| Solaris Security Toolkit 4.2 Reference Manual |     |
| Solaris Security Toolkit 4.2 Reference Manual | |
|
Index |
printing, 1
specifying, 1
/etc/default/sendmail file, 1
/etc/dt/config/Xaccess file, 1
/etc/hosts.allow file, 1
/etc/hosts.deny file, 1
set-tmp-permissions file, 1
sms_arpconfig file, 1
as default value for JASS_BANNER_SSHD variable, 1
/etc/issue file, 1
as default value for JASS_BANNER_DTLOGIN variable, 1
/etc/motd file, 1
/etc/notrouter file, 1
S00set-tmp-permissions file, 1
S07set-tmp-permissions file, 1
S73sms_arpconfig file, 1
/etc/sms_domain_arp file, 1
/etc/sms_sc_arp file, 1
/etc/syslog.conf file, 1
/tmp needs, adjusting, 1
/usr/preserve startup script, disabling, 1
See Application Binary Interface (ABI)
absolute path, checksums, defining, 1
account names, status, 1
default assignments, 1
disabled, listing, 1
acct(1M) manual page, 1
add_patch function, 1
add_pkg function, 1
add_to_manifest function, 1
audit scripts, 1
drivers, 1
framework functions, 1
adding Solaris OS packages and patches, 1
Address Resolution Protocol (ARP)
enabling addresses, 1
implementing, 1
adjust permissions, 1
adjustScore function, 1
AnswerBook2 (ab2) server, 1, 2
Application Binary Interface (ABI), 1
See Address Resolution Protocol (ARP)
as-manufactured state, returning, 1
See Asynchronous Point-to-Point Protocol
assigning variables, 1
Asynchronous Point-to-Point Protocol (ASPPP)
aspppd(1M) manual page, 1
service, determining status, 1
startup and shutdown scripts, 1
access, restricting, 1
at(1) manual page, 1
facilities, 1
audit directory, 1
core processing, 1
displaying results, 1
variable, 1
calling, 1
configuration variables, 1
corresponding finish scripts, 1
customizing, 1
customizing environment variables, 1
functions, 1
headers, 1
making changes, 1
naming conventions, 1
standard, 1
storing, 1
using standard, 1
audit_public.funcs file, 1
audit_warn alias, 1
auditing sub-system, configuring, 1, 2
checking for valid arguments, 1
displaying host names, 1
displaying script names, 1
public interfaces, 1
storing output, 1
total score, 1
disabling rhosts, 1
remote services, 1
autofs file system, 1
automountd(1M) manual page, 1
automounter startup and shutdown scripts, 1, 2
back slash characters, 1, 2, 3
existing file system object, 1
files, 1
controlling, 1
reducing, 1
backup_file framework function, 1, 2
banner messages, 1
banner, authentication, 1
batch facilities, 1
bootable CD-ROM, 1
broadcast access, denying, 1
See Solaris Basic Security Module (BSM)
buffer overflow attacks, preventing, 1
name service data, 1
NSCD daemon, 1
check script, signal completion, 1
check_fileContentsExist function, 1
check_fileContentsNotExist function, 1
check_fileExists function, 1
check_fileGroupMatch function, 1
check_fileGroupNoMatch function, 1
check_fileModeMatch function, 1
check_fileModeNoMatch function, 1
check_fileNotExists function, 1
check_fileOwnerMatch function, 1
check_fileOwnerNoMatch function, 1
check_fileTemplate function, 1
check_fileTypeMatch function, 1
check_fileTypeNoMatch function, 1
check_minimized function, 1
check_os_min_version function, 1
check_os_revision function, 1
check_packageExists function, 1
check_packageNotExists function, 1
check_patchExists function, 1
check_patchNotExists function, 1
check_processArgsMatch function, 1
check_processArgsNoMatch function, 1
check_processExists function, 1
check_processNotExists function, 1
check_serviceConfigExists function, 1
check_serviceConfigNotExists function, 1
check_startScriptExists function, 1
check_startScriptNotExists function, 1
check_stopScriptExists function, 1
check_stopScriptNotExists function, 1
checkLogStatus function, 1
checkpoint resume functions, 1
excluding on non-minimized systems, 1
checksum function, 1
checksums, absolute path, defining, 1
chmod command, 1
chown command, 1
chroot command, 1
chroot(1M) manual page, 1
clean_path function, 1
CMASK variable, 1
comment out function, 1
Common Desktop Environment (CDE)
checking status, 1
disabling startup and shutdown scripts, 1
common functions, 1
common group, 1
contains logging and reporting functions, 1
contains common utility functions, 1
complex substitution variables, 1
config.driver, 1
audit scripts, variables, 1
files, editing, 1
framework functions, 1
returning to as-manufactured state, 1
/etc/issue, 1
/etc/motd, 1
checking, 1
disabling, 1
driver.init, 1
editing, 1
environment variables, maintained in, 1
exists, determining, 1
