| | | |
A |
|
| absolute mode |
| | changing file permissions ( ) ( ) |
| | description ( ) |
| | setting special permissions ( ) |
|
| access |
| | getting to server |
| | | with SEAM ( ) |
| | obtaining for a specific service ( ) |
| | restricting for KDC servers ( ) |
| | root access |
| | | displaying attempts on console ( ) ( ) |
| | | monitoring su command use ( ) ( ) ( ) |
| | | restricting ( ) ( ) ( ) |
| | security |
| | | ACLs ( ) ( ) ( ) |
| | | file access restriction ( ) |
| | | firewall setup ( ) ( ) |
| | | login access restrictions ( ) ( ) |
| | | login control ( ) |
| | | monitoring system usage ( ) |
| | | network control ( ) |
| | | path variable setting ( ) |
| | | physical site security ( ) |
| | | reporting problems ( ) |
| | | root access restrictions ( ) |
| | | root login tracking ( ) |
| | | setuid programs ( ) |
| | sharing files ( ) |
| | system logins ( ) ( ) |
|
| access control list |
| | See ACL | |
|
| Access Control Lists (ACLs) |
| | See ACL | |
|
| ACL |
| | adding entries ( ) |
| | changing entries ( ) |
| | checking entries ( ) |
| | commands ( ) |
| | default entries for directories ( ) ( ) |
| | deleting entries ( ) ( ) |
| | description ( ) ( ) |
| | directory entries ( ) ( ) |
| | displaying entries ( ) ( ) |
| | format of entries ( ) |
| | kadm5.acl file ( ) ( ) ( ) ( ) |
| | setting entries ( ) ( ) |
| | valid file entries ( ) |
|
| acl token, format ( ) |
|
| ad audit flag ( ) |
|
| Add Administrative Role wizard |
| | description ( ) ( ) |
|
| Add Right dialog box, description ( ) |
|
| Add User wizard, description ( ) |
|
| adding |
| | administration principals (SEAM) ( ) |
| | allocatable devices (BSM) ( ) |
| | custom roles (RBAC) ( ) |
| | PAM module ( ) |
| | rights profiles (RBAC) ( ) |
| | roles (RBAC) ( ) ( ) |
| | service principal to keytab file (SEAM) ( ) |
| | the first role (RBAC) ( ) |
| | the first user (RBAC) ( ) |
|
| admin_server section, krb5.conf file ( ) |
|
| administering |
| | BSM |
| | | audit class ( ) |
| | | audit classes ( ) |
| | | audit event ( ) |
| | | audit files ( ) |
| | | audit flags ( ) ( ) |
| | | audit records ( ) |
| | | audit trail overflow prevention ( ) |
| | | auditreduce command ( ) |
| | | cost control ( ) |
| | | description ( ) |
| | | efficiency ( ) |
| | | kernel events ( ) |
| | | process preselection mask ( ) |
| | | reducing storage-space requirements ( ) |
| | | user-level events ( ) |
| | SEAM |
| | | keytabs ( ) |
| | | policies ( ) |
| | | principals ( ) |
| | Secure Shell ( ) |
|
| administrative audit class ( ) |
|
| aes128–cbc encryption algorithm, ssh_config file ( ) |
|
| agent daemon, Secure Shell ( ) |
|
| aliases file (ASET) |
| | description ( ) |
| | example ( ) |
| | format ( ) |
| | specification ( ) |
|
| all |
| | audit class ( ) |
| | audit flag |
| | | caution for using ( ) |
| | | described ( ) |
| | in user audit fields ( ) |
|
| All rights profile |
| | description ( ) ( ) |
|
| allhard string, audit_warn script ( ) |
|
| allocate command |
| | authorizations required ( ) |
| | how the allocate mechanism works ( ) |
| | options ( ) |
| | using ( ) |
|
| allocate error state ( ) ( ) |
|
| AllowGroups keyword, sshd_config file ( ) |
|
| AllowTCPForwarding keyword, sshd_config file ( ) |
|
| AllowUsers keyword, sshd_config file ( ) |
|
| allsoft string, audit_warn script ( ) |
|
| always-audit flags |
| | description ( ) ( ) |
| | process preselection mask ( ) |
|
| analysis |
| | praudit command ( ) ( ) |
|
| ap audit flag ( ) |
|
| application audit class ( ) |
|
| arbitrary token |
| | format ( ) |
| | item size field ( ) |
