Security for the Solaris 7 operating environment combines several features from SunOS release 4 and AT&T SVR4 with capabilities added specifically for the new environment. There are also changes in the packaging of some SunOS release 4 security programs.
This chapter describes major differences between SunOS release 4 and Solaris 7 operating environment security, and points out how those changes may affect system administration procedures. System Administration Guide, Volume II describes the administration and use of these features more fully.
RPC has been modified based on the GSS-API. This increases security integrity and confidentiality, and NFS services are no longer tied to a specific or a single security mechanism. Also, NIS+ security is enhanced by increasing the authentication key length from 192 bits to 640 bits.
NFS Administration Guide describes secure NFS and the .rhosts files. TCP/IP and Data Communications Administration Guide describes administering Internet security.
Security for local SunOS release 5.7 systems includes storing encrypted passwords in a separate file, controlling login defaults, and restricted shells. Equivalent NIS+ security, described in NIS+ Transition Guide and NFS Administration Guide, controls network-wide access to systems.
The following subsections summarize security features under local system control.
The SunOS release 5.7 passwd command stores encrypted versions of passwords in a separate file, /etc/shadow, and allows only root access to it. This prevents general access to the encrypted passwords that formerly appeared in the /etc/passwd file, which anyone could read.
The /etc/shadow file also includes entries that force password aging for individual user login accounts. The mechanism for changing entries to the passwd and shadow files is described in System Administration Guide, Volume II.
Several files that control default system access are stored in the /etc/default directory. These files limit access to specific systems on a network. Table 5-1 summarizes the files in the /etc/default directory.Table 5-1 Files in /etc/default Directory
Controls system login policies, including root access. The default is to limit root access to the console.
Controls default policy on password aging
Controls which root (su) access to the system will be logged and where it will be displayed
Restricted shells do not allow the following operations:
Setting the $PATH variable
Specifying path or command names beginning with "/"
See the ksh and sh man pages for a description of these shells.
Note that the restricted shell and the remote shell have the same command name (rsh) with different path names:
/usr/lib/rsh is the restricted shell
/usr/bin/rsh is the remote shell
The SunOS release 5.7 system features password aging. This feature assigns a limited lifetime to each user password to maintain password secrecy. As a password reaches the end of its life, the password owner is notified and prompted to select a new one.
You can implement password aging using one of the following methods:
Method 1 - Use Admintool to manage users if you are running an X-window environment. For information about this method, see OpenWindows Advanced User's Guide.
A system administrator can also set up password aging.
Method 1- Use either passwd or nispasswd, depending on which name service is used to store your account.
Method 2 - Use Admintool to manage users if you are running an X-window environment. For information about this method, see OpenWindows Advanced User's Guide.
For more information on passwd and nispasswd, see the command tables in Appendix D, System Files Reference Table.
Access control lists (ACLs), supported in both UFS and NFS, provide greater flexibility in managing file permissions than traditional UNIX file protection. The traditional UNIX file protection provides read, write, and execute permissions for three user classes: owner, group, and other.
Using ACLs allows you to define file permissions for the owner, owner's group, others, specific users and groups, and default permissions for each of those categories. For example, you can set up an ACL that defines read permission to a group of users and write permission to only one user in the group. You could not do this with standard UNIX file permissions.
The setfacl(1) command sets, adds, modifies, and deletes ACL entries, and the getfacl(1) command displays ACL entries.
See System Administration Guide, Volume II for more information about using ACLs.
The Automated Security Enhancement Tool (ASET), available as a separate option with SunOS release 4 systems, is included with the Solaris 7 operating environment. ASET enables you to specify an overall system security level (low, medium, or high) and automatically maintain systems at those levels. This tool can be set up to run on a server and all its clients or on individual clients.
ASET performs these tasks:
Verifies system file permissions
Verifies system file contents
Checks integrity of group file entries
Checks system configuration files
Checks environment files (.profile,.login, and .cshrc)
Verifies EEPROM settings to restrict console login access
Allows establishment of a firewall or gateway system
System Administration Guide, Volume II describes ASET setup and monitoring in detail.
The Solaris 7 operating environment includes support for Kerberos V4 authentication for secure RPC. (Kerberos source code and administrative utilities are available from MIT.) Included in this release are:
Client applications library that can use Kerberos
Kerberos option to Secure RPC
Sun's NFSTM distributed computing file system application with Kerberos
Commands to administer user tickets on the client
The Solaris 7 release includes the SunSHIELD Basic Security Module (BSM) package. This product provides the security features defined as C2 in the Trusted Computer System Evaluation Criteria (TCSEC). The features provided by the BSM are a security auditing subsystem and a device allocation mechanism. C2 discretionary access control and identification and authentication features are provided in the operating system.
The administration of BSM is included in SunSHIELD Basic Security Module Guide.
The Pluggable Authentication Module (PAM) framework enables new authentication technologies to be "plugged-in" without changing commands, such as login, ftp, telnet and so on. The framework enables a system administrator to choose any combination of services to provide authentication. Mechanisms for account, session, and password management can also be "plugged-in" using this framework.
System Administration Guide, Volume II describes the administration of PAM.