finish.init, 1
nddconfig, 1
notrouter, 1
S00set-tmp-permissions, 1
S70nddconfig, 1
S73sms_arpconfig, 1
sendmail, 1
set-temp-permissions, 1
sms_arpconfig, 1
sms_domain_arp, 1
sms_sc_arp, 1
specifying location, 1
user.init, 1
Xaccess, 1
conventions, developing finish scripts, 1
copies, drivers, 1
copy_a_dir function, 1
copy_a_symlink function, 1
copy_a_file function, 1
copy_files function, 1
file system objects, selectively, 1
framework function, 1
one file, 1
checking, 1
in driver.init script, 1
core files, stored in default location, 1
core processing, 1
coreadm functionality, configuring, 1
coreadm(1M) manual page, 1
cp command, 1
create_a_file function, 1
create_file_timestamp function, 1
nested or hierarchical security profiles, 1
new audit scripts, 1
new directories, 1
new finish scripts, 1
accessing, 1
disabling send mail, 1
log file, maximum size limit, 1, 2
restricting access, 1
files, 1
crontab(1M) manual page, 1
audit scripts, 1
drivers, 1
drivers and scripts, 1
finish scripts, 1
JASS_FILES environment variable, 1
JASS_SCRIPTS variable, 1
Solaris Security Toolkit, 1
variables for site requirements, 1
disabling, 1
enabling, 1
displaying messages, 1
JumpStart installation, 1
audit scripts, 1
environment variables, overriding, 1, 2
greeting, 1
values, environment variables, 1
designated file, content matching, 1
Desktop Management Interface (DMI)
destination directory name, 1
destination file name, 1
developing new variables, 1
dfstab(1M) manual page, 1
dhcpd(1M) manual page, 1
service, status, 1
diagnostic, 1
direct access, denying, 1
audit, 1
copying, recursively, 1
creating, 1
creating, software framework, 1
files, path, 1
directoryserver(1M) manual page, 1
disable audit scripts, 1
disable finish scripts, 1
disable_conf_file function, 1
disable_file function, 1
disable_rc_file function, 1
disable-ab2.aud script, 1
disable-ab2.fin script, 1
disable-apache.aud script, 1, 2
disable-apache.fin script, 1, 2
disable-asppp.aud script, 1
disable-asppp.fin script, 1
disable-autoinst.aud script, 1
disable-autoinst.fin script, 1
disable-automount.aud script, 1
disable-automount.fin script, 1
disable-dhcp.aud script, 1
disable-dhcp.fin script, 1
disable-directory.aud script, 1
disable-directory.fin script, 1
disable-dmi.aud script, 1
disable-dmi.fin script, 1
disable-dtlogin.aud script, 1
disable-dtlogin.fin script, 1
disable-ipv6.aud script, 1
disable-ipv6.fin script, 1
disable-kdc.aud script, 1
disable-kdc.fin script, 1
disable-keyboard-abort.aud script, 1
disable-keyboard-abort.fin script, 1
disable-keyserv-uid-nobody.aud script, 1
disable-keyserv-uid-nobody.fin script, 1
disable-ldap-client.aud script, 1
disable-ldap-client.fin script, 1
disable-lp.aud script, 1
disable-lp.fin script, 1
disable-mipagent.aud script, 1
disable-mipagent.fin script, 1
disable-named.aud script, 1
disable-named.fin script, 1
disable-nfs-client.aud script, 1
disable-nfs-client.fin script, 1
disable-nfs-server.aud script, 1
disable-nfs-server.fin script, 1
disable-nscd-caching.aud script, 1
disable-nscd-caching.fin script, 1
disable-picld.aud script, 1
disable-picld.fin script, 1
disable-power-mgmt.aud script, 1
disable-power-mgmt.fin script, 1
disable-ppp.aud script, 1
disable-ppp.fin script, 1
disable-preserve.aud script, 1
disable-preserve.fin script, 1
disable-remote-root-login.aud script, 1
disable-remote-root-login.fin script, 1
disable-rhosts.aud script, 1
disable-rhosts.fin script, 1
disable-rlogin-rhosts.fin script
disable-rpc.aud script, 1
disable-rpc.fin script, 1
disable-samba.aud script, 1
disable-samba.fin script, 1
disable-sendmail.aud script, 1
disable-sendmail.fin script, 1
disable-slp.aud script, 1
disable-slp.fin script, 1
disable-sma.aud script, 1
disable-sma.fin script, 1
disable-snmp.aud script, 1
disable-snmp.fin script, 1
disable-spc.aud script, 1
disable-spc.fin script, 1
disable-ssh-root-login.aud script, 1
disable-ssh-root-login.fin script, 1
disable-syslogd-listen.aud script, 1
disable-syslogd-listen.fin script, 1
disable-system-accounts.aud script, 1
disable-system-accounts.fin script, 1
disable-uucp.aud script, 1
disable-uucp.fin script, 1
disable-vold.aud script, 1
disable-vold.fin script, 1
disable-wbem.aud script, 1
disable-wbem.fin script, 1
disable-xserver.listen.aud script, 1
disable-xserver.listen.fin script, 1
nscd, 1
run-control file, 1
services, 1
Sun Java System Directory server, 1
Distributed Management Task Force (DMTF)