| | print format field ( ) |
|
| Archive tape drive clean script ( ) |
|
| arg token ( ) |
|
| arge audit policy |
| | description ( ) |
| | exec_env token and ( ) |
|
| argv audit policy |
| | description ( ) |
| | exec_args token and ( ) |
|
| ASET |
| | description ( ) |
| | environment variables ( ) |
| | error messages ( ) |
| | NFS servers and ( ) |
|
| aset command |
| | initiating ASET sessions ( ) |
| | -p option ( ) |
| | running ASET interactively ( ) |
| | running ASET periodically ( ) |
| | stop running ASET periodically ( ) |
|
| aset.restore command, description ( ) |
|
| ASETDIR variable (ASET), working directory specification ( ) |
|
| asetenv file |
| | description ( ) |
| | modifying ( ) |
| | running ASET periodically ( ) |
|
| ASETSECLEVEL variable (ASET), setting security levels ( ) |
|
| Assign Administrative Role dialog box, description ( ) |
|
| Assign Rights to Role dialog box, description ( ) |
|
| asterisk (*) |
| | device_allocate file ( ) ( ) |
| | wildcard character ( ) |
|
| at command, authorizations required ( ) |
|
| atq command, authorizations required ( ) |
|
| attr token ( ) |
|
| audio_clean script ( ) |
|
| audio devices, device-clean scripts ( ) |
|
| AUDIO_DRAIN ioctl system call ( ) |
|
| AUDIO_SETINFO ioctl system call ( ) |
|
| AUDIOGETREG ioctl system call ( ) |
|
| AUDIOSETREG ioctl system call ( ) |
|
| audit characteristics |
| | overview ( ) |
| | process preselection mask ( ) |
|
| audit class |
| | description ( ) ( ) |
|
| audit classes |
| | auditconfig command options ( ) |
| | description ( ) |
| | flags and definitions ( ) ( ) |
| | mapping events ( ) |
|
| audit command |
| | -n option ( ) |
| | preselection mask for existing processes (-s option) ( ) |
| | rereading audit files (-s option) ( ) |
| | resetting directory pointer (-s option) ( ) |
|
| audit_control file |
| | audit daemon rereading after editing ( ) |
| | audit_user file modification ( ) |
| | dir: line |
| | | described ( ) |
| | | examples ( ) |
| | examples ( ) |
| | flags: line |
| | | described ( ) |
| | | prefixes in ( ) ( ) |
| | | process preselection mask ( ) |
| | minfree: line |
| | | audit_warn condition ( ) |
| | | described ( ) |
| | naflags: line ( ) |
| | overview ( ) ( ) ( ) |
| | prefixes in flags line ( ) ( ) |
| | problem with contents ( ) |
|
| audit daemon |
| | audit_startup file ( ) |
| | audit trail creation ( ) ( ) |
| | audit_warn script |
| | | conditions invoking ( ) ( ) |
| | | described ( ) ( ) |
| | | execution of ( ) |
| | enabling auditing ( ) |
| | functions ( ) |
| | order audit files are opened ( ) |
| | rereading the audit_control file ( ) |
|
| audit_data file ( ) |
|
| audit directory, description ( ) |
|
| audit event |
| | audit_event file ( ) ( ) |
| | description ( ) ( ) ( ) |
| | kernel event ( ) |
| | mapping to classes ( ) |
| | user-level events ( ) |
|
| audit_event file ( ) ( ) |
|
| audit events |
| | kernel events |
| | | auditconfig command options ( ) |
| | | auditconfig command options ( ) |
| | user-level events |
| | | auditconfig command options ( ) |
|
| audit files |
| | auditreduce command ( ) ( ) |
| | combining ( ) ( ) ( ) |
| | copying messages to single file ( ) |
| | displaying in entirety ( ) |
| | file token ( ) |
| | minimum free space for file systems ( ) |
| | names ( ) ( ) ( ) ( ) ( ) ( ) ( ) |
| | | form ( ) |
| | | still-active files ( ) |
| | nonactive files marked not_terminated ( ) |
| | order for opening ( ) |
| | printing ( ) |
| | reducing ( ) ( ) ( ) |
| | reducing storage-space requirements ( ) ( ) |
| | switching to new file ( ) |
