System Administration Guide: Security Services


S

	`-S` option, `st_clean` script ( )

	safe protection level ( )

	SASL
		environment variable ( )
		options ( )
		overview ( )
		plug-ins ( )

	`saslauthd_path` option, SASL and ( )

	saving, failed login attempts ( )

	scope (RBAC), description ( )

	`scp` command
		copying files with ( )
		description ( )

	scripts
		`audit_startup` script ( )
		`audit_warn` script ( )
		`bsmconv` effect ( )
		`bsmconv` for device allocation ( )
		`bsmconv` script ( )
		`bsmconv` to enable auditing ( )
		checking for RBAC authorizations ( )
		device-clean scripts
			See also device-clean scripts
		for cleaning devices ( )
		monitoring audit files example ( )
		processing `praudit` output ( )
		running with privileges ( )
		securing ( )
		use of privileges in ( )

	SCSI devices, `st_clean` script ( )

	SEAM Administration Tool
		and limited administration privileges ( )
		and list privileges ( )
		and X Window system ( )
		command-line equivalents ( )
		context-sensitive help ( )
		creating a new policy ( ) ( )
		creating a new principal ( )
		default values ( )
		deleting a principal ( )
		deleting policies ( )
		displaying sublist of principals ( )
		duplicating a principal ( )
		files modified by ( )
		Filter Pattern field ( )
		`gkadmin` command ( )
		`.gkadmin` file ( )
		help ( )
		Help Contents ( )
		how affected by privileges ( )
		`kadmin` command ( )
		login window ( )
		modifying a policy ( )
		modifying a principal ( )
		online help ( )
		or `kadmin` command ( )
		overview ( )
		panel descriptions ( )
		privileges ( )
		setting up principal defaults ( )
		starting ( )
		table of panels ( )
		viewing a principal's attributes ( )
		viewing list of policies ( )
		viewing list of principals ( )
		viewing policy attributes ( )

	secondary audit directory ( )

	secret keys
		creating ( ) ( )
		generating
			using the `dd` command ( )
			using the `pktool` command ( )
		generating for Secure RPC ( )

	Secure by Default installation option ( )

	secure connection
		across a firewall ( )
		logging in ( )

	Secure NFS ( )

	Secure RPC
		alternative ( )
		and Kerberos ( )
		description ( )
		implementation of ( )
		keyserver ( )
		overview ( )

	securing
		logins task map ( )
		network at installation ( )
		passwords task map ( )
		scripts ( )

	security
		across insecure network ( )
		auditing and ( )
		BART ( )
		computing digest of files ( )
		computing MAC of files ( )
		devices ( )
		DH authentication ( )
		encrypting files ( )
		installation options ( )
		Kerberos authentication ( )
		`netservices limited` installation option ( )
		NFS client-server ( )
		password encryption ( )
		pointer to JASS toolkit ( )
		policy overview ( )
		preventing remote login ( )
		protecting against denial of service ( )
		protecting against Trojan horse ( )
		protecting devices ( )
		protecting hardware ( )
		protecting PROM ( )
		Secure by Default ( )
		system hardware ( )

	security attributes
		checking for ( )
		considerations when directly assigning ( )
		description ( )
		Printer management rights profile ( )
		privileges on commands ( )
		special ID on commands ( )
		using to mount allocated device ( )

	security mechanism, specifying with `-m` option ( )

	security modes, setting up environment with multiple ( )

	security policy, default (RBAC) ( )

	security service, Kerberos and ( )

	selecting
		audit classes ( )
		audit records ( )
		events from audit trail ( )

	semicolon (;)
		`device_allocate` file ( )
		separator of security attributes ( )

	`sendmail` command, authorizations required ( )

	`seq` audit policy
		and `sequence` token ( ) ( )
		description ( )

	`sequence` audit token
		and `seq` audit policy ( )
		format ( )

	`ServerKeyBits` keyword, `sshd_config` file ( )

	servers
		`AUTH_DH` client-server session ( )
		configuring for Solaris Secure Shell ( )
		definition in Kerberos ( )
		gaining access with Kerberos ( )
		obtaining credential for ( )
		realms and ( )

	service
		definition in Kerberos ( )
		disabling on a host ( )
		obtaining access for specific service ( )

	service keys
		definition in Kerberos ( )
		keytab files and ( )

	service management facility
		enabling keyserver ( )
		refreshing cryptographic framework ( )
		restarting cryptographic framework ( )
		restarting Solaris Secure Shell ( )

	Service Management Facility (SMF), See SMF

	service principal
		adding to keytab file ( ) ( )
		description ( )
		planning for names ( )
		removing from keytab file ( )

	session ID, audit ( )

	session keys
		definition in Kerberos ( )
		Kerberos authentication and ( )

	`setfacl` command
		`-d` option ( )
		`-f` option ( )
		description ( )
		examples ( )
		syntax ( )

	`setgid` permissions
		absolute mode ( ) ( )
		description ( )
		security risks ( )
		symbolic mode ( )

