実行プロファイル内のコマンド
次の表には、実行プロファイル内に含まれている各コマンドと、各コマンドが割り当てられている実行プロファイル(複数も可)を示します。1 つのコマンドが複数の実行プロファイルに割り当てられている場合、そのコマンドは表中で複数回示されています。また、この表には、各コマンドのフルパス名と、それに割り当てられているセキュリティ属性(最下位機密ラベル、最上位機密ラベル、setUID 値、setGID 値、特権)も示されています。
表 A-3 コマンド (A) と関連する実行プロファイル|
コマンド |
プロファイル |
パス |
セキュリティ属性 |
|---|---|---|---|
| accept | Printer Security | /usr/sbin/accept | sys_devices |
| accept | System Management | /usr/sbin/accept | sys_devices |
| accept | System Security | /usr/sbin/accept | sys_devices |
| acfg_check | SSP Administration | /opt/SUNWssp/bin/acfg_check | すべての特権 |
| acfg_update_db | SSP Administration | /opt/SUNWssp/bin/acfg_update_db | すべての特権 |
| actioncb | SSP Administration | /opt/SUNWssp/bin/actioncb | すべての特権 |
| actionsysclock | SSP Administration | /opt/SUNWssp/bin/actionsysclock | すべての特権 |
| adb | Maintenance and Repair | /usr/bin/adb | |
| add_allocatable | Device Security | /usr/sbin/add_allocatable | file_chown, file_dac_write, file_downgrade_sl, file_mac_read, file_mac_write, file_setdac, sys_trans_label |
| add_drv | Software Installation | /usr/sbin/add_drv | euid = 0, egid = 3, max SL = ADMIN_LOW, file_dac_read, file_dac_write, file_mac_read, file_mac_write, sys_devices |
| add_drv | System Security | /usr/sbin/add_drv | |
| adminvi | Basic Commands | /usr/bin/adminvi | |
| adminvi | System Management | /usr/bin/adminvi | |
| adminvi | System Security | /usr/bin/adminvi | |
|
allocate |
Device Management |
/usr/sbin/allocate |
file_chown, file_dac_read, file_dac_search, file_dac_write, file_downgrade_sl, file_mac_read, file_mac_search, file_owner, file_setdac, sys_audit, sys_devices, sys_mount |
|
allocate |
System Management |
/usr/sbin/allocate |
file_chown, file_setdac |
|
allocate |
System Security |
/usr/sbin/allocate |
file_chown, file_setdac |
|
ap |
Host Alternate Pathing |
/etc/init.d/ap |
euid = 0, egid = 1, すべての特権 |
| ap_daemon | Host Alternate Pathing | /usr/sbin/ap_daemon |
euid = 0, egid = 1, すべての特権 |
| ap_daemon | inetd | /usr/sbin/ap_daemon |
euid = 0, egid = 1, file_chown, file_mac_read, file_mac_search, file_mac_write, file_owner, net_mac_read, net_privaddr, net_reply_equal, proc_dumpcore, proc_tranquil, sys_devices, sys_net_config |
|
ap_dbupgrade |
Host Alternate Pathing |
/sbin/ap_dbupgrade |
euid = 0, egid = 1, file_chown, file_mac_read, file_mac_search, file_mac_write, file_owner, net_mac_read, net_privaddr, net_reply_equal, proc_dumpcore, proc_tranquil, sys_devices |
| ap_reboot_host | SSP Administration | /opt/SUNWssp/bin/ap_reboot_host | すべての特権 |
| ap_ssp_daemon | SSP Administration | /opt/SUNWssp/bin/ap_ssp_daemon | euid = 0, egid = 1, すべての特権 |
| ap_startup.sh | SSP Installation | /etc/opt/SUNWssp/ap_startup.sh | すべての特権 |
| ap_ssp_daemon | SSP Installation | /opt/SUNWssp/bin/sp_ssp_daemon | すべての特権 |
| ap_startup.sh | SSP Installation | /etc/opt/SUNWssp/ap_startup.sh | すべての特権 |
|
apboot |
Host Alternate Pathing |
/sbin/apboot |
euid = 0, egid = 1, すべての特権 |
|
apboot |
Host Alternate Pathing |
/usr/sbin/apboot |
euid = 0, egid = 1, すべての特権 |
|
apcheck |
Host Alternate Pathing |
/sbin/apcheck |
euid = 0, egid = 1, file_chown, file_mac_read, file_mac_search, file_mac_write, file_owner, net_mac_read, net_privaddr, net_reply_equal, proc_dumpcore, proc_tranquil, sys_devices |
|
apconfig |
Host Alternate Pathing |
/sbin/apconfig |
euid = 0, egid = 1, file_chown, file_mac_read, file_mac_search, file_mac_write, file_owner, net_mac_read, net_privaddr, net_reply_equal, proc_dumpcore, proc_tranquil, sys_devices |
|
apconfig |
Host Alternate Pathing |
/usr/sbin/apconfig |
euid = 0, egid = 1, file_chown, file_mac_read, file_mac_search, file_mac_write, file_owner, net_mac_read, net_privaddr, net_reply_equal, proc_dumpcore, proc_tranquil, sys_devices |
|
apdb |
Host Alternate Pathing |
/sbin/apdb |
euid = 0, egid = 1, file_chown, file_mac_read, file_mac_search, file_mac_write, file_owner, net_mac_read, net_privaddr, net_reply_equal, proc_dumpcore, proc_tranquil, sys_devices |
|
apdb |
Host Alternate Pathing |
/usr/sbin/apdb |
euid = 0, egid = 1, file_chown, file_mac_read, file_mac_search, file_mac_write, file_owner, net_mac_read, net_privaddr, net_reply_equal, proc_dumpcore, proc_tranquil, sys_devices |
|
apdisk |
Host Alternate Pathing |
/sbin/apdisk |
euid = 0, egid = 1, file_chown, file_mac_read, file_mac_search, file_mac_write, file_owner, net_mac_read, net_privaddr, net_reply_equal, proc_dumpcore, proc_tranquil, sys_devices |
|
apdisk |
Host Alternate Pathing |
/usr/sbin/apdisk |
euid = 0, egid = 1, file_chown, file_mac_read, file_mac_search, file_mac_write, file_owner, net_mac_read, net_privaddr, net_reply_equal, proc_dumpcore, proc_tranquil, sys_devices |
|
apinst |
Host Alternate Pathing |
/sbin/apinst |
euid = 0, egid = 1, file_chown, file_mac_read, file_mac_search, file_mac_write, file_owner, net_mac_read, net_privaddr, net_reply_equal, proc_dumpcore, proc_tranquil, sys_devices |
|
apinst |
Host Alternate Pathing |
/usr/sbin/apinst |
euid = 0, egid = 1, file_chown, file_mac_read, file_mac_search, file_mac_write, file_owner, net_mac_read, net_privaddr, net_reply_equal, proc_dumpcore, proc_tranquil, sys_devices |
|
apnet |
Host Alternate Pathing |
/sbin/apnet |
euid = 0, egid = 1, file_chown, file_mac_read, file_mac_search, file_mac_write, file_owner, net_mac_read, net_privaddr, net_reply_equal, proc_dumpcore, proc_tranquil, sys_devices |
|
apnet |
Host Alternate Pathing |
/usr/sbin/apnet |
euid = 0, egid = 1, file_chown, file_mac_read, file_mac_search, file_mac_write, file_owner, net_mac_read, net_privaddr, net_reply_equal, proc_dumpcore, proc_tranquil, sys_devices |
| apssp | SSP Administration | /opt/SUNWssp/bin/apssp | すべての特権 |
| Arbstopact | SSP Administration | /opt/SUNWssp/bin/Arbstopact | すべての特権 |
|
asppp |
Network Management |
/etc/init.d/asppp |
euid = 0, egid = 3 |
|
atohexlabel |
Object Label Management |
/usr/sbin/atohexlabel | |
|
audit |
Audit Control |
/etc/init.d/audit |
euid = 0, egid = 3 |
|
audit |
Audit Control |
/usr/sbin/audit |
euid = 0, min SL = ADMIN_HIGH, file_mac_read, proc_audit_tcb, proc_mac_write, sys_audit |
|
auditconfig |
Audit Control |
/usr/sbin/auditconfig |
euid = 0, max SL = ADMIN_LOW, sys_audit |
|
auditd |
Audit Control |
/usr/sbin/auditd |
euid = 0, file_mac_write, proc_setclr, proc_setsl, sys_audit |
|
auditd |
boot |
/usr/sbin/auditd |
file_mac_write, proc_setclr, proc_setsl, sys_audit |
|
auditreduce |
Audit Review |
/usr/sbin/auditreduce |
euid = 0, min SL = ADMIN_HIGH, file_dac_read, sys_audit |
| auditstat | Audit Control | /usr/sbin/auditstat | euid = 0, sys_audit |
| autoconfig | SSP Administration | /opt/SUNWssp/bin/autoconfig | すべての特権 |
| autofs | File System Management | /etc/init.d/autofs | euid = 0, egid = 3 |
| automount | File System Management | /usr/lib/fs/autofs/automount |
file_dac_read, file_dac_write, file_mac_read, file_mac_write, sys_mount |
| automount | System Management | /usr/lib/fs/autofs/automount |
euid = 0, egid = 0, file_dac_read, file_dac_write, file_mac_read, file_mac_write, sys_mount |
| automount | boot | /usr/lib/fs/autofs/automount |
euid = 0, egid = 0, file_dac_read, file_dac_write, file_mac_read, file_mac_write, sys_mount |
| automountd | File System Management | /usr/lib/autofs/automountd |
file_dac_execute, file_dac_read, file_dac_search, file_dac_write, file_mac_read, file_mac_search, file_mac_write, file_owner, file_upgrade_sl, net_mac_read, net_privaddr, net_upgrade_sl, proc_audit_tcb, proc_setsl, sys_mount, sys_trans_label |