| | time stamps ( ) |
|
| audit flags ( ) |
| | audit_control file line ( ) |
| | audit_user file ( ) ( ) |
| | auditconfig command options ( ) |
| | definitions ( ) ( ) |
| | description ( ) |
| | machine-wide ( ) ( ) ( ) |
| | overview ( ) ( ) |
| | prefixes ( ) ( ) |
| | process preselection mask ( ) |
| | syntax ( ) ( ) |
|
| audit ID ( ) |
| | overview ( ) |
|
| audit messages, copying to single file ( ) |
|
| audit policies |
| | auditconfig options ( ) |
| | default ( ) |
| | description ( ) |
| | list of ( ) |
|
| audit records |
| | audit directories full ( ) ( ) ( ) ( ) |
| | converting to readable format ( ) ( ) ( ) ( ) |
| | description ( ) |
| | events that generate ( ) |
| | format or structure ( ) |
| | overview ( ) |
| | reducing audit files ( ) |
|
| audit session ID ( ) |
|
| audit_startup file ( ) |
|
| audit threshold ( ) |
|
| audit tokens |
| | audit record format ( ) |
| | description ( ) ( ) |
| | format ( ) |
| | table of ( ) |
|
| audit trail |
| | analysis |
| | | praudit command ( ) ( ) |
| | analysis costs ( ) |
| | creating |
| | | audit daemon's role ( ) ( ) ( ) |
| | | audit_data file ( ) |
| | | overview ( ) |
| | description ( ) |
| | events included ( ) |
| | merging all files ( ) ( ) |
| | monitoring in real time ( ) |
| | overflow prevention ( ) |
| | overview ( ) |
|
| audit_user file |
| | prefixes for flags ( ) ( ) |
| | process preselection mask ( ) |
| | user audit fields ( ) ( ) |
|
| audit_warn script ( ) |
| | audit daemon execution of ( ) |
| | conditions invoking ( ) ( ) |
| | description ( ) |
| | strings ( ) ( ) |
|
| auditconfig command |
| | audit flags as arguments ( ) ( ) |
| | options ( ) ( ) |
| | prefixes for flags ( ) ( ) |
|
| auditd daemon |
| | audit_startup file ( ) |
| | audit trail creation ( ) ( ) ( ) ( ) |
| | audit_warn script |
| | | conditions invoking ( ) ( ) |
| | | described ( ) |
| | | execution of ( ) |
| | enabling auditing ( ) |
| | functions ( ) |
| | order audit files are opened ( ) |
| | rereading the audit_control file ( ) |
|
| auditreduce command ( ) ( ) |
| | -c option ( ) |
| | cleaning not_terminated files ( ) |
| | -d option ( ) |
| | description ( ) ( ) |
| | examples ( ) |
| | -O option ( ) |
| | options ( ) |
| | time stamp use ( ) |
| | without options ( ) ( ) |
|
| auditsvc() system call |
| | audit_warn script and ( ) |
| | trailer token and ( ) |
|
| AUE_... names, description ( ) |
|
| auth_attr database |
| | description ( ) ( ) |
| | RBAC relationships ( ) |
|
| AUTH_DH authentication ( ) |
|
| AUTH_DH client-server session ( ) ( ) |
| | additional transaction ( ) |
| | client authenticates server ( ) |
| | contacting the server ( ) ( ) |
| | decrypting the conversation key ( ) |
| | generating public and secret keys ( ) |
| | generating the conversation key ( ) |
| | running keylogin ( ) |
| | storing information on the server ( ) ( ) |
| | verifier returned to client ( ) |
|
| authentication |
| | configuring cross-realm ( ) |
| | description ( ) |
| | DH ( ) ( ) |
| | network security ( ) ( ) |
| | overview of Kerberos ( ) |
| | root for NFS ( ) |
| | SEAM and ( ) |
| | Secure Shell |
| | | description ( ) |
| | | hosts ( ) |
| | | methods ( ) |
| | | steps ( ) |
| | | users ( ) |
| | terminology ( ) |
| | types ( ) |
|
| authentication parameters, ssh_config file ( ) |
|
| authenticator |
| | in SEAM ( ) ( ) |
|
| authorization |
| | database |
| | | See auth_attr database | |
| | delegating ( ) |
| | description ( ) ( ) ( ) ( ) |
| | granularity ( ) |
| | naming convention ( ) |
| | network security ( ) ( ) |
| | SEAM and ( ) |
| | types ( ) |
|