dmispd(1M) manual page, 1
service, status, 1
startup and shutdown scripts, disabling, 1
DMTF, 1
Domain Name System (DNS), 1, 2
driver.funcs script, 1
modifying, 1
understanding, 1
using, 1
driver.runscript, 1
customizing, 1
defaults, overriding, 1
functionality, 1
implementing own functionality, 1
listing, 1
modifying copies, 1
product-specific, 1
using, 1
dtconfig(1) manual page, 1
dtlogin(1X) manual page, 1
Dynamic Host Configuration Protocol (DHCP)
dynamic variables, 1
eeprom(1M) manual page, 1
setting password, 1
empty file, creating, 1
enable-bsm.aud script, 1
enable-bsm.fin script, 1
enable-coreadm.aud script, 1
enable-coreadm.fin script, 1
enable-ftpaccess.aud script, 1
enable-ftpaccess.fin script, 1
enable-ftp-syslog.aud script, 1
enable-ftp-syslog.fin script, 1
enable-inetd-syslog.aud script, 1
enable-inetd-syslog.fin script, 1
enable-priv-nfs-ports.aud script, 1
enable-priv-nfs-ports.fin script, 1
enable-process-accounting.aud script, 1
enable-process-accounting.fin script, 1
enable-rfc1948.aud script, 1
enable-rfc1948.fin script, 1
enable-stack-protection.aud script, 1
enable-stack-protection.fin script, 1
enable-tcpwrappers.aud script, 1
enable-tcpwrappers.fin script, 1, 2
encrypted password, 1
abstracting values, 1
alphabetical list, 1
core, 1
core, checking, 1
default values, 1
overrides, 1
printing, 1
user defined, 1
user.init file, 1
environments, configuration files, 1
ERR messages, 1
logging, 1
messages, invalid value, 1
preventing, 1
exception logging, status, 1
extractComments function, 1
setting, 1
failure messages, 1
file check, 1
checking, 1
variables, 1
default, 1
enabling FTP, 1
protecting, 1
file exists, 1
file header, 1
file length/size is zero, 1, 2
file name extensions, 1
file not found messages, 1
file ownership check, 1
file permissions check, 1
backing up, 1
copying, 1
copying to client, 1
copying, selectively, 1
specifying list to copy, 1
type, checking, 1
mounting and unmounting, 1
single, 1
target, 1
adding or removing, 1
checking match on target system, 1
directory, JumpStart client, 1
installing, 1
using, modifying, and customizing, 1
file type check, 1
checking, 1
checking ownership, 1
content matching, 1
copying, 1
directory, path, 1
moving from one name to another, 1
permissions, checking, 1
recording state, 1
rules for copying, 1
specifying, 1
specifying copies to clients, 1
specifying list, 1
templates, 1, 2
finish and audit script variables, 1
adding or removing, 1
configuration variables, 1
convention for storing, 1
conventions, for developing, 1
corresponding audit scripts, 1
kill scripts, 1
listing ones to execute, 1
storing, 1
storing in alternate locations, 1
using standard, 1
defining behavior, 1
modifying, 1
purpose, 1
finish_audit function, 1
default directory path, 1
options, 1
foreign agent functionality, 1
format, printing, 1
removing redundant, 1
replacing with, 1
creating new, 1
undo operations, caution, 1
using, 1
variables, 1
changing, caution, 1
defining, 1
ftpaccess(4) manual page, 1
ftpusers file, 1
logging access attempts, 1
service banner, 1
service, status, 1
detecting in multiple releases, 1
extending, 1
files, loading, 1
common miscellaneous, 1
new, 1
overriding, 1
site specific, 1
getusershell(3C), determining valid shells, 1
global changes, 1
global environment variables, 1, 2, 3
graphical consoles, systems without, 1
group access, restricting, 1
name or numeric, 1
printing permissions, 1
root user, 1
group membership check, 1
groups, caching, 1
guest account, 1
core processing, 1
hardening.driver, 1
host files, specifying, 1
defining, 1
displaying during audits, 1
HOSTNAME variable, 1
hosts, caching, 1
hosts.allow and hosts.deny files, 1
I1 MAN network, 1
in.ftpd(1M) manual page, 1
in.rlogind(1M) manual page, 1
in.rshd(1M) manual page, 1
incoming connection requests, logging, 1
configuring to log, 1
inetd daemon, 1
inetd services, enabling, 1
service, status, 1
init(1M) manual page, 1
initialization functions, 1
initialization, driver, 1
input arguments, checking, 1
install audit scripts, 1
install finish scripts, 1
install-at-allow.aud script, 1
install-at-allow.fin script, 1
automated, determining status, 1
automating, 1
bootable CD-ROM, 1
checking packages, 1
JumpStart, debugging, 1
minimized, required link, 1
setting password, 1
install-fix-modes.aud script, 1
install-fix-modes.fin script, 1
install-ftpusers.aud script, 1
install-ftpusers.fin script, 1
install-jass.aud script, 1