| automountd | System Management | /usr/lib/autofs/automountd | euid = 0, egid = 0, file_mac_read, file_mac_write, file_upgrade_sl, net_mac_read, net_privaddr, net_upgrade_sl, proc_audit_tcb, proc_setsl, sys_mount, sys_trans_label |
| automountd | boot | /usr/lib/autofs/automountd | euid = 0, egid = 0, file_dac_execute, file_dac_read, file_dac_search, file_dac_write, file_mac_read, file_mac_search, file_mac_write, file_owner, file_upgrade_sl, net_mac_read, net_privaddr, net_upgrade_sl, proc_audit_tcb, proc_setsl, sys_mount, sys_trans_label |
| autopush | System Security | /usr/sbin/autopush | |
| awk | Audit Review | /usr/bin/awk | euid = 0, min SL = ADMIN_HIGH |
| awk | Basic Commands | /usr/bin/awk |
表 A-4 コマンド (B-C) と関連する実行プロファイル
|
コマンド |
プロファイル |
パス |
セキュリティ属性 |
|---|---|---|---|
| base_domain_client | SSP Administration | /opt/SUNWssp/bin/base_domain_client | すべての特権 |
| bist_test | SSP Administration | /opt/SUNWssp/bin/bist_test | すべての特権 |
| board_id | SSP Administration | /opt/SUNWssp/bin/board_id | すべての特権 |
| bringup | SSP Administration | /opt/SUNWssp/bin/bringup | すべての特権 |
| buildconstants | SSP Administration | /opt/SUNWssp/bin/buildconstants | すべての特権 |
| buildmnttab | File System Management | /etc/init.d/buildmnttab | euid = 0, egid = 3 |
| BulkPowerFailact | SSP Administration | /opt/SUNWssp/bin/BulkPowerFailact | すべての特権 |
| BulkPowerNormact | SSP Administration | /opt/SUNWssp/bin/BulkPowerNormact | すべての特権 |
| buttons_n_dials-setup | Device Security | /etc/init.d/buttons_n_dials-setup | euid = 0, egid = 3 |
| cancel | Printer Security | /usr/bin/cancel | euid = 71, file_dac_write, file_mac_read, file_mac_write |
| cancel | System Management | /usr/bin/cancel | euid = 71, file_mac_read, file_mac_write |
| cat | Audit Review | /usr/bin/cat | euid = 0, min SL = ADMIN_HIGH |
| cat | Basic Commands | /usr/bin/cat | |
| catman | Software Installation | /usr/bin/catman | euid = 0 |
| cb_prom | SSP Administration | /opt/SUNWssp/bin/cb_prom | すべての特権 |
| cb_reset | SSP Administration | /opt/SUNWssp/bin/cb_reset | すべての特権 |
| cbs | SSP Administration | /opt/SUNWssp/bin/cbs | すべての特権 |
| cd | Basic Commands | /usr/bin/cd | |
| chain_test | SSP Administration | /opt/SUNWssp/bin/chain_test | すべての特権 |
| chain_test_cb | SSP Administration | /opt/SUNWssp/bin/chain_test_cb | すべての特権 |
| chain_test_cp | SSP Administration |
/opt/SUNWssp/bin/ Temp911actchain_test_cp | すべての特権 |
| chain_test_sb | SSP Administration | /opt/SUNWssp/bin/chain_test_sb | すべての特権 |
| check_host | SSP Administration | /opt/SUNWssp/bin/check_host | すべての特権 |
| chgrp | Object Access Management | /usr/bin/chgrp | file_chown, file_dac_read, file_dac_search, file_mac_read, file_mac_search, file_owner, file_setdac, file_setid |
| chip_test_cp | SSP Administration | /opt/SUNWssp/bin/chip_test_cp | すべての特権 |
| chip_test_sb | SSP Administration | /opt/SUNWssp/bin/chip_test_sb | すべての特権 |
| chk_encodings | Object Label Management | /usr/sbin/chk_encodings | |
| chkey | NIS+ Security Administration | /usr/bin/chkey | |
| chmod | Basic Commands | /usr/bin/chmod | |
| chmod | Object Access Management | /usr/bin/chmod | file_dac_read, file_dac_search, file_mac_read, file_mac_search, file_setdac, file_setid |
| chown | Object Access Management | /usr/bin/chown | file_chown, file_dac_read, file_dac_search, file_mac_read, file_mac_search, file_owner |
| clear | Basic Commands | /usr/bin/clear | |
| clri | File System Management | /usr/sbin/clri | |
| cmp | Basic Commands | /usr/bin/cmp | |
| col | Basic Commands | /usr/bin/col | |
| compress | Basic Commands | /usr/bin/compress | |
| config | Device Security | /etc/init.d/rtvc-config | euid = 0, egid = 3 |
| cp | Basic Commands | /usr/bin/cp | |
| cp | cron | /usr/bin/cp | file_mac_write |
| cpio | Media Restore | /usr/bin/cpio | |
| crash | Maintenance and Repair | /usr/sbin/crash | |
| cron | Cron Management | /etc/init.d/cron | euid = 0, egid = 3 |
| cron | Process Management | /etc/init.d/cron | euid = 0, egid = 3 |
| cron | boot | /usr/sbin/cron | euid = 0, file_dac_read, file_mac_write, file_owner, net_mac_read, proc_audit_tcb, proc_setclr, proc_setid, proc_setsl, sys_audit |
| crontab | Basic Commands | /usr/bin/crontab | |
| crontab | Cron Management | /usr/bin/crontab | |
| crontab | Cron Security | /usr/bin/crontab | |
| crontab | Process Management | /usr/bin/crontab | |
| csh | Privileged Shells | /usr/bin/csh | すべての特権 |
| cvc | Host System Management | /etc/init.d/cvc |
euid = 0, egid = 0, net_mac_read, net_privaddr, net_reply_equal, proc_dumpcore, proc_owner, sys_console |
| cvcd | boot |
/platform/SUNW,Ultra-Enterprise-10000/ lib/cvcd | euid = 0, egid = 0 |
| cut | Basic Commands | /usr/bin/cut |
表 A-5 コマンド (D-E) と関連する実行プロファイル
|
コマンド |
プロファイル |
パス |
セキュリティ属性 |
|---|---|---|---|
| date | Maintenance and Repair | /usr/bin/date | sys_config |
| date | System Management | /usr/bin/date | sys_config |
| dbmgr | Mail Management | /opt/SUNWadm/2.3/bin/dbmgr | file_chown, file_dac_write, proc_audit_tcb, sys_trans_label |
| dbmgr | Network Management | /opt/SUNWadm/2.3/bin/dbmgr | file_chown, file_dac_write, proc_audit_tcb, sys_trans_label |
| dbmgr | Network Security | /opt/SUNWadm/2.3/bin/dbmgr | max SL = ADMIN_LOW, file_chown, file_dac_write, proc_audit_tcb, sys_trans_label |
| dbmgr | System Management | /opt/SUNWadm/2.3/bin/dbmgr | file_chown, file_dac_write, sys_trans_label |
| dbmgr | System Security | /opt/SUNWadm/2.3/bin/dbmgr | すべての特権 |
| dbmgr | User Security | /opt/SUNWadm/2.3/bin/dbmgr | file_chown, file_dac_write, proc_audit_tcb, sys_trans_label |
| deallocate | Device Management | /usr/sbin/deallocate |
file_chown, file_dac_read, file_dac_write, file_mac_read, file_setdac, sys_audit, sys_devices, sys_mount, sys_net_config |
| deallocate | System Management | /usr/sbin/deallocate | file_chown, file_setdac |
| deallocate | System Security | /usr/sbin/deallocate | file_chown, file_setdac |
| deallocate | boot | /usr/sbin/deallocate | file_chown, file_dac_read, file_dac_write, file_mac_read, file_setdac, sys_audit, sys_devices, sys_mount, sys_net_config |
| devinfo | File System Management | /usr/sbin/devinfo | |
| devlinks | Device Security | /etc/init.d/devlinks | euid = 0, egid = 3 |
| df | Basic Commands | /usr/bin/df | |
| dfmounts | File System Management | /usr/sbin/dfmounts | |
| dfshares | File System Management | /usr/sbin/dfshares | |
| diff | Basic Commands | /usr/bin/diff | |
| diff3 | Basic Commands | /usr/bin/diff3 | |
| dircmp | Basic Commands | /usr/bin/dircmp | |
| dirname | Basic Commands | /usr/bin/dirname | |
| disable | Printer Security | /usr/bin/disable | sys_devices |
| disable | System Management | /usr/bin/disable | sys_devices |
| disable | System Security | /usr/bin/disable | sys_devices |
| dmesg | Maintenance and Repair | /usr/sbin/dmesg | min SL = ADMIN_HIGH |
| domain_create | SSP Administration | /opt/SUNWssp/bin/domaine_create | すべての特権 |
| domain_history | SSP Administration | /opt/SUNWssp/bin/domain_history | すべての特権 |
| domain_link | SSP Administration | /opt/SUNWssp/bin/domain_link | すべての特権 |
| domain_link | SSP Administration |
/opt/SUNWssp/release/ Ultra-Enterprise-10000/ 5/6/bin/drview | すべての特権 |
| domain_remove | SSP Administration | /opt/SUNWssp/bin/domain_remove | すべての特権 |
| domain_rename | SSP Administration | /opt/SUNWssp/bin/domain_rename | すべての特権 |
| domain_status | SSP Administration | /opt/SUNWssp/bin/domain_status | すべての特権 |
| domain_unlink | SSP Administration | /opt/SUNWssp/bin/domain_unlink | すべての特権 |
