| | | |
A |
|
| -A option, auditreduce command ( ) |
|
| absolute mode |
| | changing file permissions ( ) ( ) |
| | changing special file permissions ( ) |
| | description ( ) |
| | setting special permissions ( ) |
|
| access |
| | control lists |
| | | See ACL | |
| | getting to server |
| | | with Kerberos ( ) |
| | granting to your account ( ) ( ) |
| | login authentication with Solaris Secure Shell ( ) |
| | obtaining for a specific service ( ) |
| | restricting for |
| | | devices ( ) ( ) |
| | | system hardware ( ) |
| | restricting for KDC servers ( ) |
| | root access |
| | | displaying attempts on console ( ) |
| | | monitoring su command attempts ( ) ( ) |
| | | preventing login (RBAC) ( ) |
| | | restricting ( ) ( ) |
| | Secure RPC authentication ( ) |
| | security |
| | | ACLs ( ) ( ) |
| | | controlling system usage ( ) |
| | | devices ( ) |
| | | file access restriction ( ) |
| | | firewall setup ( ) ( ) |
| | | login access restrictions ( ) ( ) |
| | | login authentication ( ) |
| | | login control ( ) |
| | | monitoring system usage ( ) ( ) |
| | | network control ( ) |
| | | NFS client-server ( ) |
| | | PATH variable setting ( ) |
| | | peripheral devices ( ) |
| | | physical security ( ) |
| | | remote systems ( ) |
| | | reporting problems ( ) |
| | | root login tracking ( ) |
| | | saving failed logins ( ) |
| | | setuid programs ( ) |
| | | system hardware ( ) |
| | sharing files ( ) |
| | system logins ( ) |
|
| access control list |
| | See ACL | |
|
| Access Control Lists (ACLs), See ACL |
|
| ACL |
| | changing entries ( ) |
| | checking entries ( ) ( ) |
| | commands ( ) |
| | copying ACL entries ( ) |
| | default entries for directories ( ) ( ) |
| | deleting entries ( ) ( ) |
| | description ( ) ( ) |
| | directory entries ( ) ( ) |
| | displaying entries ( ) ( ) |
| | format of entries ( ) |
| | kadm5.acl file ( ) ( ) ( ) |
| | modifying entries ( ) |
| | restrictions on copying entries ( ) |
| | setting entries ( ) |
| | setting on a file ( ) |
| | task map ( ) |
| | user procedures ( ) |
| | valid file entries ( ) |
|
| acl audit token, format ( ) |
|
| add_drv command, description ( ) |
|
| adding |
| | ACL entries ( ) |
| | administration principals (Kerberos) ( ) ( ) |
| | allocatable device ( ) |
| | attributes to a rights profile ( ) |
| | audit classes ( ) ( ) |
| | audit directories ( ) |
| | auditing of roles ( ) |
| | auditing of zones ( ) |
| | cryptomgt role ( ) |
| | custom roles (RBAC) ( ) |
| | customized role ( ) |
| | DH authentication to mounted file systems ( ) |
| | dial-up passwords ( ) |
| | hardware provider mechanisms and features ( ) |
| | keys for DH authentication ( ) |
| | library plugin ( ) |
| | local user ( ) |
| | new rights profile ( ) |
| | Operator role ( ) |
| | PAM modules ( ) |
| | password encryption module ( ) |
| | plugins to cryptographic framework ( ) |
| | plugins to KMF ( ) |
| | privileges directly to user or role ( ) |
| | privileges to command ( ) |
| | RBAC properties to legacy applications ( ) |
| | rights profiles with Solaris Management Console ( ) |
| | roles |
| | | for particular profiles ( ) |
| | | from command line ( ) |
| | | to a user ( ) |
| | | with limited scope ( ) |
| | security attributes to legacy applications ( ) |
| | security-related role ( ) |
| | security-related roles ( ) |
| | security to devices ( ) ( ) |
| | security to system hardware ( ) |
| | service principal to keytab file (Kerberos) ( ) |
| | software provider ( ) |
