| | | |
P |
|
| p_minfree attribute, audit_warn condition ( ) |
|
| packages, Solaris Secure Shell ( ) |
|
| packet transfers |
| | firewall security ( ) |
| | packet smashing ( ) |
|
| PAM |
| | adding a module ( ) |
| | configuration file |
| | | control flags ( ) |
| | | introduction ( ) |
| | | stacking diagrams ( ) |
| | | stacking example ( ) |
| | | stacking explained ( ) |
| | | syntax ( ) |
| | /etc/syslog.conf file ( ) |
| | framework ( ) |
| | Kerberos and ( ) ( ) |
| | overview ( ) |
| | planning ( ) |
| | task map ( ) |
|
| pam.conf file |
| | See PAM configuration file | |
| | Kerberos and ( ) |
|
| pam_roles command, description ( ) |
|
| PAMAuthenticationViaKBDInt keyword, sshd_config file ( ) |
|
| panels, table of SEAM Administration Tool ( ) |
|
| passphrases |
| | changing for Solaris Secure Shell ( ) |
| | encrypt command ( ) |
| | example ( ) |
| | generating in KMF ( ) |
| | mac command ( ) |
| | storing safely ( ) |
| | using for MAC ( ) |
| | using in Solaris Secure Shell ( ) ( ) |
|
| PASSREQ in Solaris Secure Shell ( ) |
|
| passwd command |
| | and kpasswd command ( ) |
| | and name services ( ) |
| | changing password of role ( ) |
|
| passwd file |
| | and /etc/d_passwd file ( ) |
| | ASET checks ( ) |
|
| password authentication, Solaris Secure Shell ( ) |
|
| PasswordAuthentication keyword, Solaris Secure Shell ( ) |
|
| passwords |
| | authentication in Solaris Secure Shell ( ) |
| | changing role password ( ) |
| | changing with kpasswd command ( ) |
| | changing with passwd -r command ( ) |
| | changing with passwd command ( ) |
| | creating for dial-up ( ) |
| | dial-up passwords |
| | | disabling temporarily ( ) |
| | | /etc/d_passwd file ( ) |
| | disabling dial-up temporarily ( ) |
| | displaying users with no passwords ( ) |
| | eliminating in Solaris Secure Shell ( ) |
| | eliminating in Solaris Secure Shell in CDE ( ) |
| | encryption algorithms ( ) |
| | finding users with no passwords ( ) |
| | granting access without revealing ( ) |
| | hardware access and ( ) |
| | installing third-party encryption module ( ) |
| | LDAP ( ) |
| | | specifying new password algorithm ( ) |
| | local ( ) |
| | login security ( ) ( ) ( ) |
| | managing ( ) |
| | modifying a principal's password ( ) |
| | NIS ( ) |
| | | specifying new password algorithm ( ) |
| | NIS+ ( ) |
| | | specifying new password algorithm ( ) |
| | policies and ( ) |
| | PROM security mode ( ) ( ) |
| | protecting |
| | | keystore ( ) |
| | | PKCS #12 file ( ) |
| | requiring for hardware access ( ) |
| | secret-key decryption for Secure RPC ( ) |
| | specifying algorithm ( ) |
| | | in name services ( ) |
| | | locally ( ) |
| | suggestions on choosing ( ) |
| | system logins ( ) ( ) |
| | task map ( ) |
| | UNIX and Kerberos ( ) |
| | using Blowfish encryption algorithm for ( ) |
| | using MD5 encryption algorithm for ( ) |
| | using new algorithm ( ) |
|
| path_attr audit token ( ) ( ) |
|
| path audit policy, description ( ) |
|
| path audit token, format ( ) |
|
| PATH environment variable |
| | and security ( ) |
| | setting ( ) |
|
| PATH in Solaris Secure Shell ( ) |
|
| PERIODIC_SCHEDULE variable (ASET) ( ) ( ) |
|
| permissions |
| | ACLs and ( ) |
| | ASET handling of ( ) ( ) |
| | changing file permissions |
| | | absolute mode ( ) ( ) |
| | | chmod command ( ) |
| | | symbolic mode ( ) ( ) ( ) ( ) |
| | defaults ( ) |
| | directory permissions ( ) |
| | file permissions |
| | | absolute mode ( ) ( ) |
| | | changing ( ) ( ) |
| | | description ( ) |
| | | special permissions ( ) ( ) |
| | | symbolic mode ( ) ( ) ( ) ( ) |
| | finding files with setuid permissions ( ) |
| | setgid permissions |
| | | absolute mode ( ) ( ) |
| | | description ( ) |
| | | symbolic mode ( ) |