install-jass.fin script, 1
install-loginlog.aud script, 1
install-loginlog.fin script, 1
install-md5.aud script, 1
install-md5.fin script, 1
install-nddconfig.aud script, 1
install-nddconfig.fin script, 1
install-newaliases.aud script, 1
install-newaliases.fin script, 1
install-openssh.aud script, 1
install-openssh.fin script, 1
installpatch commands, 1
install-recommended-patches.aud script, 1
install-recommended-patches.fin script, 1
install-sadmind-options.aud script, 1
install-sadmind-options.fin script, 1
install-security-mode.aud script, 1
install-security-mode.fin script, 1
install-shells.aud script, 1
install-shells.fin script, 1
install-strong-permissions.aud script, 1
install-strong-permissions.fin script, 1
install-sulog.aud script, 1
install-sulog.fin script, 1
install-templates.aud script, 1
install-templates.fin script, 1, 2
integrity, 1, 2
intervals between password changes, 1
invalid arguments, checking, 1
invalidVulnVal function, 1
IP forwarding, disabling, 1
IP Mobility Support, 1
IP-based management network, 1
IPv6 compatible network interfaces, disabling, 1
IPv6 host name files, status, 1
is_patch_applied function, 1
is_patch_not_applied function, 1
isNumeric function, 1
JASS manifest file, storing path names, 1
JASS_ACCT_DISABLE environment variable, 1
JASS_ACCT_REMOVE environment variable, 1
JASS_AGING_MAXWEEKS environment variable, 1
JASS_AGING_MINWEEKS environment variable, 1
JASS_AGING_WARNWEEKS environment variable, 1
JASS_AT_ALLOW environment variable, 1
JASS_AT_DENY environment variable, 1
JASS_AUDIT_DIR environment variable, 1
JASS_BANNER_DTLOGIN environment variable, 1
JASS_BANNER_FTPD environment variable, 1
JASS_BANNER_SENDMAIL environment variable, 1
JASS_BANNER_SSHD environment variable, 1
JASS_BANNER_TELNETD environment variable, 1
JASS_CHECK_MINIMIZED environment variable, 1
JASS_CONFIG_DIR environment variable, 1
JASS_CORE_PATTERN environment variable, 1
JASS_CPR_MGT_USER environment variable, 1
JASS_CRON_ALLOW environment variable, 1
JASS_CRON_DENY environment variable, 1
JASS_CRON_LOG_SIZE environment variable, 1
JASS_DISABLE_MODE environment variable, 1, 2
JASS_DISPLAY_HOSTNAME environment variable, 1, 2
JASS_DISPLAY_SCRIPTNAME environment variable, 1, 2
JASS_DISPLAY_TIMESTAMP environment variable, 1, 2
JASS_FILES environment variable, 1, 2
JASS_FILES_DIR environment variable, 1
JASS_FINISH_DIR environment variable, 1
JASS_FIXMODES_DIR environment variable, 1
JASS_FIXMODES_OPTIONS environment variable, 1
JASS_FTPD_UMASK environment variable, 1
JASS_FTPUSERS environment variable, 1
JASS_HOME_DIR environment variable, 1, 2
JASS_HOSTNAME environment variable, 1, 2
JASS_KILL_SCRIPT_DISABLE environment variable, 1
JASS_LOG_BANNER environment variable, 1, 2
JASS_LOG_ERROR environment variable, 1, 2
JASS_LOG_FAILURE environment variable, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14
JASS_LOG_NOTICE environment variable, 1, 2, 3, 4
JASS_LOG_SUCCESS environment variable, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13
JASS_LOG_WARNING environment variable, 1, 2
JASS_LOGIN_RETRIES environment variable, 1
JASS_MD5_DIR environment variable, 1
JASS_MODE environment variable, 1
JASS_NOVICE_USER environment variable, 1
JASS_OS_REVISION environment variable, 1
JASS_OS_TYPE environment variable, 1
JASS_PACKAGE_DIR environment variable, 1
JASS_PACKAGE_MOUNT environment variable, 1
JASS_PASS_LENGTH environment variable, 1
JASS_PASSWD environment variable, 1
JASS_PATCH_DIR environment variable, 1
JASS_PATCH_MOUNT environment variable, 1
JASS_PKG environment variable, 1
JASS_POWER_MGT_USER environment variable, 1
JASS_REC_PATCH_OPTIONS environment variable, 1
JASS_REPOSITORY environment variable, 1, 2, 3, 4, 5
JASS_RHOSTS_FILE environment variable, 1
JASS_ROOT_DIR environment variable, 1, 2
JASS_ROOT_GROUP environment variable, 1
JASS_ROOT_PASSWORD environment variable, 1
JASS_RUN_AUDIT_LOG environment variable, 1
JASS_RUN_CHECKSUM environment variable, 1
JASS_RUN_FINISH_LIST environment variable, 1
JASS_RUN_INSTALL_LOG environment variable, 1
JASS_RUN_MANIFEST environment variable, 1
JASS_RUN_SCRIPT_LIST environment variable, 1
JASS_RUN_UNDO_LOG environment variable, 1, 2
JASS_RUN_VERSION environment variable, 1
JASS_SADMIND_OPTIONS environment variable, 1
JASS_SAVE_BACKUP environment variable, 1
JASS_SCRIPTS environment variable, 1, 2
JASS_SENDMAIL_MODE environment variable, 1
JASS_SGID_FILE environment variable, 1