| | System Administrator role ( ) |
| | temporary audit policy ( ) |
| | user-level software provider ( ) |
|
| admin_server section |
| | krb5.conf file ( ) ( ) |
|
| administering |
| | ACLs ( ) |
| | auditing |
| | | audit classes ( ) ( ) ( ) |
| | | audit events ( ) |
| | | audit files ( ) |
| | | audit records ( ) |
| | | audit trail overflow prevention ( ) |
| | | auditreduce command ( ) |
| | | cost control ( ) |
| | | description ( ) |
| | | efficiency ( ) |
| | | process preselection mask ( ) |
| | | reducing storage-space requirements ( ) |
| | | task map ( ) |
| | | in zones ( ) ( ) |
| | auditing in zones ( ) |
| | cryptographic framework ( ) |
| | cryptographic framework and zones ( ) |
| | cryptographic framework task map ( ) |
| | device allocation ( ) |
| | device policy ( ) |
| | dial-up logins ( ) |
| | file permissions ( ) ( ) |
| | Kerberos |
| | | keytabs ( ) |
| | | policies ( ) |
| | | principals ( ) |
| | metaslot ( ) |
| | NFS client-server file security ( ) |
| | password algorithms ( ) |
| | privileges ( ) |
| | properties of a role ( ) |
| | RBAC properties ( ) |
| | remote logins with Solaris Secure Shell ( ) |
| | rights profiles ( ) |
| | role password ( ) |
| | roles ( ) |
| | roles to replace superuser ( ) |
| | Secure RPC task map ( ) |
| | Solaris Secure Shell |
| | | clients ( ) |
| | | overview ( ) |
| | | servers ( ) |
| | | task map ( ) |
| | without privileges ( ) |
|
| administrative (old) audit class ( ) |
|
| administrative audit class ( ) |
|
| AES kernel provider ( ) |
|
| aes128-cbc encryption algorithm, ssh_config file ( ) |
|
| aes128-ctr encryption algorithm, ssh_config file ( ) |
|
| agent daemon, Solaris Secure Shell ( ) |
|
| ahlt audit policy |
| | description ( ) |
| | setting ( ) |
|
| algorithms |
| | definition in cryptographic framework ( ) |
| | listing in the cryptographic framework ( ) |
| | password |
| | | configuration ( ) |
| | password encryption ( ) |
|
| all, in user audit fields ( ) |
|
| All (RBAC), rights profile ( ) |
|
| all audit class |
| | caution for using ( ) |
| | description ( ) |
|
| allhard string, audit_warn script ( ) |
|
| allocate command |
| | allocate error state ( ) |
| | authorizations for ( ) |
| | authorizations required ( ) |
| | description ( ) |
| | tape drive ( ) |
| | user authorization ( ) |
| | using ( ) |
|
| allocate error state ( ) |
|
| allocating devices |
| | by users ( ) |
| | forcibly ( ) |
| | task map ( ) |
| | troubleshooting ( ) |
|
| AllowGroups keyword, sshd_config file ( ) |
|
| AllowTcpForwarding keyword |
| | changing ( ) |
| | sshd_config file ( ) |
|
| AllowUsers keyword, sshd_config file ( ) |
|
| allsoft string, audit_warn script ( ) |
|
| ALTSHELL in Solaris Secure Shell ( ) |
|
| always-audit classes |
| | audit_user database ( ) |
| | process preselection mask ( ) |
|
| analysis, praudit command ( ) |
|
| antivirus software, See virus scanning |
|
| appending arrow (>>), preventing appending ( ) |
|
| application audit class ( ) |
|
| application server, configuring ( ) |
|
| arcfour encryption algorithm, ssh_config file ( ) |
|
| ARCFOUR kernel provider ( ) |
|
| Archive tape drive device-clean script ( ) |
|
| archiving, audit files ( ) |
|
| arg audit token, format ( ) |
|
| arge audit policy |
| | and exec_env token ( ) |
| | description ( ) |
|
| arge policy, setting ( ) |
|
| argv audit policy |
| | and exec_args token ( ) |
| | description ( ) |
|
| argv policy, setting ( ) |
|
| assigning |
| | privileges to commands in a rights profile ( ) |
