secure Shell

ServerKeyBits keyword, sshd_config file, Keywords in Secure Shell

servers

AUTH_DH client-server session, Implementation of Diffie-Hellman Authentication

configuring for Secure Shell, Server Configuration in Secure Shell

definition in Kerberos, Authentication-Specific Terminology

gaining access with Kerberos, Gaining Access to a Service Using Kerberos

obtaining credential for, Obtaining a Credential for a Server

realms and, Kerberos Servers

service

definition in Kerberos, Authentication-Specific Terminology

disabling on a host, How to Temporarily Disable Authentication for a Service on a Host

obtaining access for specific service, Obtaining Access to a Specific Service

service keys

definition in Kerberos, Authentication-Specific Terminology

keytab files and, Administering Keytab Files

service management facility, refreshing Cryptographic Framework, How to Add a Software Provider

Service Management Facility (SMF), See SMF

service principal

adding to keytab file

Administering Keytab Files

How to Add a Kerberos Service Principal to a Keytab File

description, Kerberos Principals

planning for names, Client and Service Principal Names

removing from keytab file, How to Remove a Service Principal From a Keytab File

session ID, audit, Process Audit Characteristics

session keys

definition in Kerberos, Authentication-Specific Terminology

Kerberos authentication and, How the Kerberos Authentication System Works

-setflags option, auditconfig command, How to Preselect Audit Classes

setgid permissions

absolute mode

File Permission Modes

How to Change Special File Permissions in Absolute Mode

description, setgid Permission

security risks, setgid Permission

symbolic mode, File Permission Modes

-setnaflags option, auditconfig command, How to Preselect Audit Classes

setpin subcommand, pktool command, How to Generate a Passphrase by Using the pktool setpin Command

-setplugin option

auditconfig command

How to Send Audit Files to a Remote Repository

How to Configure syslog Audit Logs

-setpolicy option, auditconfig command, How to Change Audit Policy

setting

arge policy, How to Audit All Commands by Users

argv policy, How to Audit All Commands by Users

audit policy, How to Change Audit Policy

audit queue controls, How to Change Audit Queue Controls

principal defaults (Kerberos), How to Set Up Defaults for Creating New Kerberos Principals

setuid permissions

absolute mode

File Permission Modes

How to Change Special File Permissions in Absolute Mode

description, setuid Permission

finding files with permissions set, How to Find Files With Special File Permissions

security risks

Restricting setuid Executable Files

setuid Permission

symbolic mode, File Permission Modes

sftp command

auditing file transfers, How to Audit FTP and SFTP File Transfers

copying files with, How to Copy Files With Secure Shell

sftpcommand, description, Secure Shell Commands

sh command, privileged version, Profile Shells and RBAC

SHA1 kernel provider, How to List Available Providers

SHA2 kernel provider, How to List Available Providers

sharing files

and network security, Sharing Files Across Machines

with DH authentication, How to Share NFS Files With Diffie-Hellman Authentication

shell, privileged versions, Profile Shells and RBAC

shell commands, passing parent shell process number, How to Determine the Privileges on a Process

shell process, listing its privileges, How to Determine the Privileges on a Process

shell scripts, writing privileged, How to Run a Shell Script With Privileged Commands

shosts.equiv file, description, Secure Shell Files

.shosts file, description, Secure Shell Files

signing

PKCS #10 CSR, How to Sign a Certificate Request by Using the pktool signcsr Command

using the pktool command, How to Sign a Certificate Request by Using the pktool signcsr Command

signing providers, Cryptographic Framework, Plugins to the Cryptographic Framework

single-sign-on system, Kerberos User Commands

Kerberos and, What Is the Kerberos Service?

size of audit files

reducing, How to Merge Audit Files From the Audit Trail

reducing storage-space requirements, Auditing Efficiently

slave_datatrans file

description, Kerberos Files

KDC propagation and, Backing Up and Propagating the Kerberos Database

slave_datatrans_slave file, description, Kerberos Files

slave KDCs

automatically configuring, How to Automatically Configure a Slave KDC

configuring, How to Manually Configure a Slave KDC

definition, Kerberos-Specific Terminology

interactively configuring, How to Interactively Configure a Slave KDC

master KDC and, Kerberos Servers

or master, Configuring KDC Servers

planning for, The Number of Slave KDCs

swapping with master KDC, Swapping a Master KDC and a Slave KDC

slot, definition in Cryptographic Framework, Terminology in the Cryptographic Framework