JASS_SHELLS environment variable, 1
JASS_STANDALONE environment variable, 1
JASS_SUFFIX environment variable, 1
JASS_SUID_FILE environment variable, 1
JASS_SUSPEND_PERMS environment variable, 1
JASS_SVCS_DISABLE environment variable, 1
JASS_SVCS_ENABLE environment variable, 1
JASS_TIMESTAMP environment variable, 1
JASS_TMPFS_SIZE environment variable, 1
JASS_UMASK environment variable, 1, 2
JASS_UNAME environment variable, 1
JASS_UNOWNED_FILE environment variable, 1
JASS_USER_DIR environment variable, 1
JASS_VERBOSITY environment variable, 1
JASS_VERSION environment variable, 1
JASS_WRITABLE_FILE environment variable, 1
JASS_STANDALONE variable defaults to 1, 1
log output (-o) option, 1
set JASS_HOME_DIR variable in stand-alone mode, 1
set JASS_MODE variable in stand-alone mode, 1
set JASS_ROOT_DIR variable, 1
verbosity (-V) option, 1
file templates directory, 1
files, 1
mounting directories, 1
moving, 1
startup scripts, 1
bootable CD-ROM, 1
debugging, 1
specifying, 1
kbd(1) manual page, 1
kdc.conf(4) manual page, 1
Kerberos Key Distribution Center (KDC)
preventing from starting, 1
service, status, 1
word value pair, 1
keyboard abort sequences, status, 1
command, 1
keyserv(1M) manual page, 1
service, status, 1
disabling, 1
enabling, 1
script name prefix K, 1
krb5kdc(1M) manual page, 1
See Lightweight Directory Access Protocol (LDAP)
legal banners, installing, 1
lights-out data center environment, Solaris BSM, 1
Lightweight Directory Access Protocol (LDAP)
client daemons, disabling, 1
client service, status, 1
ldap_cachemgr(1M) manual page, 1
ldapclient(1M) manual page, 1
LIMIT parameter, 1
access, removing, 1
user access, 1
localize changes, 1
lockd(1M) manual page, 1
log analysis, 1
log directory, 1
standard, 1
displaying to users, 1
log server, 1, 2
logDebug function, 1
logFileContentsExist function, 1
logFileContentsNotExist function, 1
logFileExists function, 1
logFileGroupMatch function, 1
logFileGroupNoMatch function, 1
logFileModeMatch function, 1
logFileModeNoMatch function, 1
logFileNotExists function, 1
logFileNotFound function, 1
logFileOwnerMatch function, 1
logFileOwnerNoMatch function, 1
logFileTypeMatch function, 1
logFileTypeNoMatch function, 1
logFinding function, 1
logFormattedMessage function, 1
functions, 1
incoming connection requests, 1
performing additional, 1
stack execution attempts, 1
threshold, reducing, 1
verbosity, 1
failed, 1, 2
limiting, 1
login(1) manual page, 1
login(1M) manual page, 1
loginlog(4) manual page, 1
logInvalidDisableMode function, 1
logInvalidOSRevision function, 1
logMessage function, 1
logPackageExists function, 1
logPackageNotExists function, 1
logPatchExists function, 1
logPatchNotExists function, 1
logProcessArgsMatch function, 1
logProcessArgsNoMatch function, 1
logProcessExists function, 1
logProcessNotExists function, 1
logProcessNotFound function, 1
logServiceConfigExists function, 1
logServiceConfigNotExists function, 1
logStartScriptExists function, 1
logStartScriptNotExists function, 1
logStopScriptExists function, 1
logStopScriptNotExists function, 1
loopback interface, listening, 1
automatically adding, 1
manually inserting, 1
defining path, 1
directory, 1
manually inserting entries into manifest, 1
maximum number of failed logins, setting, 1
maximum size, cron log file, 1
default directory path, 1
memory exhaustion, preventing, 1
memory-resident, 1
messages, displaying for users, 1
mibiisa(1M) manual page, 1
migration issues, minimizing, 1
minimized installations, required link, 1
minimized platform, checking packages, 1
minimum password length, 1
See Mobile Internet Protocol (MIP)
mirror directory, 1
mkdir_dashp function, 1
Mobile Internet Protocol (MIP)
mipagent(1M) manual page, 1
preventing agents from starting, 1
service, status, 1
audit scripts, 1
drivers, 1
finish scripts, 1
framework functions, 1
implementing, finish script, 1
specifying, 1
mount removable media, 1
mount_filesystems function, 1
mount_filesystems routine, 1
mount_tmpfs(1M) manual page, 1
mountall command, 1
mountd(1M) manual page, 1
mounted filesystem, permissions, 1, 2
move_a_file function, 1
moving a file from one name to another, 1
multiple runs, processing, 1
multiple systems, processing runs, 1
mv command, 1
databases, 1
requests, 1
Name Service Cache Daemon (NSCD)
disabling caching, 1
providing caching, 1
viewing nscd configuration, 1
nddconfig file, 1
network settings, implementing, 1, 2