| | setuid permissions |
| | | absolute mode ( ) ( ) |
| | | description ( ) |
| | | security risks ( ) |
| | | symbolic mode ( ) |
| | special file permissions ( ) ( ) ( ) |
| | sticky bit ( ) |
| | tune files (ASET) ( ) ( ) ( ) |
| | UFS ACLs and ( ) |
| | umask value ( ) |
| | user classes and ( ) |
|
| PermitEmptyPasswords keyword, sshd_config file ( ) |
|
| PermitRootLogin keyword, sshd_config file ( ) |
|
| permitted privilege set ( ) |
|
| PermitUserEnvironment keyword, sshd_config file ( ) |
|
| perzone audit policy |
| | description ( ) |
| | setting ( ) |
| | using ( ) ( ) ( ) |
| | when to use ( ) |
|
| pfcsh command, description ( ) |
|
| pfexec command, description ( ) |
|
| pfksh command, description ( ) |
|
| pfsh command, description ( ) |
|
| physical security, description ( ) |
|
| PKCS #11 library |
| | adding provider library ( ) |
| | in Solaris Cryptographic Framework ( ) |
|
| PKCS #11 softtokens, managing keystore ( ) |
|
| PKCS #12 files, protecting ( ) |
|
| pkcs11_kernel.so user-level provider ( ) |
|
| pkcs11_softtoken.so user-level provider ( ) |
|
| pkgadd command |
| | installing third-party providers ( ) |
| | installing third-party software ( ) |
|
| PKI |
| | managed by KMF ( ) |
| | policy managed by KMF ( ) |
|
| pktool command |
| | creating self-signed certificate ( ) |
| | export subcommand ( ) |
| | gencert subcommand ( ) |
| | generating secret keys ( ) |
| | import subcommand ( ) |
| | list subcommand ( ) |
| | managing PKI objects ( ) |
| | setpin subcommand ( ) |
|
| plain.so.1 plug-in, SASL and ( ) |
|
| planning |
| | auditing ( ) |
| | auditing in zones ( ) |
| | auditing task map ( ) |
| | Kerberos |
| | | client and service principal names ( ) |
| | | clock synchronization ( ) |
| | | configuration decisions ( ) |
| | | database propagation ( ) |
| | | number of realms ( ) |
| | | ports ( ) |
| | | realm hierarchy ( ) |
| | | realm names ( ) |
| | | realms ( ) |
| | | slave KDCs ( ) |
| | PAM ( ) |
| | RBAC ( ) |
|
| pluggable authentication module, See PAM |
|
| plugin line |
| | audit_control file ( ) |
| | p_* attributes ( ) |
| | qsize attribute ( ) |
|
| plugin_list option, SASL and ( ) |
|
| plugins |
| | in audit service ( ) |
| | in cryptographic framework ( ) |
| | loaded by auditd daemon ( ) |
| | SASL and ( ) |
|
| plus sign (+) |
| | ACL entry ( ) |
| | audit class prefix ( ) |
| | entry in sulog file ( ) |
| | file permissions symbol ( ) |
|
| policies |
| | administering ( ) ( ) |
| | creating (Kerberos) ( ) |
| | creating new (Kerberos) ( ) |
| | deleting ( ) |
| | for auditing ( ) |
| | modifying ( ) |
| | on devices ( ) |
| | overview ( ) |
| | passwords and ( ) |
| | SEAM Administration Tool panels for ( ) |
| | specifying password algorithm ( ) |
| | task map for administering ( ) |
| | viewing attributes ( ) |
| | viewing list of ( ) |
|
| policy |
| | definition in cryptographic framework ( ) |
| | definition in Solaris OS ( ) |
|
| policy.conf file |
| | adding password encryption module ( ) |
| | Basic Solaris User rights profile ( ) |
| | description ( ) ( ) |
| | keywords |
| | | for password algorithms ( ) |
| | | for privileges ( ) ( ) |
| | | for RBAC authorizations ( ) |
| | | for rights profiles ( ) |
| | specifying encryption algorithms in ( ) |
| | specifying password algorithm |
| | | in name services ( ) |
| | specifying password algorithms ( ) |
|
| port forwarding |
| | configuring in Solaris Secure Shell ( ) |
| | Solaris Secure Shell ( ) ( ) |
|
| Port keyword, Solaris Secure Shell ( ) |
|
| ports, for Kerberos KDC ( ) |
|
| postdated ticket |
| | definition ( ) |
| | description ( ) |
|
| postsigterm string, audit_warn script ( ) |
|
| pound sign (#) |
| | device_allocate file ( ) |
| | device_maps file ( ) |