SMF

auditd service, Audit Service

Cryptographic Framework service, Administrative Commands in the Cryptographic Framework

device allocation service, Device Allocation Service

enabling keyserver, How to Restart the Secure RPC Keyserver

kcfd service, Administrative Commands in the Cryptographic Framework

managing Secure by Default configuration, Using the Secure by Default Configuration

restarting Cryptographic Framework, How to Refresh or Restart All Cryptographic Services

restarting Secure Shell, How to Configure Port Forwarding in Secure Shell

ssh service, How to Configure Port Forwarding in Secure Shell

socket audit token, socket Token

solaris.device.revoke authorization, Device Allocation Commands

sp audit event modifier, header Token

special permissions

setgid permissions, setgid Permission

setuid permissions, setuid Permission

sticky bit, Sticky Bit

square brackets ([]), auditrecord output, Audit Record Analysis

sr_clean script, description, Device-Clean Scripts

ssh-add command

description, Secure Shell Commands

example

How to Reduce Password Prompts in Secure Shell

How to Reduce Password Prompts in Secure Shell

storing private keys, How to Reduce Password Prompts in Secure Shell

ssh-agent command

description, Secure Shell Commands

from command line, How to Reduce Password Prompts in Secure Shell

ssh command

description, Secure Shell Commands

overriding keyword settings, Secure Shell Commands

port forwarding options, How to Use Port Forwarding in Secure Shell

using, How to Log In to a Remote Host With Secure Shell

using a proxy command, How to Set Up Default Connections to Hosts Outside a Firewall

.ssh/config file

description, Secure Shell Files

override, Secure Shell Files

ssh_config file

configuring Secure Shell, Client Configuration in Secure Shell

host-specific parameters, Host-Specific Parameters in Secure Shell

keywords, Keywords in Secure Shell

See specific keyword

override, Secure Shell Files

.ssh/environment file, description, Secure Shell Files

ssh_host_dsa_key file, description, Secure Shell Files

ssh_host_dsa_key.pub file, description, Secure Shell Files

ssh_host_key file, override, Secure Shell Files

ssh_host_key.pub file, description, Secure Shell Files

ssh_host_rsa_key file, description, Secure Shell Files

ssh_host_rsa_key.pub file, description, Secure Shell Files

.ssh/id_dsa file, Secure Shell Files

.ssh/id_rsa file, Secure Shell Files

.ssh/identity file, Secure Shell Files

ssh-keygen command

description, Secure Shell Commands

passphrase protection, Secure Shell and the OpenSSH Project

using, How to Generate a Public/Private Key Pair for Use With Secure Shell

ssh-keyscan command, description, Secure Shell Commands

ssh-keysign command, description, Secure Shell Commands

.ssh/known_hosts file

description, Secure Shell Files

override, Secure Shell Files

ssh_known_hosts file, Secure Shell Files

.ssh/rc file, description, Secure Shell Files

sshd command, description, Secure Shell Commands

sshd_config file

description, Secure Shell Files

keywords, Keywords in Secure Shell

See specific keyword

overrides of /etc/default/login entries, Secure Shell and Login Environment Variables

sshd.pid file, description, Secure Shell Files

sshrc file, description, Secure Shell Files

st_clean script

description, Device-Clean Scripts

for tape drives, device_allocate File

standard cleanup, st_clean script, Device-Clean Scripts

starting

auditing, How to Enable the Audit Service

device allocation, How to Enable Device Allocation

KDC daemon

How to Manually Configure a Slave KDC

How to Configure a Slave KDC to Use Full Propagation

Secure RPC keyserver, How to Restart the Secure RPC Keyserver

stash file

creating

How to Manually Configure a Slave KDC

How to Configure a Slave KDC to Use Full Propagation

definition, Kerberos-Specific Terminology

sticky bit permissions

absolute mode

File Permission Modes

How to Change Special File Permissions in Absolute Mode

description, Sticky Bit

symbolic mode, File Permission Modes

Stop (RBAC), rights profile, Rights Profiles

storage costs, and auditing, Cost of Storage of Audit Data

storage overflow prevention, audit trail, How to Prevent Audit Trail Overflow

storing

audit files

How to Plan Storage for Audit Records

How to Create ZFS File Systems for Audit Files

passphrase, How to Encrypt and Decrypt a File

StrictHostKeyChecking keyword, ssh_config file, Keywords in Secure Shell

StrictModes keyword, sshd_config file, Keywords in Secure Shell

su command

displaying access attempts on console, How to Restrict and Monitor Superuser Logins

in role assumption, How to Assume a Role

monitoring use, How to Monitor Who Is Using the su Command

su file, monitoring su command, How to Monitor Who Is Using the su Command

subject audit token, format, subject Token

Subsystem keyword, sshd_config file, Keywords in Secure Shell

success, audit class prefix, Audit Class Syntax

sufficient control flag, PAM, How PAM Stacking Works

sulog file, How to Monitor Who Is Using the su Command

monitoring contents of, How to Monitor Who Is Using the su Command

Sun Crypto Accelerator 1000 board, listing mechanisms, How to Disable Hardware Provider Mechanisms and Features

Sun Crypto Accelerator 6000 board

hardware plugin to Cryptographic Framework, Introduction to the Cryptographic Framework

listing mechanisms, How to List Hardware Providers

Sun Crypto Accelerator 6000 card, Secure Shell and FIPS-140, Secure Shell and FIPS-140 Support