| authorized_keys file, description ( ) |
|
| auths command, description ( ) |
|
| authtok_check module, description ( ) |
|
| authtok_get module, description ( ) |
|
| authtok_store module, description ( ) |
|
| Automated Security Enhancement Tool |
| | See ASET | |
|
| automatically enabling auditing ( ) |
|
| automating principal creation ( ) |
| | | |
C |
|
| -c option, auditreduce command ( ) |
|
| C shell |
| | ASET working directory specification ( ) |
| | privileged version ( ) |
|
| cache, credential ( ) |
|
| caret (^) in audit flag prefixes ( ) ( ) |
|
| CD-ROM drives |
| | device-clean scripts ( ) ( ) |
|
| cd subcommand, sftp command ( ) |
|
| changepw principal ( ) |
|
| changing |
| | (command line) user properties ( ) |
| | rights profiles (command line) ( ) |
| | role properties (command line) ( ) |
| | your password with kpasswd ( ) |
| | your password with passwd ( ) |
|
| CheckHostIP keyword, ssh_config file ( ) |
|
| chgrp command |
| | description ( ) |
| | syntax ( ) |
|
| chgrp subcommand, sftp command ( ) |
|
| -chkconf option, auditconfig command ( ) |
|
| chkey command ( ) ( ) |
|
| chmod command |
| | changing special permissions ( ) ( ) |
| | description ( ) |
| | syntax ( ) |
|
| chmod subcommand, sftp command ( ) |
|
| choosing, your password ( ) |
|
| chown command |
| | description ( ) |
| | syntax ( ) |
|
| Cipher keyword, ssh_config file ( ) |
|
| Ciphers keyword |
| | ssh_config file ( ) |
| | sshd_config file ( ) |
|
| cklist.rpt file |
| | description ( ) ( ) |
|
| CKLISTPATH_level variable (ASET), setting the directories to be checked ( ) |
|
| cl audit flag ( ) |
|
| class |
| | description ( ) ( ) |
|
| classes |
| | auditconfig command options ( ) |
| | flags and definitions ( ) ( ) |
|
| cleaning, not_terminated files ( ) |
|
| client |
| | AUTH_DH client-server session ( ) ( ) |
| | definition in SEAM ( ) |
|
| client names, planning for in SEAM ( ) |
|
| clients (SEAM), configuring ( ) |
|
| clock skew |
| | SEAM and ( ) ( ) |
|
| clock synchronizing |
| | SEAM and ( ) ( ) ( ) |
|
| cnt audit policy, description ( ) |
|
| combining audit files ( ) |
| | auditreduce command ( ) ( ) |
|
| command-line equivalents of SEAM Administration Tool ( ) |
|
| commands |
| | device-allocation commands ( ) |
| | table of SEAM ( ) |
|
| comments |
| | device_allocate file ( ) |
| | device_maps file ( ) |
|
| common key |
| | calculation ( ) |
| | DH authentication and ( ) |
|
| Compression keyword, ssh_config file ( ) |
|
| CompressionLevel keyword, ssh_config file ( ) |
|
| Computer Emergency Response Team/Coordination Center (CERT/CC) ( ) |
|
| -conf option, auditconfig command ( ) |
|
| configuration decisions |
| | SEAM |
| | | client and service principal names ( ) |
| | | clock synchronization ( ) |
| | | database propagation ( ) |
| | | mapping hostnames onto realms ( ) |
| | | number of realms ( ) |
| | | ports ( ) |
| | | realm hierarchy ( ) |
| | | realm names ( ) |
| | | realms ( ) |
| | | slave KDCs ( ) |
|
| configuration file |
| | PAM ( ) ( ) |
|
| configuring |
| | ASET ( ) ( ) |
| | audit trail overflow prevention ( ) |
| | auditconfig command ( ) ( ) |
| | RBAC |
| | | task map ( ) |
| | SEAM |
| | | adding administration principals ( ) |
| | | clients ( ) |
| | | cross-realm authentication ( ) |
| | | master KDC server ( ) |
| | | NFS servers ( ) |
| | | oveview ( ) |
| | | slave KDC server ( ) |
| | | task map ( ) |
| | Secure Shell ( ) |
|
| ConnectionAttempts keyword, ssh_config file ( ) |
|
| console |
| | displaying su command use on ( ) ( ) |
| | root access restriction to ( ) ( ) |
|