| domain_unlink | SSP Administration |
/opt/SUNWssp/release/ Ultra-Enterprise-10000/ 5/6/bin/domain_unlink | すべての特権 |
| dr | SSP Administration | /opt/SUNWssp/bin/dr | すべての特権 |
| dr | SSP Administration |
/opt/SUNWssp/release/ Ultra-Enterprise-10000/ 5/5/1/bin/dr | すべての特権 |
| dr_daemon | inetd |
/platform/SUNW,Ultra-Enterprise-10000/ lib/dr_daemon | euid = 0, egid = 1, すべての特権 |
| drtk | SSP Administration | /opt/SUNWssp/bin/drtk | すべての特権 |
| drview | SSP Administration | /opt/SUNWssp/bin/drview | すべての特権 |
| drview | SSP Administration |
/opt/SUNWssp/release/ Ultra-Enterprise-10000/ 5/5/1/bin/drview | すべての特権 |
| drvconfig | Device Security | /etc/init.d/drvconfig | euid = 0, egid = 3 |
|
drvconfig |
Host Alternate Pathing |
/etc/init.d/drvconfig |
euid = 0, egid = 3, file_chown, file_mac_read, file_mac_search, file_mac_write, file_owner, file_setdac, file_setid, file_setpriv, file_upgrade_sl, proc_mac_read, proc_mac_write, proc_owner, proc_setid, sys_config, sys_devices, sys_net_config |
|
drvconfig |
Host Alternate Pathing |
/usr/sbin/drvconfig |
euid = 0, egid = 3, file_chown, file_mac_read, file_mac_search, file_mac_write, file_owner, file_setdac, file_setid, file_setpriv, file_upgrade_sl, proc_mac_read, proc_mac_write, proc_owner, proc_setid, sys_config, sys_devices, sys_net_config |
| drvconfig | System Security | /usr/sbin/drvconfig | |
| dtappsession | Remote Administration | /usr/dt/bin/dtappsession | |
| dtlogin | Device Security | /etc/init.d/dtlogin | euid = 0, egid = 3 |
| du | Basic Commands | /usr/bin/du | |
| echo | Basic Commands | /usr/bin/echo | |
| edd | SSP Administration | /opt/SUNWssp/bin/edd | すべての特権 |
| edd_cmd | SSP Administration | /opt/SUNWssp/bin/edd_cmd | すべての特権 |
| eeprom | Device Security | /usr/sbin/eeprom | euid = 0 |
| eeprom | Maintenance and Repair | /usr/sbin/eeprom | |
| egrep | Basic Commands | /usr/bin/egrep | |
|
eject |
File System Management |
/usr/bin/eject |
file_dac_read |
|
enable |
Printer Security |
/usr/bin/enable |
sys_devices |
|
enable |
System Management |
/usr/bin/enable |
sys_devices |
|
enable |
System Security |
/usr/bin/enable |
sys_devices |
|
env |
Basic Commands |
/usr/bin/env | |
| Environmentact | SSP Administration | /opt/SUNWssp/bin/Environmentact | すべての特権 |
|
expr |
Basic Commands |
/usr/bin/expr |
表 A-6 コマンド (F-H) と関連する実行プロファイル
|
コマンド |
プロファイル |
パス |
セキュリティ属性 |
|---|---|---|---|
| fad | SSP Administration | /opt/SUNWssp/bin/fad | すべての特権 |
|
false |
Basic Commands |
/usr/bin/false | |
|
false |
Custom Admin Role |
/usr/bin/false | |
|
false |
Custom Oper Role |
/usr/bin/false | |
|
false |
Custom SSP Role |
/usr/bin/false | |
| fan | SSP Administration | /opt/SUNWssp/bin/fan | すべての特権 |
| FanFailact | SSP Administration | /opt/SUNWssp/bin/FanFailact | すべての特権 |
| FanNormact | SSP Administration |
/opt/SUNWssp/bin/ FanNormact | すべての特権 |
|
fgrep |
Basic Commands |
/usr/bin/fgrep | |
|
file |
Basic Commands |
/usr/bin/file | |
|
fold |
Basic Commands |
/usr/bin/fold | |
|
format |
Audit Control |
/usr/sbin/format |
euid = 0, sys_devices |
|
format |
File System Management |
/usr/sbin/format |
euid = 0, sys_devices |
|
format |
System Management |
/usr/sbin/format |
euid = 0 |
| format | System Security | /usr/sbin/format | euid = 0, すべての特権 |
|
fsck |
File System Management |
/usr/sbin/fsck | |
|
fsdb |
File System Management |
/usr/sbin/fsdb | |
|
fsirand |
File System Management |
/usr/sbin/fsirand | |
| fstyp | File System Management | /usr/sbin/fstyp | |
|
fusage |
File System Management |
/usr/sbin/fusage | |
|
fuser |
File System Management |
/usr/sbin/fuser |
file_dac_search, file_mac_search, proc_audit_tcb, proc_owner, sys_mount |
|
fuser |
Process Management |
/usr/sbin/fuser |
file_dac_search, file_mac_search, proc_audit_tcb, proc_owner |
| generic.scotty | SSP Administration | /opt/SUNWssp/bin/generic.scotty | すべての特権 |
|
getfacl |
Object Access Management |
/usr/bin/getfacl |
file_dac_search, file_mac_read, file_mac_search |
|
getfattrflag |
File System Management |
/usr/bin/getfattrflag |
file_dac_search, file_mac_read, file_mac_search |
|
getfattrflag |
Object Access Management |
/usr/bin/getfattrflag |
file_audit, file_dac_search, file_mac_read, file_mac_search |
|
getfpriv |
Object Privilege Management |
/usr/bin/getfpriv | |
|
getfsattr |
File System Management |
/usr/sbin/getfsattr |
file_dac_read, file_dac_search, file_mac_search, sys_trans_label |
|
getfsattr |
File System Security |
/usr/sbin/getfsattr |
file_dac_read, file_dac_search, file_mac_search, sys_trans_label |
|
getfsattr |
System Management |
/usr/sbin/getfsattr |
file_dac_read, file_dac_search, file_mac_search |
|
getfsattr |
System Security |
/usr/sbin/getfsattr |
egid = 3 |
|
getlabel |
Basic Commands |
/usr/bin/getlabel | |
|
getlabel |
Object Access Management |
/usr/bin/getlabel |
file_dac_search, file_mac_read, file_mac_search |
|
getlabel |
Object Label Management |
/usr/bin/getlabel |
file_dac_read, file_dac_search, file_mac_read, file_mac_search, sys_trans_label |
|
getmldadorn |
Object Label Management |
/usr/bin/getmldadorn | |
|
getsldname |
Object Label Management |
/usr/bin/getsldname | |
|
grep |
Audit Review |
/usr/bin/grep |
euid = 0, min SL = ADMIN_HIGH |
|
grep |
Basic Commands |
/usr/bin/grep | |
|
groupmgr |
User Management |
/opt/SUNWadm/2.3/bin/ groupmgr |
file_dac_write, proc_audit_tcb |
|
grpck |
User Management |
/usr/sbin/grpck | |
| halt | Maintenance and Repair | /usr/sbin/halt |
euid = 0, file_mac_read, sys_audit, sys_boot |
|
head |
Basic Commands |
/usr/bin/head | |
| HeartBeatFailact | SSP Administration |
/opt/SUNWssp/bin/ HeartBeatFailact | すべての特権 |
|
hextoalabel |
Object Label Management |
/usr/sbin/hextoalabel |
sys_trans_label |
|
hostid |
Basic Commands |
/usr/bin/hostid | |
| hostinfo | SSP Administration | /opt/SUNWssp/bin/hostinfo | すべての特権 |
| hostint | SSP Administration | /opt/SUNWssp/bin/hostint | すべての特権 |
|
hostmgr |
Network Management |
/opt/SUNWadm/2.3/bin/ hostmgr |
file_dac_write, proc_audit_tcb |
|
hostmgr |
System Management |
/opt/SUNWadm/2.3/bin/ hostmgr |
file_chown, file_dac_write, sys_trans_label |
|
hostname |
Basic Commands |
/usr/bin/hostname | |
| hostreset | SSP Administration | /opt/SUNWssp/bin/hostreset | すべての特権 |
| hostreset | SSP Administration |
/opt/SUNWssp/release/ Ultra-Enterprise-10000/ 5/5/1/bin/hostreset | すべての特権 |
| hostview | SSP Administration | /opt/SUNWssp/bin/hostview | すべての特権 |
| hostview_child | SSP Administration | /opt/SUNWssp/bin/hostview_child | すべての特権 |
| hpost | SSP Administration | /opt/SUNWssp/bin/hpost | すべての特権 |
| hpost | SSP Administration |
/opt/SUNWssp/release/ Ultra-Enterprise-10000/ 5/5/1/bin/hpost | すべての特権 |
表 A-7 コマンド (I-L) と関連する実行プロファイル
|
コマンド |
プロファイル |
パス |
セキュリティ属性 |
|---|---|---|---|
| ict_test | SSP Administration | /opt/SUNWssp/bin/ict_test | すべての特権 |
|
id |
Basic Commands |
/usr/bin/id | |
| IDNevent | SSP Administration | /opt/SUNWssp/bin/IDNevent | すべての特権 |
| IDNevent | SSP Administration |
/opt/SUNWssp/release/ Ultra-Enterprise-10000/
5/6/bin/IDNevent | すべての特権 |
|
ifconfig |
Network Management |
/usr/sbin/ifconfig |
euid = 0, file_mac_read, sys_net_config |
|
inetd |
boot |
/usr/sbin/inetd |
すべての特権 |
|
inetinit |
Network Management |
/etc/init.d/inetinit |
euid = 0, egid = 3 |
|
inetsvc |
Network Management |
/etc/init.d/inetsvc |
euid = 0, egid = 3 |
|
init |
Maintenance and Repair |
/usr/sbin/init |
file_chown, file_dac_write, file_mac_read, file_mac_write, proc_audit_tcb, sys_audit |
|
init |
System Management |