SUPATH in Secure Shell, Secure Shell and Login Environment Variables

superuser

compared to privilege model, Privileges (Overview)

compared to RBAC model, RBAC: An Alternative to the Superuser Model

differences from privilege model, Administrative Differences on a System With Privileges

eliminating in RBAC, RBAC Roles

monitoring access attempts, How to Restrict and Monitor Superuser Logins

monitoring and restricting, Monitoring and Restricting Superuser (Tasks)

troubleshooting becoming root as a role, How to Change the root Role Into a User

troubleshooting remote access, How to Restrict and Monitor Superuser Logins

svc:/system/device/allocate, device allocation service, Device Allocation Service

svcadm command

administering Cryptographic Framework

Scope of the Cryptographic Framework

Administrative Commands in the Cryptographic Framework

enabling Cryptographic Framework, How to Refresh or Restart All Cryptographic Services

enabling keyserver daemon, How to Restart the Secure RPC Keyserver

refreshing Cryptographic Framework, How to Add a Software Provider

restarting

Secure Shell, How to Configure Port Forwarding in Secure Shell

syslog daemon

How to Monitor All Failed Login Attempts

How to Configure syslog Audit Logs

svcs command

listing cryptographic services, How to Refresh or Restart All Cryptographic Services

listing keyserver service, How to Restart the Secure RPC Keyserver

swapping master and slave KDCs, Swapping a Master KDC and a Slave KDC

symbolic links, file permissions, UNIX File Permissions

symbolic mode

changing file permissions

File Permission Modes

How to Change File Permissions in Symbolic Mode

How to Change File Permissions in Symbolic Mode

description, File Permission Modes

synchronizing clocks

master KDC

How to Manually Configure a Master KDC

How to Configure a KDC to Use an LDAP Data Server

overview, Synchronizing Clocks Between KDCs and Kerberos Clients

slave KDC

How to Manually Configure a Slave KDC

How to Configure a Slave KDC to Use Full Propagation

SYS privileges, Privilege Descriptions

syslog.conf file

and auditing, Audit Service Man Pages

audit.notice level, How to Configure syslog Audit Logs

executable stack messages, Protecting Executable Files From Compromising Security

kern.notice level, Protecting Executable Files From Compromising Security

priv.debug entry, Files With Privilege Information

privilege debugging, Files With Privilege Information

saving failed login attempts, How to Monitor All Failed Login Attempts

SYSLOG_FAILED_LOGINS

in Secure Shell, Secure Shell and Login Environment Variables

system variable, How to Monitor All Failed Login Attempts

SyslogFacility keyword, sshd_config file, Keywords in Secure Shell

System Administrator (RBAC)

protecting hardware, How to Require a Password for Hardware Access

recommended role, RBAC: An Alternative to the Superuser Model

rights profile, Rights Profiles

system calls

argument audit token, argument Token

exec_args audit token, exec_args Token

exec_env audit token, exec_env Token

ioctl to clean audio device, Device-Clean Scripts

return audit token, return Token

system hardware, controlling access to, Controlling Access to System Hardware (Tasks)

system properties, privileges relating to, Privilege Descriptions

system security

access, Managing Machine Security (Overview)

changing

root password, How to Change the root Password

displaying

user's login status

How to Display a User's Login Status

How to Display a User's Login Status

users with no passwords, How to Display Users Without Passwords

firewall systems, Firewall Systems

hardware protection

Maintaining Physical Security

Controlling Access to System Hardware (Tasks)

login access restrictions

Maintaining Login Control

Maintaining Login Control

machine access, Maintaining Physical Security

overview

Managing Machine Security (Overview)

Controlling Access to a Computer System

password encryption, Password Encryption

passwords, Managing Password Information

privileges, Privileges (Overview)

protecting from risky programs, Protecting Against Programs With Security Risk (Task Map)

restricted shell

Assigning a Restricted Shell to Users

Assigning a Restricted Shell to Users

restricting remote root access, How to Restrict and Monitor Superuser Logins

role-based access control (RBAC)

Configuring Role-Based Access Control to Replace Superuser

RBAC: An Alternative to the Superuser Model

root access restrictions

Restricting root Access to Shared Files

How to Restrict and Monitor Superuser Logins

saving failed login attempts, How to Monitor Failed Login Attempts

special accounts, Special System Accounts

su command monitoring

Limiting and Monitoring Superuser

How to Monitor Who Is Using the su Command

task map, Protecting Against Programs With Security Risk (Task Map)

UFS ACLs, Using Access Control Lists to Protect UFS Files

System V IPC

ipc audit token, ipc Token

IPC_perm audit token, IPC_perm Token

privileges, Privilege Descriptions

system variables

See also variables

CRYPT_DEFAULT, How to Specify an Algorithm for Password Encryption

KEYBOARD_ABORT, How to Disable a System's Abort Sequence

noexec_user_stack, How to Disable Programs From Using Executable Stacks

noexec_user_stack_log, How to Disable Programs From Using Executable Stacks

rstchown, How to Change the Owner of a File

SYSLOG_FAILED_LOGINS, How to Monitor All Failed Login Attempts

/system/volatile/sshd.pid file, description, Secure Shell Files

systems, protecting from risky programs, Protecting Against Programs With Security Risk (Task Map)