| context-sensitive help ( ) |
|
| control flags, PAM ( ) |
|
| conversation key |
| | decrypting ( ) |
| | generating ( ) |
|
| converting |
| | audit records to readable format ( ) ( ) ( ) |
|
| copying audit messages to single file ( ) |
|
| cost control, BSM and ( ) |
|
| creating |
| | credential table ( ) |
| | /etc/d_passwd file ( ) |
| | keytab file ( ) |
| | new policy ( ) |
| | new policy (SEAM) ( ) |
| | new principal (SEAM) ( ) |
| | Secure Shell keys ( ) |
| | stash file ( ) |
| | tickets with kinit ( ) |
|
| creating the audit trail ( ) |
| | audit daemon's role ( ) |
| | audit_data file ( ) |
| | auditd daemon ( ) |
| | overview ( ) |
|
| cred database ( ) ( ) |
| | DH authentication and ( ) |
|
| cred table |
| | information stored by server ( ) ( ) |
|
| credential |
| | cache ( ) |
| | description ( ) ( ) |
| | obtaining for a server ( ) |
| | obtaining for a TGS ( ) |
| | or tickets ( ) |
|
| credential cache ( ) |
|
| credential table, adding single entry to ( ) |
|
| cron command, backing up using ( ) |
|
| cron service name, PAM ( ) |
|
| crontab files, authorizations required ( ) |
|
| crontab files |
| | running ASET periodically ( ) |
| | stop running ASET periodically ( ) |
|
| cross-realm authentication, configuring ( ) |
|
| crypt command, file security ( ) |
|
| csh command |
| | dial-up passwords ( ) |
| | privileged version ( ) |
|
| .cshrc file, path variable entry ( ) |
| | | |
D |
|
| -d option |
| | auditreduce command ( ) |
| | praudit command ( ) |
|
| d_passwd file |
| | creating ( ) |
| | description ( ) ( ) |
| | disabling dial-up logins temporarily ( ) |
| | /etc/passwd file and ( ) |
|
| daemon |
| | keyserv ( ) |
| | krb5kdc ( ) |
| | table of SEAM ( ) |
|
| Data Encryption Standard |
| | See DES | |
|
| data forwarding, Secure Shell ( ) |
|
| database |
| | backing up and propagating KDC ( ) ( ) |
| | creating KDC ( ) |
| | KDC propagation ( ) |
|
| deallocate command |
| | allocate error state ( ) |
| | authorizations required ( ) |
| | description ( ) |
| | device-clean scripts and ( ) |
| | using ( ) |
|
| debugging sequence number ( ) |
|
| decrypting |
| | conversation key ( ) |
| | secret key ( ) |
|
| default_realm section, krb5.conf file ( ) |
|
| defaults |
| | ACL entries for directories ( ) ( ) |
| | audit_startup file ( ) |
| | machine-wide ( ) |
| | praudit output format ( ) ( ) |
|
| delete_entry command ( ) |
|
| deleting |
| | ACL entries ( ) ( ) |
| | host's service ( ) |
| | policies (SEAM) ( ) |
| | principal (SEAM) ( ) |
|
| DenyGroups keyword, sshd_config file ( ) |
|
| DenyUsers keyword, sshd_config file ( ) |
|
| DES encryption ( ) |
|
| destroying, tickets with kdestroy ( ) |
|
| device_allocate file |
| | format ( ) |
| | overview ( ) |
|
| device allocation ( ) |
| | adding devices ( ) |
| | allocatable devices ( ) ( ) ( ) |
| | allocate command |
| | | how the allocate mechanism works ( ) |
| | | options ( ) |
| | | using ( ) |
| | allocate error state ( ) ( ) |
| | allocating a device ( ) |
| | commands ( ) ( ) |
| | components of the allocation mechanism ( ) |
| | deallocate command |
| | | allocate error state ( ) |
| | deallocate command |
| | | allocate error state ( ) |
| | deallocate command |
| | | described ( ) |
| | deallocate command |
| | | device-clean scripts and ( ) |
| | deallocate command |
| | | using ( ) |
| | description ( ) |
| | device_allocate file ( ) |
| | device-clean scripts ( ) |
| | | audio devices ( ) |
| | | CD-ROM drives ( ) ( ) |
| | | described ( ) |
| | | diskette drives ( ) ( ) |
| | | options ( ) |
| | | tape drives ( ) ( ) |