| | privileges to commands in a script ( ) |
| | privileges to user or role ( ) |
| | role to a user ( ) ( ) |
| | role to a user locally ( ) |
|
| assuming role |
| | how to ( ) |
| | in a terminal window ( ) |
| | in Solaris Management Console ( ) |
| | Primary Administrator ( ) |
| | root ( ) |
| | System Administrator ( ) |
|
| asterisk (*) |
| | checking for in RBAC authorizations ( ) |
| | device_allocate file ( ) ( ) |
| | wildcard character |
| | | in RBAC authorizations ( ) ( ) |
|
| at command, authorizations required ( ) |
|
| at sign (@), device_allocate file ( ) |
|
| atq command, authorizations required ( ) |
|
| attribute audit token ( ) |
|
| attributes, keyword in BART ( ) |
|
| audio devices, security ( ) |
|
| audit administration audit class ( ) |
|
| audit characteristics |
| | audit ID ( ) |
| | process preselection mask ( ) |
| | processes ( ) |
| | session ID ( ) |
| | terminal ID ( ) |
| | user process preselection mask ( ) |
|
| audit_class file |
| | adding a class ( ) |
| | description ( ) |
| | troubleshooting ( ) |
|
| audit class preselection, effect on public objects ( ) |
|
| audit classes |
| | adding ( ) |
| | definitions ( ) |
| | description ( ) ( ) |
| | entries in audit_control file ( ) |
| | exceptions in audit_user database ( ) |
| | exceptions to system-wide settings ( ) |
| | mapping events ( ) |
| | modifying default ( ) |
| | overview ( ) |
| | prefixes ( ) |
| | preselecting ( ) |
| | preselection ( ) |
| | process preselection mask ( ) |
| | setting system-wide ( ) |
| | syntax ( ) ( ) |
| | system-wide ( ) |
|
| audit command |
| | description ( ) |
| | preselection mask for existing processes (-s option) ( ) |
| | rereading audit files (-s option) ( ) |
| | resetting directory pointer (-n option) ( ) |
| | updating audit service ( ) |
| | verifying syntax of audit_control file (-v option) ( ) |
|
| audit configuration file, See audit_control file |
|
| audit_control file |
| | audit daemon rereading after editing ( ) |
| | changing kernel mask for nonattributable events ( ) |
| | configuring ( ) |
| | description ( ) |
| | entries ( ) |
| | entries and zones ( ) |
| | examples ( ) |
| | exceptions to flags in audit_user database ( ) |
| | flags line |
| | | process preselection mask ( ) |
| | minfree warning ( ) |
| | plugin line ( ) |
| | prefixes in flags line ( ) |
| | syntax problem ( ) |
| | system-wide audit ( ) |
| | verifying classes ( ) |
| | verifying syntax ( ) |
|
| Audit Control rights profile ( ) |
|
| audit daemon, See auditd daemon |
|
| audit directory |
| | description ( ) |
| | partitioning for ( ) |
| | sample structure ( ) |
|
| audit_event file |
| | changing class membership ( ) |
| | description ( ) |
| | removing events safely ( ) |
|
| audit event-to-class mappings, auditd daemon's role ( ) |
|
| audit events |
| | audit_event file ( ) |
| | changing class membership ( ) |
| | description ( ) |
| | mapping to classes ( ) |
| | selecting from audit trail ( ) |
| | selecting from audit trail in zones ( ) |
| | summary ( ) |
| | viewing from binary files ( ) |
|
| audit files |
| | auditreduce command ( ) |
| | combining ( ) ( ) |
| | configuring ( ) |
| | copying messages to single file ( ) |
| | limiting size of ( ) |
| | managing ( ) |
| | minimum free space for file systems ( ) |
| | names ( ) ( ) |
| | order for opening ( ) |
| | partitioning disk for ( ) |
| | printing ( ) |
| | reducing ( ) ( ) |
| | reducing storage-space requirements ( ) ( ) |