	`setpin` subcommand, `pktool` command ( )

	setting
		`arge` policy ( )
		`argv` policy ( )
		audit policy ( )
		principal defaults (Kerberos) ( )

	`setuid` permissions
		absolute mode ( ) ( )
		description ( )
		finding files with permissions set ( )
		security risks ( ) ( )
		symbolic mode ( )

	`sftp` command
		auditing file transfers ( )
		copying files with ( )
		description ( )

	`sh` command, privileged version ( )

	SHA1 kernel provider ( )

	sharing files
		and network security ( )
		with DH authentication ( )

	shell, privileged versions ( )

	shell commands
		`/etc/d_passwd` file entries ( )
		passing parent shell process number ( )

	shell process, listing its privileges ( )

	shell scripts, writing privileged ( )

	short `praudit` output format ( )

	`shosts.equiv` file, description ( )

	`.shosts` file, description ( )

	signal received during auditing shutdown ( )

	signing providers, cryptographic framework ( )

	single-sign-on system ( )
		Kerberos and ( )

	size of audit files
		reducing ( ) ( )
		reducing storage-space requirements ( )

	`slave_datatrans` file
		description ( )
		KDC propagation and ( )

	`slave_datatrans_slave` file, description ( )

	slave KDCs
		configuring ( )
		definition ( )
		master KDC and ( )
		or master ( )
		planning for ( )
		swapping with master KDC ( )

	slot, definition in cryptographic framework ( )

	smartcard documentation, pointer to ( )

	`smattrpop` command, description ( )

	`smexec` command, description ( )

	SMF, managing Secure by Default configuration ( )

	`smmultiuser` command, description ( )

	`smprofile` command
		changing rights profile ( )
		description ( )

	`smrole` command
		changing properties of role ( ) ( )
		description ( )
		using ( )

	`smuser` command
		changing user's RBAC properties ( )
		description ( )

	`socket` audit token ( )

	soft limit
		`audit_warn` condition ( )
		`minfree` line description ( )

	soft string, `audit_warn` script ( )

	Solaris auditing task map ( )

	Solaris Cryptographic Framework, See cryptographic framework

	`solaris.device.revoke` authorization ( )

	Solaris Secure Shell
		adding to system ( )
		administering ( )
		administrator task map ( ) ( )
		authentication
			requirements for ( )
		authentication methods ( )
		authentication steps ( )
		basis from OpenSSH ( )
		changes in current release ( )
		changing passphrase ( )
		command execution ( )
		configuring clients ( )
		configuring port forwarding ( )
		configuring server ( )
		connecting across a firewall ( )
		connecting outside firewall
			from command line ( )
			from configuration file ( )
		copying files ( )
		creating keys ( )
		data forwarding ( )
		description ( )
		files ( )
		forwarding mail ( )
		generating keys ( )
		keywords ( )
		local port forwarding ( ) ( )
		logging in fewer prompts ( )
		logging in to remote host ( )
		login environment variables and ( )
		naming identity files ( )
		packages ( )
		protocol versions ( )
		public key authentication ( )
		remote port forwarding ( )
		`scp` command ( )
		TCP and ( )
		typical session ( )
		user procedures ( )
		using port forwarding ( )
		using without password ( )

	`solaris` security policy ( )

	special permissions
		`setgid` permissions ( )
		`setuid` permissions ( )
		sticky bit ( )

	square brackets (`[]`), `bsmrecord` output ( )

	`sr_clean` script, description ( )

	`ssh-add` command
		description ( )
		example ( ) ( )
		storing private keys ( )

	`ssh-agent` command
		configuring for CDE ( )
		description ( )
		from command line ( )
		in scripts ( )

	`ssh` command
		description ( )
		overriding keyword settings ( )
		port forwarding options ( )
		using ( )
		using a proxy command ( )

	`.ssh/config` file
		description ( )
		override ( )

	`ssh_config` file
		configuring Solaris Secure Shell ( )
		host-specific parameters ( )
		keywords ( )
			See specific keyword
		override ( )

	`.ssh/environment` file, description ( )

	`ssh_host_dsa_key` file, description ( )

	`ssh_host_dsa_key.pub` file, description ( )

	`ssh_host_key` file
		description ( )
		override ( )

	`ssh_host_key.pub` file, description ( )

	`ssh_host_rsa_key` file, description ( )

	`ssh_host_rsa_key.pub` file, description ( )

	`.ssh/id_dsa` file ( )

	`.ssh/id_rsa` file ( )

	`.ssh/identity` file ( )

	`ssh-keygen` command
		description ( )
		using ( )

	`ssh-keyscan` command, description ( )

	`ssh-keysign` command, description ( )

	`.ssh/known_hosts` file
		description ( )
		override ( )

	`ssh_known_hosts` file ( )

	`.ssh/rc` file, description ( )

	`sshd` command, description ( )