/usr/sbin/init |
すべての特権 |
|
initpcmcia |
Device Security |
/etc/init.d/initpcmcia |
euid = 0, egid = 3 |
|
install |
Software Installation |
/usr/sbin/install |
file_chown, file_dac_read, file_dac_search, file_dac_write, file_setid |
| in.ftpd | inetd | /usr/sbin/in.ftpd |
file_dac_read, file_mac_write, net_privaddr, proc_audit_tcb, proc_chroot, proc_setid, sys_audit |
| in.lpd | inetd | /usr/lib/print/in.lpd | file_chown, file_dac_write, file_downgrade_sl, file_mac_read, file_mac_search, file_mac_write, file_owner, file_setdac, net_downgrade_sl, net_mac_read, net_privaddr, net_setclr, net_setid, net_upgrade_sl, proc_audit_tcb, proc_tranquil, sys_trans_label |
|
in. named |
boot |
/usr/sbin/in.named |
euid = 0, file_mac_read, net_mac_read, net_privaddr, net_upgrade_sl, proc_dumpcore, proc_setclr, sys_config, sys_net_config, sys_trans_label |
|
in.named |
Network Management |
/usr/sbin/in.named |
euid = 0, file_mac_read, net_mac_read, net_privaddr, net_upgrade_sl, proc_dumpcore, proc_setclr, sys_config, sys_net_config, sys_trans_label |
|
in.named |
System Management |
/usr/sbin/in.named |
euid = 0, file_mac_read, net_mac_read, net_privaddr, net_upgrade_sl, proc_dumpcore, proc_setclr, sys_config, sys_net_config, sys_trans_label |
|
in.rexecd |
inetd |
/usr/sbin/in.rexecd |
net_privaddr, proc_audit_tcb, proc_setid, sys_audit |
|
in.rlogind |
inetd |
/usr/sbin/in.rlogind |
file_chown, file_mac_write, file_setdac, net_privaddr, proc_audit_tcb, sys_audit |
| in.rshd | inetd | /usr/sbin/in.rshd |
net_privaddr, proc_audit_tcb, proc_setid, sys_audit |
|
in.telnetd |
inetd |
/usr/sbin/in.telnetd |
file_chown, file_mac_write, file_setdac, net_privaddr, proc_audit_tcb, sys_audit |
|
in.tftpd |
inetd |
/usr/sbin/in.tftpd |
proc_chroot, proc_owner, proc_setid |
| interconect_test_cb | SSP Administration |
/opt/SUNWssp/bin/ interconnect_test_cb | すべての特権 |
| interconnect_test_cp | SSP Administration |
/opt/SUNWssp/bin/ interconnect_test_cp | すべての特権 |
| interconnect_test_sb | SSP Administration |
/opt/SUNWssp/bin/ interconnect_test_sb | すべての特権 |
| interconnect_test_sb_psycho | SSP Administration |
/opt/SUNWssp/bin/ interconnect_test_sb_psycho | すべての特権 |
|
join |
Basic Commands |
/usr/bin/join | |
|
kbd |
Device Security |
/usr/bin/kbd |
file_dac_read, file_dac_write, sys_devices |
|
keymap |
Device Security |
/etc/init.d/keymap |
euid = 0, egid = 3 |
|
keyserve |
boot |
/usr/sbin/keyserv |
すべての特権 |
|
kill |
Process Management |
/usr/bin/kill |
proc_mac_write, proc_owner |
|
kill |
System Management |
/usr/bin/kill |
proc_mac_write, proc_owner |
|
ksh |
Privileged Shells |
/usr/bin/ksh |
すべての特権 |
|
ldd |
Basic Commands |
/usr/bin/ldd | |
|
ldd |
Maintenance and Repair |
/usr/bin/ldd | |
|
leoconfig |
Device Security |
/etc/init.d/leoconfig |
euid = 0, egid = 3 |
|
list_devices |
Device Security |
/usr/sbin/list_devices | |
|
list_devices |
System Management |
/usr/sbin/list_devices | |
|
ln |
Basic Commands |
/usr/bin/ln | |
|
ln |
Software Installation |
/usr/bin/ln |
file_dac_write |
|
lockd |
boot |
/usr/lib/nfs/lockd |
euid = 0, net_mac_read, net_privaddr, net_upgrade_sl, proc_dumpcore, sys_net_config, sys_nfs, sys_suser_compat, sys_trans_label |
|
look |
Basic Commands |
/usr/bin/look |
|
|
lp |
Basic Commands |
/usr/bin/lp |
|
|
lp |
Printer Security |
/etc/init.d/lp |
euid = 0, egid = 3 |
|
lp |
System Management |
/usr/bin/lp |
|
|
lpadmin |
Printer Security |
/usr/sbin/lpadmin |
euid = 0, egid = 14, file_chown, file_dac_write, file_owner |
|
lpadmin |
System Management |
/usr/sbin/lpadmin |
euid = 0, max SL = ADMIN_LOW |
|
lpfilter |
Printer Security |
/usr/sbin/lpfilter |
euid = 0, file_dac_write |
|
lpfilter |
System Management |
/usr/sbin/lpfilter |
euid = 0, max SL = ADMIN_LOW |
|
lpforms |
Printer Security |
/usr/sbin/lpforms |
euid = 0 |
|
lpmove |
Printer Security |
/usr/sbin/lpmove |
euid = 0 |
|
lpmove |
System Management |
/usr/sbin/lpmove |
euid = 0, max SL = ADMIN_LOW |
|
lpq |
Printer Security |
/usr/ucb/lpq |
file_dac_read, file_mac_read, sys_trans_label |
|
lprm |
Printer Security |
/usr/ucb/lprm |
file_dac_write, file_mac_read, file_mac_write |
|
lpsched |
Printer Security |
/usr/lib/lp/lpsched |
euid = 0, min SL = ADMIN_HIGH, file_chown, file_dac_read, file_dac_search, file_dac_write, file_downgrade_sl, file_mac_read, file_mac_search, file_mac_write, file_owner, file_setdac, file_setid, file_upgrade_sl, net_downgrade_sl, net_mac_read, net_setid, net_setpriv, proc_audit_tcb, proc_mac_write, proc_owner, proc_setclr, proc_setid, proc_setsl, proc_tranquil, sys_trans_label |
|
lpsched |
boot |
/usr/lib/lp/lpsched |
euid = 0, min SL = ADMIN_HIGH, max SL = ADMIN_HIGH, file_chown, file_dac_read, file_dac_search, file_dac_write, file_downgrade_sl, file_mac_read, file_mac_search, file_mac_write, file_owner, file_setdac, file_setid, file_upgrade_sl, net_downgrade_sl, net_mac_read, net_setid, net_setpriv, proc_audit_tcb, proc_mac_write, proc_owner, proc_setclr, proc_setid, proc_setsl, proc_tranquil, sys_trans_label |
|
lpshut |
Printer Security |
/usr/sbin/lpshut |
euid = 0 |
|
lpshut |
System Management |
/usr/sbin/lpshut |
euid = 0 |
|
lpstat |
Basic Commands |
/usr/bin/lpstat | |
|
lpstat |
Printer Security |
/usr/bin/lpstat |
file_dac_read, file_mac_read, sys_trans_label |
|
lpstat |
System Management |
/usr/bin/lpstat |
file_dac_read, file_mac_read |
|
lpsystem |
Printer Security |
/usr/sbin/lpsystem |
euid = 0 |
|
lpsystem |
System Management |
/usr/sbin/lpsystem |
euid = 0, max SL = ADMIN_LOW |
|
lpusers |
Printer Security |
/usr/sbin/lpusers |
euid = 0 |
|
lpusers |
System Management |
/usr/sbin/lpusers |
euid = 0, max SL = ADMIN_LOW |
|
ls |
Basic Commands |
/usr/bin/ls |
表 A-8 コマンド (M) と関連する実行プロファイル
|
コマンド |
プロファイル |
パス |
セキュリティ属性 |
|---|---|---|---|
| machine_server | SSP Administration | /opt/SUNWssp/bin/machine_server | すべての特権 |
|
mailq |
Basic Commands |
/usr/bin/mailq |
egid = 2 |
|
mailq |
Mail Management |
/usr/bin/mailq | |
|
mailq |
System Management |
/usr/bin/mailq |
egid = 2, file_dac_read, file_mac_read |
|
make |
Software Installation |
/usr/ccs/bin/make | |
|
man |
Basic Commands |
/usr/bin/man | |
|
mconnect |
Mail Management |
/usr/bin/mconnect | |
|
mkdir |
Audit Control |
/usr/bin/mkdir |
file_dac_write |
|
mkdir |
Basic Commands |
/usr/bin/mkdir | |
|
mkdir |
File System Management |
/usr/bin/mkdir |
file_dac_write |
|
mkdtab |
Device Security |
/etc/init.d/mkdtab |
euid = 0, egid = 3 |
|
mkfile |
File System Management |
/usr/sbin/mkfile | |
|
mkfile |
System Management |
/usr/sbin/mkfile | |
|
mkfs |
Audit Control |
/usr/sbin/mkfs |
すべての特権 |
|
mkfs |
File System Management |
/usr/sbin/mkfs |
file_dac_read, file_dac_write |
|
mkfs |
System Management |
/usr/sbin/mkfs |
euid = 0, すべての特権 |
|
mkfs |
System Security |
/usr/sbin/mkfs |
euid = 0, すべての特権 |
|
mldpwd |
Object Access Management |
/usr/bin/mldpwd |
file_dac_write |
|
mldpwd |
Object Label Management |
/usr/bin/mldpwd |
file_dac_write |
|
mldrealpath |
Object Access Management |
/usr/bin/mldrealpath |
file_dac_write |
|
mldrealpath |
Object Label Management |
/usr/bin/mldrealpath |
file_dac_write |
|
more |
Basic Commands |
/usr/bin/more |
|
|
mount |
Audit Control |
/usr/sbin/mount |
euid = 0, file_dac_read, file_dac_search, file_dac_write, file_mac_read, file_mac_search, file_mac_write, net_privaddr, proc_setsl, sys_mount, sys_trans_label |
|
mount |
File System Management |
/usr/sbin/mount |