new directory, creating, 1
new functions, 1
newaliases symbolic link, 1
automount service, 1
client service, status, 1
client startup scripts, disabling, 1, 2
defined, 1
disabling automount, 1
path, 1
requests, restricting, 1
server service, status, 1
server startup scripts, disabling, 1
service, status, 1
nfsd(1M) manual page, 1
nmbd(1M) manual page, 1
nobody UID access, 1
non-privileged user access, implementing passwords, 1
NOTE messages, 1
reducing, 1
notrouter file, 1
See Name Service Cache Daemon (NSCD)
nuucp system account entries, removing, 1
objects, listing, 1
monitor or debugger, 1
security mode, displaying status, 1
OpenBSD version, installing, 1
release files, specifying, 1
revision, checking, 1
specific file and script, 1
type, determining, 1
variable, 1
version independent, 1
version, specifying for clients, 1
outgoing email, 1
audit runs, storing, 1
defining locations for, 1
tags, 1
overriding functions, 1
-p option, 1
package check, 1
modifying configuration to disable rhosts, 1
pam.conf(1M) manual page, 1
aging, 1
aging, maximum value, 1
aging, minimum value, 1
caching, 1
changes, minimal intervals between, 1
configuring policy, 1
expiration, warning, 1
file, specifying location, 1
passwd, group, host, or ipnodes services, status, 1
requirements, implementing strict, 1
root, setting, 1
specifying minimum length, 1
patch 110386, 1
patchadd(1M) manual page, 1
checking numbers, 1
patchadd commands, 1
path names, formatting, 1
boosting, 1
impacting, 1
checking, 1
creating file with, 1
inconsistency, 1
ownership, 1
restricting, 1
disabling service, 1
picld(1M) manual page, 1
service, status, 1
pkgrm command, removing SUNWjass package, 1
Platform Information and Control Library (PICL)
Pluggable Authentication Module (PAM)
pmconfig(1M) manual page, 1
Point-to-Point links, 1
pppd(1M) manual page, 1
pppoed(1M) manual page, 1
transmitting multi-protocol datagrams, 1
policy, variables, 1
abstracting actual values, 1
disabling, 1
permitting access, 1
restricting access, 1
status, 1
power.conf(4) manual page, 1
powerd(1M) manual page, 1
See Point-to-Point Protocol (PPP)
precedence, matching files, 1, 2
preserve functionality, status, 1
audit scripts, 1
disabling sharing, 1
environment variables, 1
finish scripts, 1
format, 1
print-jass-environment.aud script, 1
print-jass-environment.fin script, 1
print-jumpstart-environment.aud script, 1
print-jumpstart-environment.fin script, 1
printPretty function, 1
printPrettyPath function, 1
print-rhosts.fin script, 1
print-sgid-files.aud script, 1
print-sgid-files.fin script, 1
print-suid-files.aud script, 1
print-suid-files.fin script, 1
print-unowned-objects.aud script, 1
print-unowned-objects.fin script, 1
print-world-writable-objects.aud script, 1
print-world-writable-objects.fin script, 1
privileged ports, NFS requests, 1
accounting software, status, 1
checking, 1
checks, 1
flow of driver.run script, 1
running, 1
product-specific drivers, 1
variables, 1
PROM prompt, 1
auditing, 1
used by drivers, 1
queue processing mode, sendmail, 1
r* services, disabling, 1
RBAC, 1
Recommended and Security Patch Clusters
extracting, 1
reconfiguring system, preventing, 1
recursively copying files, 1
reinitializing systems, 1
reinstalling systems, preventing, 1
related resources, 1
relative root directory, 1
relocated root directory, 1
remote access, denying, 1
remove-unneeded-accounts.fin script, 1
audit scripts, 1
drivers, 1
finish scripts, 1
framework functions, 1
Solaris OS packages, 1
reporting functions, 1
resume functionality, restricting, 1
RETRIES variable, 1
1331, 1
2002, 1
2165, 1
2608, 1
rhosts and hosts.equiv functionality, status, 1
rhosts authentication, disabling, 1
rm_pkg function, 1
rmmount.conf(1M) manual page, 1
Role-Based Access Control (RBAC)
account, 1, 2
directory, defining, 1
directory, detecting location, 1
directory, 1, 2
file system, path, 1
FTP access, 1
logins, disallowing, 1
partition, deleting, 1
password, 1
user, remote access, status, 1
defined, 1
port mapper, 1
rpcbind(1M) manual page, 1
secure access, disabling, 1
service, status, 1
run information, storing, 1
file, disabling, 1
scripts, 1
scripts, disabling, 1
start script exists, determining, 1, 2
stop script exists, determining, 1, 2
running processes, checking, 1
processing multiple systems, 1
storing list of scripts, 1
version information, path, 1
configurations, 1
process arguments, checking, 1
setting, 1
S00set-tmp-permissions file, 1