| | | writing new scripts ( ) |
| | device_maps file ( ) |
| | device_maps file ( ) |
| | list_devices command ( ) |
| | lock file setup ( ) |
| | managing devices ( ) |
| | reallocating ( ) |
| | using device allocations ( ) |
|
| device-clean scripts |
| | audio devices ( ) |
| | CD-ROM drives ( ) ( ) |
| | description ( ) |
| | diskette drives ( ) ( ) |
| | options ( ) |
| | tape drives ( ) ( ) |
| | writing new scripts ( ) |
|
| device_maps file |
| | format ( ) ( ) |
| | overview ( ) |
|
| devices |
| | device allocation |
| | | See device allocation | |
| | lock files ( ) |
| | managing ( ) |
| | system device access control ( ) ( ) |
|
| dfstab file ( ) |
| | kerberos option ( ) |
| | sharing files ( ) |
|
| DH authentication ( ) |
| | AUTH_DH client-server session ( ) ( ) |
| | mounting files ( ) |
| | sharing files ( ) |
|
| DH security |
| | for an NIS+ client ( ) |
| | for an NIS client ( ) |
|
| dhkeys module, description ( ) |
|
| dial_auth module, description ( ) |
|
| dial-up passwords ( ) ( ) |
| | disabling dial-up logins temporarily ( ) |
| | /etc/d_passwd file ( ) ( ) |
| | /etc/dialups file ( ) |
|
| dialups file |
| | creating ( ) |
| | description ( ) |
|
| Diffie-Hellman, role in authentication ( ) |
|
| dir: line |
| | audit_control file ( ) ( ) |
|
| direct realms ( ) |
|
| directories |
| | audit_control file definitions ( ) |
| | audit daemon pointer ( ) ( ) |
| | audit directories full ( ) ( ) ( ) |
| | mounting audit directories ( ) |
|
| directory |
| | ACL entries ( ) ( ) |
| | ASET files ( ) |
| | | checklist task (CKLISTPATH) setting ( ) ( ) |
| | | master files ( ) |
| | | reports ( ) |
| | | working directory ( ) ( ) |
| | audit directories full ( ) |
| | displaying files and related information ( ) ( ) ( ) |
| | permissions |
| | | defaults ( ) |
| | | description ( ) |
| | public directories ( ) |
|
| disabling |
| | dial-up logins temporarily ( ) |
| | service on a host (SEAM) ( ) |
| | user logins ( ) |
|
| disk-space requirements ( ) |
|
| diskette drives |
| | device-clean scripts ( ) ( ) |
|
| displaying |
| | ACL entries ( ) ( ) |
| | ASET task status ( ) ( ) |
| | audit log in entirety ( ) |
| | files and related information ( ) ( ) ( ) |
| | root access attempts on console ( ) ( ) |
| | su command use on console ( ) ( ) |
| | sublist of principals (SEAM) ( ) |
| | user's login status ( ) ( ) |
|
| dminfo command ( ) |
|
| DNS ( ) |
| | SEAM and ( ) |
|
| domain_realm section |
| | krb5.conf file ( ) ( ) |
|
| dot (.), path variable entry ( ) |
|
| DSAAuthentication keyword, sshd_config file ( ) |
|
| dtlogin service name, PAM ( ) |
|
| .dtprofile script, use in Secure Shell ( ) |
|
| dtsession service name, PAM ( ) |
|
| duplicating, principal (SEAM) ( ) |
| | | |
E |
|
| ebusy string, audit_warn script ( ) |
|
| editing rights profiles, task description ( ) |
|
| eeprom.rpt file |
| | description ( ) ( ) |
|
| efficiency, BSM and ( ) |
|
| eject command, BSM device cleanup and ( ) |
|
| enabling, auditing ( ) |
|
| encrypting |
| | capturing encrypted passwords ( ) |
| | files ( ) |
|
| encryption ( ) |
| | privacy service ( ) |
| | specifying algorithms in ssh_config ( ) |
| | specifying algorithms in sshd_config ( ) |
|
| ending, signal received during auditing shutdown ( ) |
|
| env.rpt file |
| | description ( ) ( ) |
|
| environment file, description ( ) |
|
| environment file (ASET) |
| | description ( ) |
| | modifying ( ) |
| | running ASET periodically ( ) |
|
| environment variables |
| | ASET |
| | | ASETDIR ( ) |
| | | ASETSECLEVEL ( ) |
| | | CKLISTPATH_level ( ) ( ) |
| | | PERIODIC_SCHEDULE ( ) ( ) ( ) ( ) |