euid = 0, file_dac_read, file_dac_search, file_dac_write, file_mac_read, file_mac_search, file_mac_write, net_privaddr, proc_setsl, sys_mount, sys_trans_label |
|
mount |
System Management |
/usr/sbin/mount |
euid = 0, file_dac_read, file_dac_search, file_mac_read, file_mac_search, file_mac_write, net_privaddr, proc_setsl, sys_mount, sys_trans_label |
|
mount |
boot |
/usr/sbin/mount |
euid = 0, file_dac_read, file_dac_search, file_dac_write, file_mac_read, file_mac_search, file_mac_write, net_privaddr, proc_setsl, sys_mount, sys_trans_label |
|
mountall |
Audit Control |
/usr/sbin/mountall |
euid = 0, file_dac_read, file_dac_search, file_dac_write, file_mac_read, file_mac_search, file_mac_write, net_privaddr, proc_setsl, sys_mount, sys_trans_label |
|
mountall |
File System Management |
/usr/sbin/mountall |
euid = 0, file_dac_read, file_dac_search, file_dac_write, file_mac_read, file_mac_search, file_mac_write, net_privaddr, proc_setsl, sys_mount, sys_trans_label |
|
mountall |
System Management |
/usr/sbin/mountall |
euid = 0, file_dac_read, file_dac_search, file_mac_read, file_mac_search, file_mac_write, net_privaddr, proc_setsl, sys_mount, sys_trans_label |
|
mountall |
boot |
/sbin/mountall |
すべての特権 |
| mountall | boot | /usr/sbin/mountall |
euid = 0, file_dac_read, file_dac_search, file_dac_write, file_mac_read, file_mac_search, file_mac_write, net_privaddr, proc_setsl, sys_mount, sys_trans_label |
| mountd |
boot |
/usr/lib/nfs/mountd |
euid = 0, egid = 0, file_dac_search, file_mac_read, file_mac_search, file_mac_write, net_mac_read, net_privaddr, proc_setclr, proc_setsl, sys_audit, sys_devices, sys_net_config, sys_nfs |
|
mt |
Media Backup |
/usr/bin/mt |
|
|
mt |
Media Restore |
/usr/bin/mt |
|
|
mv |
Basic Commands |
/usr/bin/mv |
|
|
mv |
cron |
/usr/bin/mv |
file_mac_write |
表 A-9 コマンド (N) と関連する実行プロファイル
|
コマンド |
プロファイル |
パス |
コマンドと関連する実行プロファイル |
|---|---|---|---|
|
ncheck |
File System Management |
/usr/sbin/ncheck |
|
| netcon | SSP Administration | /opt/SUNWssp/bin/netcon | すべての特権 |
| netcon.openwin | SSP Administration |
/opt/SUNWssp/bin/ netcon.openwin | すべての特権 |
| netcon_server | SSP Administration |
/opt/SUNWssp/bin/ netcon_server | すべての特権 |
| netcon_server | SSP Administration |
/opt/SUNWssp/release/ Ultra-Enterprise-10000/ 5/5/1/bin/netcon_server | すべての特権 |
| netcon_wrapper | SSP Administration |
/opt/SUNWssp/bin/ netcon_wrapper | すべての特権 |
| netcontool | SSP Administration | /opt/SUNWssp/bin/netcontool | すべての特権 |
| netcontool.openwin | SSP Administration |
/opt/SUNWssp/bin/ netcontool.openwin | すべての特権 |
| netcontool_wrapper | SSP Administration |
/opt/SUNWssp/bin/ netcontool_wrapper | すべての特権 |
|
netstat |
Network Management |
/usr/bin/netstat |
euid = 0, net_rawaccess |
|
newaliases |
Mail Management |
/usr/bin/newaliases |
net_mac_read, net_privaddr, |
|
newaliases |
System Management |
/usr/bin/newaliases |
euid = 0, net_mac_read, net_privaddr, |
|
newfs |
Audit Control |
/usr/sbin/newfs |
euid = 0, すべての特権 |
|
newfs |
File System Management |
/usr/sbin/newfs |
file_dac_read, file_dac_write |
|
newfs |
System Management |
/usr/sbin/newfs |
euid = 0, すべての特権 |
|
newfs |
System Security |
/usr/sbin/newfs |
euid = 0, すべての特権 |
|
newkey |
NIS+ Security Administration |
/usr/sbin/newkey |
|
|
newsecfs |
Audit Control |
/usr/sbin/newsecfs |
すべての特権 |
|
newsecfs |
File System Security |
/usr/sbin/newsecfs |
file_dac_read, file_dac_write |
|
newsecfs |
System Security |
/usr/sbin/newsecfs |
euid = 0, すべての特権 |
| newssplog | SSP Administration | /opt/SUNWssp/bin/newssplog | すべての特権 |
| nfs.client | File System Management | /etc/init.d/nfs.client | euid = 0, egid = 7, max SL = ADMIN_LOW |
| nfs.client | System Management | /etc/init.d/nfs.client | euid = 0, egid = 3, すべての特権 |
|
nfs.server |
File System Management |
/etc/init.d/nfs.server |
euid = 0, egid = 3, max SL = ADMIN_LOW |
|
nfsstat |
File System Management |
/usr/bin/nfsstat |
euid = 0, min SL = ADMIN_HIGH, file_mac_write, sys_config |
|
nice |
Process Management |
/usr/bin/nice | |
|
nice |
System Management |
/usr/bin/nice | |
|
nisaddcred |
NIS+ Security Administration |
/usr/bin/nisaddcred | |
|
nisaddent |
NIS+ Security Administration |
/usr/lib/nis/nisaddent | |
|
niscat |
Basic Commands |
/usr/bin/niscat | |
|
nischgrp |
NIS+ Security Administration |
/usr/bin/nischgrp | |
|
nischmod |
NIS+ Security Administration |
/usr/bin/nischmod | |
|
nischown |
NIS+ Security Administration |
/usr/bin/nischown | |
|
nischttl |
NIS+ Administration |
/usr/bin/nischttl | |
|
nisclient |
NIS+ Security Administration |
/usr/lib/nis/nisclient |
euid = 0, file_dac_read, file_dac_write, file_mac_read, net_mac_read, net_reply_equal, net_setclr, net_setid, net_setpriv, proc_owner, sys_net_config |
|
nisctl |
NIS+ Administration |
/usr/lib/nis/nisctl |
|
|
nisdefaults |
Basic Commands |
/usr/bin/nisdefaults |
|
|
niserror |
Basic Commands |
/usr/bin/niserror |
|
|
nisgrep |
Basic Commands |
/usr/bin/nisgrep |
|
|
nisgrpadm |
NIS+ Security Administration |
/usr/bin/nisgrpadm |
|
|
nisinit |
NIS+ Security Administration |
/usr/sbin/nisinit |
|
|
nisln |
NIS+ Administration |
/usr/bin/nisln |
|
|
nislog |
NIS+ Security Administration |
/usr/sbin/nislog |
|
|
nismatch |
Basic Commands |
/usr/bin/nismatch |
|
|
nismkdir |
NIS+ Security Administration |
/usr/bin/nismkdir |
|
|
nispasswd |
NIS+ Security Administration |
/usr/bin/nispasswd |
|
|
nisping |
NIS+ Administration |
/usr/lib/nis/nisping |
|
|
nispopulate |
NIS+ Security Administration |
/usr/lib/nis/nispopulate |
|
|
nisrm |
NIS+ Security Administration |
/usr/bin/nisrm |
|
|
nisrmdir |
NIS+ Security Administration |
/usr/bin/nisrmdir |
|
|
nisserver |
NIS+ Security Administration |
/usr/lib/nis/nisserver |
euid = 0, file_dac_read, file_mac_read, net_mac_read, net_reply_equal, net_setclr, net_setid, net_setpriv, net_upgrade_sl, proc_setclr, proc_setsl, sys_net_config |
|
nissetup |
NIS+ Security Administration |
/usr/lib/nis/nissetup |
|
|
nisshowcache |
NIS+ Administration |
/usr/lib/nis/nisshowcache |
|
|
nisstat |
NIS+ Administration |
/usr/lib/nis/nisstat |
|
|
nistbladm |
NIS+ Security Administration |
/usr/bin/nistbladm |
|
|
nistest |
Basic Commands |
/usr/bin/nistest |
|
|
nistnsetup |
NIS+ Administration |
/usr/lib/nis/nistnsetup |
|
|
nistntime |
NIS+ Administration |
/usr/lib/nis/nistntime |
|
|
nisupdkeys |
NIS+ Security Administration |
/usr/lib/nis/nisupdkeys |
|
|
nroff |
Basic Commands |
/usr/bin/nroff |
|
|
nscd |
NIS+ Administration |
/usr/sbin/nscd |
file_dac_write, file_setid, net_mac_read, net_upgrade_sl, proc_dumpcore, proc_setclr, sys_net_config, sys_system_door, sys_trans_label |
|
nscd |
Network Management |
/etc/init.d/nscd |
euid = 0, egid = 3 |
|
nscd |
boot |
/usr/sbin/nscd |
file_dac_write, file_setid, net_mac_read, net_upgrade_sl, proc_dumpcore, proc_setclr, sys_net_config, sys_system_door, sys_trans_label |
表 A-10 コマンド (O-P) と関連する実行プロファイル
|
コマンド |
プロファイル |
パス |
セキュリティ属性 |
|---|---|---|---|
| ObpBootingact | SSP Administration |
/opt/SUNWssp/bin/ ObpBootingact | すべての特権 |
| obp_helper | SSP Administration |
/opt/SUNWssp/bin/ obp_helper | すべての特権 |
| obp_helper | SSP Administration |
/opt/SUNWssp/release/ Ultra-Enterprise-10000/ 5/5/1/bin/obp_helper | すべての特権 |
| ObpResetact | SSP Administration |
/opt/SUNWssp/bin/ ObpResetact | すべての特権 |
|
page |
Basic Commands |
/usr/bin/page |
|
| Panicact | SSP Administration |
/opt/SUNWssp/bin/ Panicact | すべての特権 |
| PanicRebootact | SSP Administration |
/opt/SUNWssp/bin/ PanicRebootact | すべての特権 |
|
passwd |
User Security |
/usr/bin/passwd |
|
|
pattr |
Process Management |