| | switching to new file ( ) |
| | time stamps ( ) ( ) |
|
| audit ID |
| | mechanism ( ) |
| | overview ( ) |
|
| audit logs |
| | See also audit files | |
| | comparing binary and textual ( ) |
| | configuring textual audit logs ( ) |
| | in text ( ) |
| | modes ( ) |
|
| audit messages, copying to single file ( ) |
|
| audit.notice entry, syslog.conf file ( ) |
|
| audit plugins, summary ( ) |
|
| audit policy |
| | audit tokens from ( ) |
| | auditd daemon's role ( ) |
| | defaults ( ) |
| | description ( ) |
| | effects of ( ) |
| | public ( ) |
| | setting ( ) |
| | setting ahlt ( ) |
| | setting arge ( ) |
| | setting argv ( ) |
| | setting in global zone ( ) ( ) ( ) |
| | setting perzone ( ) |
| | that does not affect tokens ( ) |
| | tokens added by ( ) |
|
| audit preselection mask |
| | modifying for existing users ( ) |
| | modifying for individual users ( ) |
|
| audit queue control parameters, auditd daemon's role ( ) |
|
| audit records |
| | audit directories full ( ) ( ) |
| | converting to readable format ( ) ( ) ( ) |
| | description ( ) |
| | displaying ( ) |
| | displaying formats of |
| | | procedure ( ) |
| | | summary ( ) |
| | displaying formats of a program ( ) |
| | displaying formats of an audit class ( ) |
| | displaying in XML format ( ) |
| | events that generate ( ) |
| | format ( ) |
| | formatting example ( ) |
| | merging ( ) |
| | overview ( ) |
| | reducing audit files ( ) |
| | sequence of tokens ( ) |
| | syslog.conf file ( ) |
| | /var/adm/auditlog file ( ) |
|
| Audit Review rights profile ( ) |
|
| audit session ID ( ) |
|
| audit threshold ( ) |
|
| audit tokens |
| | See also individual audit token names | |
| | added by audit policy ( ) |
| | audit record format ( ) |
| | description ( ) ( ) |
| | format ( ) |
| | list of ( ) |
|
| audit trail |
| | analysis costs ( ) |
| | analysis with praudit command ( ) |
| | cleaning up not terminated files ( ) |
| | creating |
| | | auditd daemon's role ( ) |
| | description ( ) |
| | effect of audit policy on ( ) |
| | events included ( ) |
| | merging all files ( ) |
| | monitoring in real time ( ) |
| | no public objects ( ) |
| | overview ( ) |
| | preventing overflow ( ) |
| | selecting events from ( ) |
| | viewing events from ( ) |
| | viewing events from different zones ( ) |
|
| audit_user database |
| | exception to system-wide audit classes ( ) |
| | prefixes for classes ( ) |
| | process preselection mask ( ) |
| | specifying user exceptions ( ) |
| | user audit fields ( ) |
|
| audit_user file, verifying classes ( ) |
|
| audit_warn script |
| | auditd daemon execution of ( ) |
| | conditions invoking ( ) |
| | configuring ( ) |
| | description ( ) |
| | strings ( ) |
|
| auditconfig command |
| | audit classes as arguments ( ) ( ) |
| | description ( ) |
| | prefixes for classes ( ) |
|
| auditconfig command, setting audit policy ( ) |
|
| auditconfig command |
| | setting audit policy temporarily ( ) |
|
| auditd daemon |
| | audit trail creation ( ) ( ) |
| | audit_warn script |
| | | description ( ) ( ) |
| | | execution of ( ) |
| | configuration functions ( ) |
| | functions ( ) |
| | order audit files are opened ( ) ( ) |
| | plugins loaded by ( ) |
| | rereading information for the kernel ( ) |
| | rereading the audit_control file ( ) ( ) |
|
| auditd service |
| | configuring policy ( ) |
| | configuring queue parameters ( ) |
|
| auditd service, enable on the command line ( ) |
|
| auditd service |
| | for auditing ( ) |
|
| auditing |