s15k-exclude-domains.aud script, 1
s15k-exclude-domains.fin script, 1
s15k-sms-secure-failover.aud script, 1
s15k-sms-secure-failover.fin script, 1
s15k-static-arp.aud script, 1
s15k-static-arp.fin script, 1
S70nddconfig file, 1
S73sms_arpconfig file, 1
daemon, specifying options, 1
daemon, adding options, 1
sadmind(1M) manual page, 1
safe file creation mask, 1
file, disabling service, 1
service, status, 1
score, adjusting, 1
script behavior variables, 1
script method, 1
script names, displaying during audits, 1
audit, 1
default, 1
disable audit scripts, listing, 1
disable finish scripts, listing, 1
enable audit scripts, 1
enable finish scripts, listing, 1, 2
finish, 1
install audit scripts, listing, 1
install finish scripts, listing, 1
output, 1
print audit scripts, listing, 1
print finish scripts, listing, 1
processing flow, 1
remove finish script, 1
running, 1
separating security and configuration, 1
set audit scripts, listing, 1
set finish scripts, listing, 1
update audit scripts, listing, 1
update finish scripts, listing, 1
secure.driver, 1
security modifications, validating, 1
auditing, 1
auditing, 1
nested or hierarchical, 1
security-specific scripts, 1
configuration file, 1
daemon startup, disabling, 1
daemon, specifying options, 1
executing hourly, 1
file, 1
sendmail(1M) manual page, 1
service banner, 1
service, status, 1
serial links, accessing systems, 1
serial point-to-point links, 1
server-secure.driver, 1
Secure Shell, 1
Sendmail, 1
setting, 1
Telnet, 1
service configuration files, disabling, 1
Service Location Protocol (SLP)
defaults, 1
disabling, 1
disabling, caution, 1
enabling, 1
preventing Solaris Security Toolkit from disabling, 1
removing, 1
audit scripts, 1
finish scripts, 1
group ID permissions, printing, 1
Set-UID binaries and files, 1
set-user-id files, 1
user ID permissions, file listing, 1
user ID permissions, printing, 1
set-banner-dtlogin.aud script, 1
set-banner-dtlogin.fin script, 1
set-banner-ftpd.aud script, 1
set-banner-ftpd.fin script, 1
set-banner-sendmail.aud script, 1
set-banner-sendmail.fin script, 1
set-banner-sshd.aud script, 1
set-banner-sshd.fin script, 1
set-banner-telnet.aud script, 1
set-banner-telnet.fin script, 1
set-ftpd-umask.aud script, 1
set-ftpd-umask.fin script, 1
set-group-id files, 1
set-login-retries.aud script, 1
set-login-retries.fin script, 1
set-power-restrictions.aud script, 1
set-power-restrictions.fin script, 1
set-rmmount-nosuid.aud script, 1
set-rmmount-nosuid.fin script, 1
set-root-group.aud script, 1
set-root-group.fin script, 1
set-root-password.aud script, 1
set-root-password.fin script, 1
set-sys-suspend-restrictions.aud script, 1
set-sys-suspend-restrictions.fin script, 1
set-system-umask.aud script, 1
set-system-umask.fin script, 1
set-temp-permissions file, 1
set-term-type.aud script, 1
set-term-type.fin script, 1
set-tmpfs-limit.aud script, 1
set-tmpfs-limit.fin script, 1
set-user-password-reqs.aud script, 1
set-user-password-reqs.fin script, 1
set-user-umask.aud script, 1
set-user-umask.fin script, 1
shadow password file, 1
adding, 1
determining validity, 1
shells(4) manual page, 1
shutdown scripts, disabling, 1
signal, sending, 1
Simple Network Management Protocol (SNMP)
single file system, 1
single line separators, 1
site-specific functions, 1
prevents from starting, 1
service, status, 1
slpd(1M) manual page, 1
prevent from starting, 1
service, status, 1
smb.conf(4) manual page, 1
smbd(1M) manual page, 1
See Solaris Management Console (SMC)
sms_arpconfig file, 1
sms_domain_arp file, 1
sms_sc_arp file, 1
daemons, 1
prevent from starting, 1
service, status, 1
snmpdx(1M) manual page, 1
snmpXdmid(1M) manual page, 1
checking installation, 1
default location, 1
determining if installed, 1
storing, 1
checking installation, 1
default named resource or location, 1
storing, 1
software upgrade or removal, keeping custom changes, 1
software version, 1
Solaris Basic Security Module (BSM), 1, 2, 3
auditing, status, 1
bsmconv(1M) manual page, 1
Solaris Management Console (SMC), 1, 2
auditing subsystem, configuration files, 1, 2
entries, disabling defaults, 1
invalid version, 1
package name, defining, 1
process accounting, 1
Recommended and Security Patch Cluster, options, 1
upgrade or removal, 1
directory name, 1
link name, 1
tree, location, 1
service, status, 1
startup scripts, 1
spoofing attacks, 1
configuration, automating, 1
configuring, 1
connections, 1
service banner, 1