/usr/proc/bin/pattr |
file_dac_read, proc_mac_read, proc_owner |
|
pattr |
System Management |
/usr/proc/bin/pattr |
file_dac_read, proc_mac_read, proc_owner |
|
pclear |
Process Management |
/usr/proc/bin/pclear |
file_dac_read, proc_mac_read, proc_owner, sys_trans_label |
|
pclear |
System Management |
/usr/proc/bin/pclear |
file_dac_read, proc_mac_read, proc_owner, sys_trans_label |
|
pcmcia |
Device Security |
/etc/init.d/pcmcia |
euid = 0, egid = 3 |
|
pcred |
Process Management |
/usr/proc/bin/pcred |
file_dac_read, proc_mac_write, proc_owner |
|
pcred |
System Management |
/usr/proc/bin/pcred |
file_dac_read, proc_mac_read, proc_owner |
|
perf |
Process Management |
/etc/init.d/perf |
euid = 0, egid = 3 |
|
pfiles |
Process Management |
/usr/proc/bin/pfiles |
file_dac_read, proc_mac_read, proc_owner |
|
pfiles |
System Management |
/usr/proc/bin/pfiles |
file_dac_read, proc_mac_read, proc_owner |
|
pflags |
Process Management |
/usr/proc/bin/pflags |
file_dac_read, proc_mac_write, proc_owner |
|
pflags |
System Management |
/usr/proc/bin/pflags |
file_dac_read, proc_mac_read, proc_owner |
|
pfsh |
Basic Commands |
/usr/bin/pfsh | |
|
pg |
Basic Commands |
/usr/bin/pg | |
|
ping |
Basic Commands |
/usr/sbin/ping | |
|
ping |
Network Management |
/usr/sbin/ping | |
|
ping |
System Management |
/usr/sbin/ping | |
|
ping |
System Security |
/usr/sbin/ping | |
|
pkgadd |
Software Installation |
/usr/sbin/pkgadd |
euid = 0, egid = 2, file_audit, file_chown, file_dac_read, file_dac_search, file_dac_write, file_mac_read, file_mac_search, file_mac_write, file_owner, file_setdac, file_setid, file_set_priv, file_upgrade_sl, proc_owner, proc_setid, sys_devices, sys_minfree, sys_translabel |
|
pkgask |
Software Installation |
/usr/sbin/pkgask |
euid = 0 |
|
pkgchk |
Software Installation |
/usr/sbin/pkgchk |
euid = 0 |
|
pkginfo |
Software Installation |
/usr/bin/pkginfo |
euid = 0 |
|
pkgmk |
Software Installation |
/usr/bin/pkgmk |
euid = 0 |
|
pkgmv |
Software Installation |
/usr/sbin/pkgmv |
euid = 0, egid = 2, file_chown, file_dac_read, file_dac_search, file_dac_write, file_mac_read, file_mac_search, file_mac_write, file_owner, file_setdac, file_setid, file_set_priv, file_upgrade_sl, proc_owner, proc_setid, sys_devices, sys_minfree, sys_trans_label |
|
pkgparam |
Software Installation |
/usr/bin/pkgparam |
euid = 0 |
|
pkgproto |
Software Installation |
/usr/bin/pkgproto |
euid = 0 |
|
pkgrm |
Software Installation |
/usr/sbin/pkgrm |
euid = 0, egid = 2, file_chown, file_dac_read, file_dac_search, file_dac_write, file_mac_read, file_mac_search, file_mac_write, file_owner, file_setdac, file_setid, proc_owner, sys_devices, sys_minfree |
|
pkgtrans |
Software Installation |
/usr/bin/pkgtrans |
euid = 0 |
|
plabel |
Process Management |
/usr/proc/bin/plabel |
file_dac_read, proc_mac_read, proc_owner, sys_trans_label |
|
plabel |
System Management |
/usr/proc/bin/plabel |
file_dac_read, proc_mac_read, proc_owner, sys_trans_label |
|
pldd |
Process Management |
/usr/proc/bin/pldd |
file_dac_read, proc_mac_read, proc_owner |
|
pldd |
System Management |
/usr/proc/bin/pldd |
file_dac_read, proc_mac_read, proc_owner |
|
pmap |
Process Management |
/usr/proc/bin/pmap |
file_dac_read, proc_mac_read, proc_owner |
|
pmap |
System Management |
/usr/proc/bin/pmap |
file_dac_read, proc_mac_read, proc_owner |
|
pmconfig |
boot |
/usr/sbin/pmconfig |
すべての特権 |
| power | Host System Management | /etc/init.d/power | すべての特権 |
| power | SSP Administration | /opt/SUNWssp/bin/power | すべての特権 |
| PowerFailRebootact | SSP Administration |
/opt/SUNWssp/bin/ PowerFailRebootact | すべての特権 |
| PowerOffact | SSP Administration |
/opt/SUNWssp/bin/ PowerOffact | すべての特権 |
|
poweroff |
Maintenance and Repair |
/usr/sbin/poweroff |
euid = 0, sys_boot |
| PowerOnact | SSP Administration | /opt/SUNWssp/bin/PowerOnact | すべての特権 |
|
ppriv |
Object Privilege Management |
/usr/proc/bin/ppriv |
proc_mac_read, proc_owner |
|
ppriv |
Process Management |
/usr/proc/bin/ppriv |
file_dac_read, proc_mac_read, proc_owner |
|
pprivtest |
Object Privilege Management |
/usr/proc/bin/pprivtest |
proc_mac_read, proc_owner |
|
pprivtest |
Process Management |
/usr/proc/bin/pprivtest |
file_dac_read, file_mac_read, proc_owner |
|
pr |
Basic Commands |
/usr/bin/pr |
|
|
praudit |
Audit Review |
/usr/sbin/praudit |
euid = 0, min SL = ADMIN_HIGH, file_dac_read, sys_audit |
|
printmgr |
Printer Security |
/opt/SUNWadm/2.3/bin/ printmgr |
max SL = ADMIN_LOW, file_dac_write, file_owner, proc_audit_tcb |
|
printmgr |
System Security |
/opt/SUNWadm/2.3/bin/ printmgr |
すべての特権 |
|
profmgr |
User Security |
/opt/SUNWadm/2.3/bin/ profmgr |
file_chown, file_dac_read, file_dac_search, file_dac_write, proc_audit_tcb, sys_trans_label |
|
prtconf |
Maintenance and Repair |
/usr/sbin/prtconf |
|
|
prun |
Process Management |
/usr/proc/bin/prun |
file_dac_read, proc_mac_read, proc_owner |
|
prun |
System Management |
/usr/proc/bin/prun |
file_dac_read, proc_mac_read, proc_owner |
|
ps |
Process Management |
/usr/bin/ps |
file_dac_read, file_mac_read, proc_mac_read, proc_owner |
|
ps |
System Management |
/usr/bin/ps |
file_dac_read, proc_mac_read, proc_owner |
|
ps |
System Security |
/usr/bin/ps |
file_dac_read, proc_mac_read, proc_owner |
|
psig |
Process Management |
/usr/proc/bin/psig |
file_dac_read, proc_mac_read, proc_owner |
|
psig |
System Management |
/usr/proc/bin/psig |
file_dac_read, proc_mac_read, proc_owner |
|
pstack |
Process Management |
/usr/proc/bin/pstack |
file_dac_read, proc_mac_read, proc_owner |
|
pstack |
System Management |
/usr/proc/bin/pstack |
file_dac_read, proc_mac_read, proc_owner |
|
pstop |
Process Management |
/usr/proc/bin/pstop |
file_dac_read, proc_mac_read, proc_owner |
|
pstop |
System Management |
/usr/proc/bin/pstop |
file_dac_read, proc_mac_read, proc_owner |
|
ptime |
Process Management |
/usr/proc/bin/ptime |
file_dac_read, proc_mac_read, proc_owner |
|
ptime |
System Management |
/usr/proc/bin/ptime |
file_dac_read, proc_mac_read, proc_owner |
|
ptree |
Process Management |
/usr/proc/bin/ptree |
file_dac_read, proc_mac_read, proc_owner |
|
ptree |
System Management |
/usr/proc/bin/ptree |
file_dac_read, proc_mac_read, proc_owner |
|
pwait |
Process Management |
/usr/proc/bin/pwait |
file_dac_read, proc_mac_read, proc_owner |
|
pwait |
System Management |
/usr/proc/bin/pwait |
file_dac_read, proc_mac_read, proc_owner |
|
pwck |
User Management |
/usr/sbin/pwck | |
|
pwck |
User Security |
/usr/sbin/pwck | |
|
pwconv |
User Security |
/usr/sbin/pwconv |
すべての特権 |
|
pwd |
Basic Commands |
/usr/bin/pwd | |
|
pwdx |
Process Management |
/usr/proc/bin/pwdx |
file_dac_read, proc_mac_read, proc_owner |
|
pwdx |
System Management |
/usr/proc/bin/pwdx |
file_dac_read, proc_mac_read, proc_owner |
表 A-11 コマンド (Q-R) と関連する実行プロファイル
|
コマンド |
プロファイル |
パス |
セキュリティ属性 |
|---|---|---|---|
|
rcp |
Basic Commands |
/usr/bin/rcp | |
|
rdate |
cron |
/usr/bin/rdate |
sys_config |
|
rdist |
Basic Commands |
/usr/bin/rdist | |
|
rdist |
System Management |
/usr/bin/rdist | |
|
reboot |
Maintenance and Repair |
/usr/sbin/reboot |
euid = 0, file_mac_read, sys_audit, sys_boot |
| Rebootact | SSP Administration | /opt/SUNWssp/bin/Rebootact | すべての特権 |
| Recordstopact | SSP Administration |
/opt/SUNWssp/bin/ Recordstopact | すべての特権 |
| redx | SSP Administration | /opt/SUNWssp/bin/redx | すべての特権 |
| redx | SSP Administration |
/opt/SUNWssp/release/ Ultra-Enterprise-10000/ 5/5/1/bin/redx | すべての特権 |
|
reject |