|
| ppriv command |
| | for debugging ( ) |
| | listing privileges ( ) |
|
| praudit command |
| | converting audit records to readable format ( ) ( ) |
| | DTD for -x option ( ) |
| | options ( ) |
| | output formats ( ) |
| | piping auditreduce output to ( ) |
| | use in a script ( ) |
| | viewing audit records ( ) |
| | with no options ( ) |
| | XML format ( ) |
|
| PreferredAuthentications keyword, ssh_config file ( ) |
|
| prefixes for audit classes ( ) |
|
| preselecting, audit classes ( ) |
|
| preselection in auditing ( ) |
|
| preselection mask (auditing) |
| | description ( ) |
| | reducing storage costs ( ) |
| | system-wide ( ) |
|
| preventing |
| | access to system hardware ( ) |
| | audit trail overflow ( ) |
| | executables from compromising security ( ) |
| | kernel software provider use ( ) |
| | use of hardware mechanism ( ) |
|
| primary, in principal names ( ) |
|
| Primary Administrator (RBAC) |
| | assuming role ( ) |
| | recommended role ( ) |
| | rights profile contents ( ) |
|
| primary audit directory ( ) |
|
| principal |
| | adding administration ( ) ( ) |
| | adding service principal to keytab ( ) ( ) |
| | administering ( ) ( ) |
| | automating creation of ( ) |
| | creating ( ) |
| | creating clntconfig ( ) ( ) |
| | creating host ( ) ( ) |
| | deleting ( ) |
| | duplicating ( ) |
| | Kerberos ( ) |
| | modifying ( ) |
| | principal name ( ) |
| | removing from keytab file ( ) |
| | removing service principal from keytab ( ) |
| | SEAM Administration Tool panels for ( ) |
| | service principal ( ) |
| | setting up defaults ( ) |
| | task map for administering ( ) |
| | user ID comparison ( ) |
| | user principal ( ) |
| | viewing attributes ( ) |
| | viewing list of ( ) |
| | viewing sublist of principals ( ) |
|
| principal file, description ( ) |
|
| principal.kadm5 file, description ( ) |
|
| principal.kadm5.lock file, description ( ) |
|
| principal.ok file, description ( ) |
|
| principal.ulog file, description ( ) |
|
| principle of least privilege ( ) |
|
| print format field, arbitrary token ( ) |
|
| Printer Management rights profile ( ) |
|
| printing, audit log ( ) |
|
| PrintMotd keyword, sshd_config file ( ) |
|
| priv.debug entry, syslog.conf file ( ) |
|
| PRIV_DEFAULT keyword |
| | policy.conf file ( ) ( ) |
|
| PRIV_LIMIT keyword |
| | policy.conf file ( ) ( ) |
|
| PRIV_PROC_LOCK_MEMORY privilege ( ) ( ) |
|
| privacy |
| | availability ( ) |
| | Kerberos and ( ) |
| | security service ( ) |
|
| private keys |
| | See also secret keys | |
| | definition in Kerberos ( ) |
| | Solaris Secure Shell identity files ( ) |
|
| private protection level ( ) |
|
| privilege audit token ( ) ( ) |
|
| privilege checking, in applications ( ) |
|
| privilege sets |
| | adding privileges to ( ) |
| | basic ( ) |
| | effective ( ) |
| | inheritable ( ) |
| | limit ( ) |
| | listing ( ) |
| | permitted ( ) |
| | removing privileges from ( ) |
|
| privileged application |
| | authorization checking ( ) |
| | description ( ) |
| | ID checking ( ) |
| | privilege checking ( ) |
|
| privileged ports, alternative to Secure RPC ( ) |
|
| privileges |
| | adding to command ( ) |
| | administering ( ) |
| | assigning to a command ( ) |
| | assigning to a script ( ) |
| | assigning to a user ( ) |
| | assigning to user or role ( ) |
| | auditing and ( ) |
| | categories ( ) |
| | commands ( ) |
| | compared to superuser model ( ) |
| | debugging ( ) ( ) |
| | description ( ) ( ) ( ) |
| | determining directly assigned ones ( ) |
| | devices and ( ) |
| | differences from superuser model ( ) |
| | effects on SEAM Administration Tool ( ) |
| | escalation ( ) |
| | executing commands with privilege ( ) |
| | files ( ) |
| | finding missing ( ) |
| | how to use ( ) |