service, status, 1
sshd_config(4) manual page, 1
sssh_config(4) manual page, 1
denying execution attempts, 1
logging execution, 1
protection, 1
protection, status, 1
specifying, 1
standard audit scripts, 1
start and kill scripts, 1
start run-control scripts, 1
start_audit function, 1
startup scripts, 1
statd(1M) manual page, 1
static ARP addresses, 1
static variables, 1
stopping services manually started, 1
stream formatted package, 1
strip_path function, 1
strong authentication, enabling, 1
substitution policy, 1
subsystems, scripts, 1
success messages, 1
suffixes, appending, 1
node, configuring, 1
system controllers, 1
Directory server, disabling, 1
Directory service, status, 1
Sun products, hardening drivers, 1
suncluster3x-secure.driver, 1
suncluster3x-set-nsswitch-conf.aud script, 1
suncluster3x-set-nsswitch-conf.fin script, 1
sunfire_15k_sc-secure.driver, 1
adding, example, 1
default installation location, 1
default package name variable, 1
determining if installed on system, 1
removing, 1
SUNWnisu package, 1
su attempts, logging, 1
sulog(4) manual page, 1
suspend and resume functionality
permitting, 1
restricting, 1
restricting access, 1
suspended system, preventing, 1
symbolic link, copying, 1
daemon, preventing SYSLOG messages, 1
SYSLOG service, status, 1
sys-suspend(1M) manual page, 1
accounts, adding, 1
accounts, disabling, 1
library calls, 1
modifications, 1
noncompliant, 1
sys-unconfig(1M) program, 1
file system, 1
host name, 1
OS revision, 1
/IP connectivity, disabling, 1
sequence number generation, 1
service, 1
TCP_STRONG_ISS=2 setting, 1
wrappers, configuring system to use, 1
wrappers, enabling, 1
wrappers, status, 1
Telnet service banner, 1
terminal console, accessing systems, 1
terminal type default, 1
creating unique value, 1
displaying during audits, 1
use as JASS_SUFFIX variable, 1
total score, audit runs, 1
touch command, 1
transient mount-point, 1
Transmission Control Protocol (TCP)
transmission of multi-protocol datagrams, 1
system, 1
variables, 1
U.S. government recommendations, profiles, 1
used by FTP service, 1
uname -n command, 1
uname -r command, 1
permission script changes omitted, 1
unavailable, 1
X manifest option, 1
unique timestamp value, 1
unique-per-connection ID sequence number, 1
unmount requests, 1
unmounting filesystems, 1
unowned files, finding, 1
update audit scripts, 1
update finish scripts, 1
update-at-deny.aud script, 1
update-at-deny.fin script, 1
update-cron-allow.aud script, 1
update-cron-allow.fin script, 1
update-cron-deny.aud script, 1
update-cron-deny.fin script, 1
update-cron-log-size.aud script, 1
update-cron-log-size.fin script, 1
update-inetd-conf.aud script, 1
update-inetd-conf.fin script, 1
updates, installation, 1
restricting, 1
restricting power management functions, 1
adding or checking, 1
at and batch facilities access, 1
cron facility access, 1
FTP service access, 1
listing, 1
removing, 1
preventing daemon from listening on, 1
user ID permissions, printing, 1
user startup files, 1
adding new environment variables, 1, 2
adding or modifying environment variables, 1
customizing to define and assign environment variables, 1
default values, 1
defining JumpStart mode variables, 1
disabling information for novices, 1
disabling services, 1
loading, 1
overriding default audit script variables, 1
overriding default finish script variables, 1
preventing kill scripts from being disabled, 1
specifying location of, 1
tuning script behavior variables, 1
adding user-defined variables, 1
copying to user.init, 1
preventing creation of backup copies, 1
user-defined variables, 1
uucico(1M) manual page, 1
service, status, 1
startup script, disabling, 1
uucp crontab entries, removing, 1
uucp(1C) manual page, 1
assignment, 1
complex substitution, 1
developing, 1
dynamic, 1
framework, 1
global, 1
profile based, 1
static, 1
user, 1
value undefined, setting, 1
defining, 1
information, 1
prevents from starting, 1
service, status, 1
vold(1M) manual page, 1
Volume Management Daemon (VOLD)
log warnings, 1
logging, 1
reducing, 1
WBEM, 1
prevents from starting, 1
service, status, 1
wbem(5) manual page, 1
Web-Based Enterprise Management (WBEM)
files, finding, 1
objects, listing, 1
X manifest option, usage caution, 1
X server, 1
X11 server, status, 1
Xaccess file, 1
Xserver(1) manual page, 1
| Solaris Security Toolkit 4.2 Reference Manual | 819-1503-10 | |
Copyright © 2005, Sun Microsystems, Inc. All Rights Reserved.