	`sshd_config` file
		description ( )
		keywords ( )
			See specific keyword
		overrides of `/etc/default/login` entries ( )

	`sshd.pid` file, description ( )

	`sshrc` file, description ( )

	`st_clean` script
		description ( )
		for tape drives ( )

	standard cleanup, `st_clean` script ( )

	starting
		ASET from shell ( )
		ASET interactively ( )
		audit daemon ( )
		auditing ( )
		device allocation ( )
		KDC daemon ( ) ( )
		running ASET periodically ( )
		Secure RPC keyserver ( )

	stash file
		creating ( ) ( )
		definition ( )

	sticky bit permissions
		absolute mode ( ) ( )
		description ( )
		symbolic mode ( )

	stopping, dial-up logins temporarily ( )

	storage costs, and auditing ( )

	storage overflow prevention, audit trail ( )

	storing
		audit files ( ) ( )
		passphrase ( )

	`StrictHostKeyChecking` keyword, `ssh_config` file ( )

	`StrictModes` keyword, `sshd_config` file ( )

	`su` command
		displaying access attempts on console ( )
		in role assumption ( ) ( )
		monitoring use ( )

	`su` file, monitoring `su` command ( )

	`subject` audit token, format ( )

	`Subsystem` keyword, `sshd_config` file ( )

	success
		audit class prefix ( )
		turning off audit classes for ( )

	sufficient control flag, PAM ( )

	`sulog` file ( )
		monitoring contents of ( )

	Sun Crypto Accelerator 1000 board, listing mechanisms ( )

	Sun Crypto Accelerator 6000 board
		hardware plugin to cryptographic framework ( )
		listing mechanisms ( )

	`SUPATH` in Solaris Secure Shell ( )

	superuser
		compared to privilege model ( )
		compared to RBAC model ( )
		differences from privilege model ( )
		eliminating in RBAC ( )
		monitoring access attempts ( )
		troubleshooting becoming `root` as a role ( )
		troubleshooting remote access ( )

	`suser` security policy ( )

	`svcadm` command
		administering cryptographic framework ( ) ( )
		enabling cryptographic framework ( )
		enabling keyserver daemon ( )
		refreshing cryptographic framework ( )
		restarting name service ( )
		restarting NFS server ( )
		restarting Solaris Secure Shell ( )
		restarting `syslog` daemon ( ) ( )

	`svcs` command
		listing cryptographic services ( )
		listing keyserver service ( )

	swapping master and slave KDCs ( )

	symbolic links, file permissions ( )

	symbolic mode
		changing file permissions ( ) ( ) ( )
		description ( )

	synchronizing clocks
		master KDC ( ) ( )
		overview ( )
		slave KDC ( ) ( )

	`SYS` privileges ( )

	`sysconf.rpt` file ( ) ( )

	`syslog.conf` file
		and auditing ( )
		`audit.notice` level ( )
		audit records ( )
		executable stack messages ( )
		`kern.notice` level ( )
		`priv.debug` entry ( )
		saving failed login attempts ( )

	`SYSLOG_FAILED_LOGINS`
		in Solaris Secure Shell ( )
		system variable ( )

	`syslog` format, audit records ( )

	`SyslogFacility` keyword, `sshd_config` file ( )

	System Administrator (RBAC)
		assuming role ( )
		creating role ( )
		protecting hardware ( )
		recommended role ( )
		rights profile ( )

	system calls
		`arg` audit token ( )
		`close` ( )
		`exec_args` audit token ( )
		`exec_env` audit token ( )
		`ioctl()` ( )
		ioctl to clean audio device ( )
		`return` audit token ( )

	`system` file, `bsmconv` effect on ( )

	system hardware, controlling access to ( )

	system properties, privileges relating to ( )

	system security
		dial-up logins and passwords ( )
		dial-up passwords
			disabling temporarily ( )
		displaying
			user's login status ( ) ( )
			users with no passwords ( )
		firewall systems ( )
		hardware protection ( ) ( )
		login access restrictions ( ) ( )
		machine access ( )
		overview ( )
		password encryption ( )
		passwords ( )
		privileges ( )
		protecting from risky programs ( )
		restricted shell ( ) ( )
		restricting remote `root` access ( )
		role-based access control (RBAC) ( ) ( )
		`root` access restrictions ( ) ( )
		saving failed login attempts ( )
		special logins ( )
		`su` command monitoring ( ) ( )
		task map ( )
		UFS ACLS ( )

	`system state` audit class ( )

	System V IPC
		`ipc` audit class ( )
		`ipc` audit token ( )
		`ipc_perm` audit token ( )
		privileges ( )

	system variables
		See also variables
		`CRYPT_DEFAULT` ( )
		`KEYBOARD_ABORT` ( )
		`noexec_user_stack` ( )
		`noexec_user_stack_log` ( )
		`rstchown` ( )
		`SYSLOG_FAILED_LOGINS` ( )

	`system-wide administration` audit class ( )

	systems, protecting from risky programs ( )