| | implemented in sets ( ) |
| | inherited by processes ( ) |
| | limiting use by user or role ( ) |
| | listing on a process ( ) |
| | PRIV_PROC_LOCK_MEMORY ( ) ( ) |
| | processes with assigned privileges ( ) |
| | programs aware of privileges ( ) |
| | protecting kernel processes ( ) |
| | removing from a user ( ) |
| | removing from basic set ( ) |
| | removing from limit set ( ) |
| | task map ( ) |
| | troubleshooting requirements for ( ) |
| | using in shell script ( ) |
|
| privileges file, description ( ) |
|
| PROC privileges ( ) |
|
| process audit characteristics |
| | audit ID ( ) |
| | audit session ID ( ) |
| | process preselection mask ( ) |
| | terminal ID ( ) |
|
| process audit class ( ) |
|
| process audit token, format ( ) |
|
| process modify audit class ( ) |
|
| process preselection mask, description ( ) |
|
| process privileges ( ) |
|
| process rights management, See privileges |
|
| process start audit class ( ) |
|
| processing time costs, of audit service ( ) |
|
| prof_attr database |
| | description ( ) |
| | summary ( ) |
|
| .profile file, path variable entry ( ) |
|
| profile shells, description ( ) |
|
| profiles, See rights profiles |
|
| profiles command, description ( ) |
|
| PROFS_GRANTED keyword, policy.conf file ( ) |
|
| programs |
| | checking for RBAC authorizations ( ) |
| | privilege-aware ( ) ( ) |
|
| project.max-locked-memory resource control ( ) ( ) |
|
| PROM security mode ( ) |
|
| propagation |
| | KDC database ( ) |
| | Kerberos database ( ) |
|
| protecting |
| | BIOS, pointer to ( ) |
| | by using passwords with cryptographic framework ( ) |
| | contents of keystore ( ) |
| | files with cryptographic framework ( ) |
| | PROM ( ) |
| | system from risky programs ( ) |
|
| protecting files |
| | task map ( ) |
| | user procedures ( ) |
| | with ACLs ( ) |
| | with ACLs task map ( ) |
| | with UFS ACLs ( ) |
| | with UNIX permissions ( ) ( ) |
| | with UNIX permissions task map ( ) |
|
| protection level |
| | clear ( ) |
| | private ( ) |
| | safe ( ) |
| | setting in ftp ( ) |
|
| Protocol keyword, ssh_config file ( ) |
|
| providers |
| | adding library ( ) |
| | adding software provider ( ) |
| | adding user-level software provider ( ) |
| | connecting to cryptographic framework ( ) |
| | definition as plugins ( ) ( ) |
| | definition in cryptographic framework ( ) |
| | disabling hardware mechanisms ( ) |
| | installing ( ) |
| | listing hardware providers ( ) |
| | listing in cryptographic framework ( ) |
| | preventing use of kernel software provider ( ) |
| | registering ( ) |
| | restoring use of kernel software provider ( ) |
| | signing ( ) |
|
| proxiable ticket, definition ( ) |
|
| proxy ticket, definition ( ) |
|
| ProxyCommand keyword, ssh_config file ( ) |
|
| pseudo-tty, use in Solaris Secure Shell ( ) |
|
| PubkeyAuthentication keyword, Solaris Secure Shell ( ) |
|
| public audit policy |
| | description ( ) |
| | read-only events ( ) |
|
| public directories |
| | auditing ( ) |
| | sticky bit and ( ) |
|
| public key authentication, Solaris Secure Shell ( ) |
|
| public key cryptography |
| | AUTH_DH client-server session ( ) |
| | changing NFS public keys and secret keys ( ) |
| | common keys |
| | | calculation ( ) |
| | database of public keys for Secure RPC ( ) |
| | generating keys |
| | | conversation keys for Secure NFS ( ) |
| | | using Diffie-Hellman ( ) |
| | NFS secret keys ( ) |
|
| public key technologies, See PKI |
|
| public keys |
| | changing passphrase ( ) |
| | DH authentication and ( ) |
| | generating public-private key pair ( ) |
| | Solaris Secure Shell identity files ( ) |
|
| public objects, auditing ( ) |
|
| publickey map, DH authentication ( ) |
|
| pwcheck_method option, SASL and ( ) |