| | | summary table ( ) |
| | | TASKS ( ) ( ) |
| | | UID_ALIASES ( ) ( ) ( ) |
| | | YPCHECK ( ) ( ) |
|
| equals sign (=), file permissions symbol ( ) |
|
| error message, with kpasswd ( ) |
|
| errors |
| | allocate error state ( ) ( ) |
| | audit directories full ( ) ( ) ( ) ( ) |
| | internal errors ( ) |
|
| EscapeChar keyword, ssh_config file ( ) |
|
| /etc/d_passwd file ( ) ( ) ( ) |
| | creating ( ) |
| | disabling dial-up logins temporarily ( ) |
| | /etc/passwd file and ( ) |
|
| /etc/default/login file |
| | restricting root access to console ( ) |
| | restricting root access to devices ( ) |
|
| /etc/default/su file |
| | displaying su command use on console ( ) ( ) |
| | monitoring su command ( ) |
|
| /etc/dfs/dfstab file |
| | kerberos option ( ) |
| | sharing files ( ) |
|
| /etc/dialups file ( ) |
| | creating ( ) |
|
| /etc/group file, ASET checks ( ) |
|
| /etc/hosts.equiv file, description ( ) |
|
| /etc/init.d/kdc file, description ( ) |
|
| /etc/init.d/kdc.master file, description ( ) |
|
| /etc/krb5/kadm5.acl file, description ( ) |
|
| /etc/krb5/kadm5.keytab file, description ( ) |
|
| /etc/krb5/kdc.conf file, description ( ) |
|
| /etc/krb5/kpropd.acl file, description ( ) |
|
| /etc/krb5/krb5.conf file, description ( ) |
|
| /etc/krb5/krb5.keytab file, description ( ) |
|
| /etc/krb5/warn.conf file, description ( ) |
|
| /etc/logindevperm file, description ( ) |
|
| /etc/nologin file ( ) |
| | description ( ) |
|
| /etc/nsswitch.conf file, login access restrictions ( ) |
|
| /etc/pam.conf |
| | description ( ) ( ) |
| | syntax ( ) |
|
| /etc/passwd file |
| | ASET checks ( ) |
| | /etc/d_passwd file and ( ) |
|
| /etc/publickey file, DH authentication and ( ) |
|
| /etc/security/audit/bsmconv script, devicemaps file creation ( ) |
|
| /etc/security/audit_data file ( ) |
|
| /etc/security/audit_event file ( ) |
| | audit events and ( ) |
|
| /etc/security/audit_startup file ( ) |
|
| /etc/security/audit_warn script ( ) ( ) |
|
| /etc/security/dev lock files ( ) |
|
| /etc/ssh_host_key.pub file, description ( ) |
|
| /etc/ssh/shosts.equiv file, description ( ) |
|
| /etc/ssh/ssh_config file |
| | client authentication parameters ( ) |
| | configuring Secure Shell ( ) |
| | host-specific parameters ( ) |
|
| /etc/ssh/ssh_host_key file, description ( ) |
|
| /etc/ssh/ssh_known_hosts file |
| | configuring Secure Shell ( ) |
| | controlling distribution ( ) |
| | description ( ) |
|
| /etc/ssh/sshd_config file, description ( ) |
|
| /etc/ssh/sshrc file, description ( ) |
|
| /etc/syslog.conf file, PAM ( ) |
|
| event, description ( ) |
|
| event modifier field flags (header token) ( ) |
|
| events |
| | audit |
| | | See audit events | |
| | kernel events |
| | | auditconfig command options ( ) ( ) |
| | user-level events |
| | | auditconfig command options ( ) |
|
| ex audit flag ( ) |
|
| exec_args token |
| | argv policy and ( ) |
| | format ( ) |
|
| exec_attr database |
| | description ( ) ( ) |
| | RBAC relationships ( ) |
|
| exec audit class ( ) |
|
| exec_env token, format ( ) |
|
| execute permissions, symbolic mode ( ) |
|
| execution attributes, description ( ) |
|
| execution log (ASET) ( ) ( ) |
|
| exit subcommand, sftp command ( ) |
|
| exit token, format ( ) |
| | | |
F |
|
| -F option |
| | allocate command ( ) |
| | deallocate command ( ) |
| | st_clean script ( ) |
|
| fa audit flag ( ) |
|
| failed login attempts ( ) ( ) |
|
| failure |
| | audit flag prefix ( ) ( ) |
| | turning off audit flags for ( ) ( ) |
|
| FallBackToRsh keyword, ssh_config file ( ) |
|
| fc audit flag ( ) |
|