| | all commands by users ( ) |
| | changes in device policy ( ) |
| | configuring identically for all zones ( ) |
| | configuring in global zone ( ) ( ) |
| | configuring per-zone ( ) |
| | configuring queue parameters ( ) |
| | device allocation ( ) |
| | disabling ( ) |
| | enabling ( ) |
| | finding changes to specific files ( ) |
| | logins ( ) |
| | planning ( ) |
| | planning in zones ( ) ( ) |
| | preselection definition ( ) |
| | privileges and ( ) |
| | rights profiles for ( ) |
| | roles ( ) |
| | setting -setqctrl options ( ) |
| | setting queue parameters ( ) |
| | sftp file transfers ( ) |
| | troubleshooting ( ) |
| | troubleshooting praudit command ( ) |
| | updating information ( ) |
| | zones and ( ) ( ) |
|
| auditlog file, text audit records ( ) |
|
| auditrecord command |
| | [] (square brackets) in output ( ) |
| | description ( ) |
| | displaying audit record formats ( ) |
| | example ( ) |
| | listing all formats ( ) |
| | listing formats of class ( ) |
| | listing formats of program ( ) |
| | optional tokens ([]) ( ) |
|
| auditreduce command ( ) |
| | -c option ( ) |
| | -O option ( ) |
| | cleaning up audit files ( ) |
| | description ( ) |
| | examples ( ) |
| | filtering options ( ) |
| | merging audit records ( ) |
| | options ( ) |
| | selecting audit records ( ) |
| | timestamp use ( ) |
| | trailer tokens, and ( ) |
| | using lowercase options ( ) |
| | using uppercase options ( ) |
| | without options ( ) |
|
| auth_attr database |
| | description ( ) |
| | summary ( ) |
|
| AUTH_DES authentication, See AUTH_DH authentication |
|
| AUTH_DH authentication, and NFS ( ) |
|
| authentication |
| | AUTH_DH client-server session ( ) |
| | configuring cross-realm ( ) |
| | description ( ) |
| | DH authentication ( ) |
| | disabling with -X option ( ) |
| | Kerberos and ( ) |
| | name services ( ) |
| | network security ( ) |
| | NFS-mounted files ( ) ( ) |
| | overview of Kerberos ( ) |
| | Secure RPC ( ) |
| | Solaris Secure Shell |
| | | methods ( ) |
| | | process ( ) |
| | terminology ( ) |
| | types ( ) |
| | use with NFS ( ) |
|
| authentication methods |
| | GSS-API credentials in Solaris Secure Shell ( ) |
| | host-based in Solaris Secure Shell ( ) ( ) |
| | keyboard-interactive in Solaris Secure Shell ( ) |
| | password in Solaris Secure Shell ( ) |
| | public keys in Solaris Secure Shell ( ) |
| | Solaris Secure Shell ( ) |
|
| authenticator |
| | in Kerberos ( ) ( ) |
|
| authlog file, saving failed login attempts ( ) |
|
| authorizations |
| | Kerberos and ( ) |
| | types ( ) |
|
| authorizations (RBAC) |
| | checking for wildcards ( ) |
| | checking in privileged application ( ) |
| | commands that require authorizations ( ) |
| | database ( ) ( ) |
| | definition ( ) |
| | delegating ( ) |
| | description ( ) ( ) |
| | for allocating device ( ) |
| | for device allocation ( ) |
| | granularity ( ) |
| | naming convention ( ) |
| | not requiring for device allocation ( ) |
| | solaris.device.allocate ( ) ( ) |
| | solaris.device.revoke ( ) |
|
| authorized_keys file, description ( ) |
|
| AuthorizedKeysFile keyword, sshd_config file ( ) |
|
| auths command, description ( ) |
|
| AUTHS_GRANTED keyword, policy.conf file ( ) |
|
| auto_transition option, SASL and ( ) |
|
| automatic login |
| | disabling ( ) |
| | enabling ( ) |
|
| automatically configuring |
| | Kerberos |
| | | master KDC server ( ) |
| | | slave KDC server ( ) |
|
| automating principal creation ( ) |
|
| auxprop_login option, SASL and ( ) |