Printer Security |
/usr/sbin/reject |
すべての特権 |
|
reject |
System Management |
/usr/sbin/reject |
sys_devices |
|
reject |
System Security |
/usr/sbin/reject |
sys_devices |
|
rem_drv |
Software Installation |
/usr/sbin/rem_drv |
euid = 0, egid = 3, max SL = ADMIN_LOW, file_dac_read, file_dac_write, file_mac_read, file_mac_write, sys_devices |
|
rem_drv |
System Security |
/usr/sbin/rem_drv |
sys_devices |
|
remove_allocatable |
Device Security |
/usr/sbin/remove_allocatable |
file_chown, file_dac_write, file_downgrade_sl, file_mac_read, file_mac_write, file_setdac |
|
renice |
Process Management |
/usr/bin/renice |
proc_mac_write, proc_owner |
|
renice |
System Management |
/usr/bin/renice |
proc_mac_write, proc_owner |
| resetMessaging | SSP Administration |
/opt/SUNWssp/bin/ resetMessaging | すべての特権 |
| resetMonEvents | SSP Administration |
/opt/SUNWssp/bin/ resetMonEvents | すべての特権 |
| ring_test | SSP Administration | /opt/SUNWssp/bin/ring_test | すべての特権 |
| ring_test_cb | SSP Administration | /opt/SUNWssp/bin/ring_test_cb | すべての特権 |
| ring_test_cp | SSP Administration | /opt/SUNWssp/bin/ring_test_cp | すべての特権 |
| ring_test_sb | SSP Administration | /opt/SUNWssp/bin/ring_test_sb | すべての特権 |
|
rlogin |
Basic Commands |
/usr/bin/rlogin | |
|
rm |
Audit Control |
/usr/bin/rm |
file_dac_write, file_mac_write |
|
rm |
Basic Commands |
/usr/bin/rm | |
|
rm |
cron |
/usr/bin/rm |
file_dac_read, file_dac_search, file_dac_write, file_mac_write |
|
rmdir |
Audit Control |
/usr/bin/rmdir |
file_dac_write |
|
rmdir |
Basic Commands |
/usr/bin/rmdir | |
|
rmdir |
File System Management |
/usr/bin/rmdir |
file_dac_write |
|
rootusr |
Network Security |
/etc/init.d/rootusr |
euid = 0, egid = 3 |
| route | Network Management | /usr/sbin/route | euid = 0, sys_net_config |
| rpc | Network Management | /etc/init.d/rpc | euid = 0, egid = 3 |
| rpcbind | boot | /usr/sbin/rpcbind | min SL = ADMIN_HIGH, すべての特権 |
| rpc.cmsd | inetd | /usr/dt/bin/rpc.cmsd |
29, file_chown, file_dac_read, file_dac_write, file_downgrade_sl, file_mac_read, file_mac_write, file_owner, file_setdac, file_setid, net_broadcast, net_downgrade_sl, net_privaddr, proc_mac_read, proc_mac_write, proc_owner, proc_setid |
|
rpc.getpeerinfo |
inetd |
/usr/sbin/rpc.getpeerinfo |
net_downgrade_sl, net_upgrade_sl, proc_audit_tcb |
|
rpc.nisd |
NIS+ Security Administration |
/usr/sbin/rpc.nisd |
euid = 0, egid = 0, net_mac_read, net_upgrade_sl, proc_setclr, proc_setsl |
|
rpc.rexd |
inetd |
/usr/sbin/rpc.rexd |
net_privaddr, proc_audit_tcb, proc_setid, sys_audit |
| rpc.ttdbserverd | inetd | /usr/dt/bin/rpc.ttdbserverd |
29, file_chown, file_dac_read, file_dac_search, file_dac_write, file_mac_read, file_mac_search, file_mac_write, file_owner, file_setdac, file_setid, net_broadcast, net_downgrade_sl, net_mac_read, net_privaddr, net_reply_equal, proc_mac_read, proc_mac_write, proc_owner |
| rsh | Basic Commands | /usr/ucb/rsh | |
| runpd | Object Privilege Management | /usr/sbin/runpd | |
|
rup |
Network Management |
/usr/bin/rup |
|
|
rup |
System Management |
/usr/bin/rup |
|
|
ruptime |
Network Management |
/usr/bin/ruptime |
|
表 A-12 コマンド (S) と関連する実行プロファイル
|
コマンド |
プロファイル |
パス |
セキュリティ属性 |
|---|---|---|---|
| S76smpdx | SSP Installation | /etc/rc3.d/S76smpdx | すべての特権 |
|
sadmind |
inetd |
/usr/sbin/sadmind |
すべての特権 |
|
savecore |
boot |
/usr/bin/savecore |
file_mac_read, file_mac_search, file_mac_write |
|
script |
Basic Commands |
/usr/bin/script | |
| scotty | SSP Administration | /opt/SUNWssp/bin/scotty | すべての特権 |
|
sdiff |
Basic Commands |
/usr/bin/sdiff | |
|
sed |
Audit Review |
/usr/bin/sed |
euid = 0, min SL = ADMIN_HIGH |
|
sed |
Basic Commands |
/usr/bin/sed |
|
|
sendmail |
Mail Management |
/etc/init.d/sendmail |
euid = 0, egid = 3 |
|
sendmail |
Mail Management |
/usr/lib/sendmail |
euid = 0, file_mac_read, file_mac_search, net_privaddr |
|
sendmail |
boot |
/usr/lib/sendmail |
euid = 0, file_mac_read, file_mac_search, net_privaddr |
|
serialmgr |
Custom Admin Role |
/opt/SUNWadm/bin/ serialmgr | |
|
serialmgr |
Custom root Role |
/opt/SUNWadm/bin/ serialmgr | |
|
serialmgr |
Device Security |
/opt/SUNWadm/2.3/bin/ serialmgr |
max SL = ADMIN_LOW, すべての特権 |
|
serialmgr |
System Security |
/opt/SUNWadm/2.3/bin/ serialmgr |
すべての特権 |
|
setaudit |
cron |
/usr/bin/setaudit |
file_dac_read, sys_audit |
|
setfacl |
Object Access Management |
/usr/bin/setfacl |
file_dac_read, file_dac_search, file_dac_write, file_mac_read, file_mac_search, file_setdac |
|
setfattrflag |
File System Management |
/usr/bin/setfattrflag |
file_dac_search, file_mac_search, file_mac_write, file_owner |
|
setfattrflag |
Object Access Management |
/usr/bin/setfattrflag |
file_audit, file_dac_search, file_mac_search, file_mac_write, file_owner |
|
setfattrflag |
Object Label Management |
/usr/bin/setfattrflag |
file_audit, file_dac_search, file_mac_search, file_mac_write, file_owner |
|
setfpriv |
Object Privilege Management |
/usr/bin/setfpriv |
file_dac_read, file_dac_search, file_dac_write, file_mac_read, file_mac_search, file_owner, file_setid, file_setpriv |
|
setfsattr |
File System Security |
/usr/sbin/setfsattr |
すべての特権 |
|
setfsattr |
System Security |
/usr/sbin/setfsattr |
file_dac_write, file_downgrade_sl, file_mac_search, file_setdac, file_setid, file_setpriv, file_upgrade_sl |
|
setlabel |
Object Label Management |
/usr/bin/setlabel |
file_dac_read, file_dac_search, file_dac_write, file_downgrade_sl, file_mac_read, file_mac_search, file_mac_write, file_owner, file_upgrade_sl |
|
setuname |
Network Management |
/usr/bin/setuname |
file_dac_read, file_dac_write, file_mac_read, file_mac_write |
|
sh |
Privileged Shells |
/usr/bin/sh |
すべての特権 |
|
share |
Audit Control |
/usr/sbin/share |
euid = 0, egid = 0, file_mac_read, file_mac_search, file_mac_write, sys_nfs |
|
share |
File System Management |
/usr/sbin/share |
euid = 0, egid = 0, file_mac_read, file_mac_search, file_mac_write, sys_nfs |
|
share |
System Management |
/usr/sbin/share |
euid = 0, sys_nfs |
|
share |
boot |
/usr/sbin/share |
euid = 0, egid = 0, file_mac_read, file_mac_search, file_mac_write, sys_nfs |
|
shareall |
Audit Control |
/usr/sbin/shareall |
euid = 0, egid = 0, file_mac_read, file_mac_search, file_mac_write, sys_nfs |
|
shareall |
File System Management |
/usr/sbin/shareall |
euid = 0, egid = 0, file_mac_read, file_mac_search, file_mac_write, sys_nfs |
|
shareall |
System Management |
/usr/sbin/shareall |
euid = 0, sys_nfs |
|
shareall |
boot |
/usr/sbin/shareall |
euid = 0, egid = 0, file_mac_read, file_mac_search, file_mac_write, sys_nfs |
|
showmount |
File System Management |
/usr/sbin/showmount | |
|
showmount |
System Management |
/usr/sbin/showmount | |
| sigbcmd | SSP Administration | /opt/SUNWssp/bin/sigbcmd | すべての特権 |
| sigbcmd | SSP Administration |
/opt/SUNWssp/release/ Ultra-Enterprise-10000/ 5/5/1/bin/sigbcmd | すべての特権 |
| sigbcmd | SSP Administration |
/opt/SUNWssp/release/ Ultra-Enterprise-10000/ 5/6/bin/drview | すべての特権 |
| sigbcmd | SSP Administration |
/opt/SUNWssp/release/ Ultra-Enterprise-10000/ 5/7/bin/drview | すべての特権 |
|
sleep |
Basic Commands |
/usr/bin/sleep | |
| snmpd | SSP Administration | /opt/SUNWssp/bin/snmpd | すべての特権 |
|
snoop |
Network Management |
/usr/sbin/snoop |
euid = 0, sys_net_config |
|
sort |
Basic Commands |
/usr/bin/sort | |
| sparc64-elf-nm | SSP Administration |
/opt/SUNWssp/bin/ sparc64-elf-nm | すべての特権 |
| sparc64-elf-nm | SSP Administration |
/opt/SUNWssp/release/ Ultra-Enterprise-10000/ 5/5/1/bin/sparc64-elf-nm | すべての特権 |
|
spell |
Basic Commands |
/usr/bin/spell |
|
|
spray |
Network Management |
/usr/sbin/spray |
|
| ssp | SSP Installation | /etc/init.d/ssp | すべての特権 |
| ssp_backup | SSP Installation |
/opt/SUNWssp/bin/ ssp_backup |
euid = 0, egid = 1, すべての特権 |
| ssp_config | SSP Installation | /opt/SUNWssp/bin/ssp_config |
euid = 0, egid = 1, すべての特権 |
| ssp_install | SSP Installation | /opt/SUNWssp/bin/ssp_install |
euid = 0, egid = 1, すべての特権 |
| ssp_post_os_upgrade | SSP Installation |
/opt/SUNWssp/bin/ ssp_post_os_upgrade |
euid = 0, egid = 1, すべての特権 |
| ssp_restore | SSP Installation | /opt/SUNWssp/bin/ssp_restore |
euid = 0, egid = 1, すべての特権 |
| ssp_startup.sh | SSP Administration |
/etc/opt/SUNWssp/ ssp_startup.sh | すべての特権 |
| ssp_startup.tcl | SSP Administration |
/etc/opt/SUNWssp/ ssp_startup.tcl | すべての特権 |
| ssp_terminate | SSP Installation |
/opt/SUNWssp/bin/ ssp_terminate |
euid = 0, egid = 1, すべての特権 |
| ssp_unconfig | SSP Installation |
/opt/SUNWssp/bin/ ssp_unconfig |
euid = 0, egid = 1, すべての特権 |
| ssp_upgrade | SSP Installation |
/opt/SUNWssp/bin/ ssp_upgrade |
euid = 0, egid = 1, すべての特権 |
| ssptk | SSP Administration | /opt/SUNWssp/bin/ssptk | すべての特権 |
|
standardmounts |
File System Management |
/etc/init.d/standardmounts |
euid = 0, egid = 3 |
|
statd |
boot |
/usr/lib/nfs/statd |
euid = 0, file_chown, net_mac_read, net_privaddr, net_upgrade_sl, proc_dumpcore, proc_setid, sys_trans_label |
| straps | SSP Administration | /opt/SUNWssp/bin/straps | すべての特権 |
|
strace |
Device Security |
/usr/sbin/strace |
|
|
stty |
Basic Commands |
/usr/bin/stty |
|
|
swap |
File System Management |
/usr/sbin/swap |
すべての特権 |
|
swap |
System Management |
/usr/sbin/swap |
sys_mount |
|
swmtool |
Software Installation |
/usr/sbin/swmtool |
euid = 0, egid = 2, file_chown, file_dac_read, file_dac_search, file_dac_write, file_mac_read, file_owner, file_setdac, file_setid, proc_owner, proc_setid, sys_devices, sys_minfree |
|
sync |
Basic Commands |
/usr/sbin/sync |
|
|
sysid.net |
Network Management |
/etc/init.d/sysid.net |
euid = 0, egid = 3 |
|
sysid.sys |
Network Management |
/etc/init.d/sysid.sys |
euid = 0, egid = 3 |
| sys_clock | SSP Administration | /opt/SUNWssp/bin/sys_clock | すべての特権 |
| sys_id | SSP Administration | /opt/SUNWssp/bin/sys_id | すべての特権 |
| sys_reset | SSP Administration | /opt/SUNWssp/bin/sys_reset | すべての特権 |
|
sysetup |
Maintenance and Repair |
/etc/init.d/sysetup |
euid = 0, egid = 3 |
| sysidssp | SSP Installation | /etc/init.d/sysidssp | すべての特権 |
|
syslog |
Maintenance and Repair |
/etc/init.d/syslog |
euid = 0, egid = 3 |
|
syslogd |
Maintenance and Repair |
/usr/sbin/syslogd |
|
|
syslogd |
boot |
/usr/sbin/syslogd |
file_dac_search, file_dac_write, file_mac_write, net_downgrade_sl, net_mac_read, net_privaddr, proc_setclr, proc_setsl, sys_trans_label |
| System Conf Change act | SSP Administration |
/opt/SUNWssp/bin/ SystemConfChangeact | すべての特権 |
表 A-13 コマンド (T) と関連する実行プロファイル
|
コマンド |
プロファイル |
パス |
セキュリティ属性 |
|---|---|---|---|
|
tail |
Audit Review |
/usr/bin/tail |
euid = 0, min SL = ADMIN_HIGH |
|
tail |
Basic Commands |
/usr/bin/tail |
|
|
tar |
Media Backup |
/usr/bin/tar |
file_audit, file_dac_read, file_dac_search, file_downgrade_sl, file_mac_read, file_mac_search, file_mac_write, file_upgrade_sl, sys_trans_label |
|
tar |
Media Restore |
/usr/bin/tar |
file_audit, file_chown, file_dac_read, file_dac_search, file_dac_write, file_downgrade_sl, file_mac_read, file_mac_search, file_mac_write, file_owner, file_setdac, file_setid, file_setpriv, file_upgrade_sl, sys_devices, sys_trans_label |
|
tbl |
Basic Commands |
/usr/bin/tbl |
|
| tclsh | SSP Administration | /opt/SUNWssp/bin/tclsh | すべての特権 |
| Temp911act | SSP Administration |
/opt/SUNWssp/bin/ Temp911act | すべての特権 |
| TempBadact | SSP Administration |
/opt/SUNWssp/bin/ TempBadact | すべての特権 |
| TempHighact | SSP Administration |
/opt/SUNWssp/bin/ TempHighact | すべての特権 |
| TempMaxact | SSP Administration |
/opt/SUNWssp/bin/ TempMaxact | すべての特権 |
| TempNormact | SSP Administration |
/opt/SUNWssp/bin/ TempNormact | すべての特権 |
| TempWarnact | SSP Administration |
/opt/SUNWssp/bin/ TempWarnact | すべての特権 |
|
test |
Basic Commands |
/usr/bin/test |
|
|
testfpriv |
Object Privilege Management |
/usr/bin/testfpriv |
file_dac_search, file_mac_read, file_mac_search |
| thermcal | SSP Administration | /opt/SUNWssp/bin/thermcal | すべての特権 |
| thermcal_config | SSP Administration |
/opt/SUNWssp/bin/ thermcal_config | すべての特権 |
|
tfind |
Basic Commands |
/usr/bin/tfind |
|
|
tfind |
cron |
/usr/bin/tfind |
file_dac_read, file_dac_search |
|
time |
Basic Commands |
/usr/bin/time |
|
|
tnchkdb |
Network Security |
/usr/sbin/tnchkdb |
|
|
tnchkdb |
System Security |
/usr/sbin/tnchkdb |
file_mac_read, sys_trans_label |
|
tnctl |
Network Security |
/usr/sbin/tnctl |
sys_net_config, sys_trans_label |
|
tnctl |
System Security |
/usr/sbin/tnctl |
sys_net_config, sys_trans_label |
|
tnd |
Network Security |
/usr/sbin/tnd |
net_downgrade_sl, net_mac_read, net_privaddr, proc_setclr, proc_setsl, sys_net_config |
|
tnd |
System Security |
/usr/sbin/tnd |
net_downgrade_sl, net_mac_read, net_privaddr, proc_setclr, proc_setsl, sys_net_config |
|
tnd |
boot |
/usr/sbin/tnd |
net_downgrade_sl, net_mac_read, net_privaddr, proc_setclr, proc_setsl, sys_net_config |
|
tninfo |
Network Security |
/usr/sbin/tninfo |
file_dac_read, file_mac_read, sys_net_config, sys_trans_label |
|
tninfo |
System Security |
/usr/sbin/tninfo |
file_dac_read, file_mac_read, sys_net_config, sys_trans_label |
|
tokmapctl |
Object Label Management |
/usr/sbin/tokmapctl |
net_mac_read, net_privaddr |
|
tokmapd |
Network Management |
/usr/sbin/tokmapd |
すべての特権 |
|
touch |
Basic Commands |
/usr/bin/touch | |
|
troff |
Basic Commands |
/usr/bin/troff | |
|
true |
Basic Commands |
/usr/bin/true | |
|
true |
Custom Admin Role |
/usr/bin/true | |
|
true |
Custom Oper Role |
/usr/bin/true | |
|
true |
Custom SSP Role |
/usr/bin/true | |
|
truss |
Process Management |
/usr/bin/truss | |
|
trusted_edit |
Custom root Role |
/usr/dt/bin/trusted_edit |
file_dac_read, file_dac_search, file_dac_write, proc_audit_tcb |
|
trusted_edit |
Custom Secadmin Role |
/usr/dt/bin/trusted_edit |
file_dac_read, file_dac_search, file_dac_write, proc_audit_tcb |
|
tsol_audit_badpromlogins |
Audit Control |
/etc/init.d/ tsol_audit_badpromlogins |
euid = 0, egid = 3 |
|
tsol_audit_badpromlogins |
cron |
/etc/init.d/ tsol_audit_badpromlogins |
euid = 0, egid = 3 |
|
tsol_dev_allocate |
Device Security |
/etc/init.d/tsol_dev_allocate |
euid = 0, egid = 3 |
|
tsol_dev_clean |
Device Security |
/etc/init.d/tsol_dev_clean |
euid = 0, egid = 3 |
|
tsol_dev_policy |
Device Security |
/etc/init.d/tsol_dev_policy |
euid = 0, egid = 3 |
|
tsol_label_services |
Object Label Management |
/etc/init.d/tsol_label_services |
euid = 0, egid = 3 |
|
tsol_priv_enable |
Object Privilege Management |
/etc/init.d/tsol_priv_enable |
euid = 0, egid = 3 |
|
tsol_sync_time |
Maintenance and Repair |
/etc/init.d/tsol_sync_time |
euid = 0, egid = 3 |
|
tsol_tcb_verify |
Network Management |
/etc/init.d/tsol_tcb_verify |
euid = 0, egid = 3 |
| tsolxagent |
required |
/usr/dt/bin/tsolxagent |
|
|
ttsession |
required |
/usr/dt/bin/ttsession |
|
|
tty |
Basic Commands |
/usr/bin/tty |
|
|
tunefs |
Audit Control |
/usr/sbin/tunefs |
euid = 0, egid = 3, すべての特権 |
|
tunefs |
File System Management |
/usr/sbin/tunefs |
euid = 0, すべての特権 |
表 A-14 コマンド (U-Z) と関連する実行プロファイル
- © 2010, Oracle Corporation and/or its affiliates