| fd audit flag ( ) |
|
| fd_clean script, description ( ) |
|
| file_attr_acc audit class ( ) |
|
| file_attr_mod audit class ( ) |
|
| file_close audit class ( ) |
|
| file_creation audit class ( ) |
|
| file_deletion audit class ( ) |
|
| file_read audit class ( ) |
|
| file token, format ( ) |
|
| file vnode token ( ) |
|
| file_write audit class ( ) |
|
| files |
| | copying with Secure Shell ( ) |
| | device allocation lock ( ) |
| | kdc.conf ( ) |
| | table of SEAM ( ) |
| | transferring with Secure Shell ( ) |
|
| files and file systems |
| | ACL entries |
| | | adding or modifying ( ) |
| | | checking ( ) |
| | | deleting ( ) ( ) |
| | | displaying ( ) ( ) |
| | | setting ( ) ( ) |
| | | valid entries ( ) |
| | ASET checks ( ) ( ) |
| | ownership |
| | | changing ( ) |
| | | setgid permission and ( ) |
| | | setuid permission and ( ) |
| | permissions |
| | | absolute mode ( ) ( ) |
| | | changing ( ) ( ) ( ) |
| | | defaults ( ) |
| | | description ( ) |
| | | setgid ( ) ( ) |
| | | setuid ( ) |
| | | sticky bit ( ) |
| | | symbolic mode ( ) ( ) ( ) ( ) |
| | | umask setting ( ) |
| | security ( ) ( ) |
| | | access restriction ( ) |
| | | ACL ( ) ( ) |
| | | changing ownership ( ) ( ) |
| | | changing permissions ( ) ( ) |
| | | directory permissions ( ) |
| | | displaying file information ( ) ( ) ( ) |
| | | encryption ( ) |
| | | file permissions ( ) |
| | | file types ( ) |
| | | special file permissions ( ) ( ) ( ) |
| | | umask default ( ) |
| | | user classes ( ) |
| | sharing files ( ) |
|
| find command |
| | finding files with setuid permissions ( ) ( ) |
|
| firewall.rpt file ( ) |
| | description ( ) |
|
| firewall systems |
| | ASET setup ( ) ( ) |
| | description ( ) ( ) |
| | outside connections with Secure Shell |
| | | from command line ( ) |
| | | from configuration file ( ) |
| | packet smashing ( ) |
| | trusted host ( ) |
|
| flags ( ) |
| | audit |
| | | See audit flags | |
| | audit_control file line ( ) |
| | audit_user file ( ) ( ) |
| | auditconfig command options ( ) |
| | definitions ( ) ( ) |
| | machine-wide ( ) ( ) |
| | overview ( ) |
| | prefixes ( ) ( ) |
| | process preselection mask ( ) |
| | syntax ( ) ( ) |
|
| flags: line in audit_control file |
| | description ( ) |
| | prefixes in ( ) ( ) |
| | process preselection mask ( ) |
|
| fm audit flag ( ) |
|
| forced cleanup ( ) |
|
| forwardable tickets |
| | definition ( ) |
| | description ( ) |
| | example ( ) |
|
| forwarding, specifying in ssh_config ( ) |
|
| ForwardX11 keyword, Secure Shell port forwarding ( ) |
|
| FQDN (Fully Qualified Domain Name), in SEAM ( ) |
|
| fr audit flag ( ) |
|
| ftp command, authentication ( ) |
|
| ftp service name, PAM ( ) |
|
| fw audit flag ( ) |
| | | |
K |
|
| .k5.REALM file, description ( ) |
|
| .k5login file, description ( ) |
|
| kadm5.acl file ( ) ( ) ( ) ( ) ( ) ( ) |
| | description ( ) |
| | format of entries ( ) |
|
| kadm5.keytab file ( ) |
| | description ( ) |
|
| kadmin command ( ) ( ) |
| | description ( ) |
| | ktadd command ( ) |
| | ktremove command ( ) |
| | removing principals from keytab with ( ) |
|
| kadmin.local command ( ) ( ) |
| | adding administration principals ( ) |
| | description ( ) |
|
| kadmin.log file, description ( ) |
|
| kadmind daemon |
| | master KDC and ( ) |
| | SEAM and ( ) |
|
| kadmind principal ( ) |
|
| kdb5_util command ( ) ( ) |
| | description ( ) |
|
| KDC |
| | adding entries to propagation file ( ) |
| | adding slave names to cron job ( ) |
| | backing up and propagating ( ) |
| | configuring master ( ) |
| | configuring server ( ) |
| | configuring slave ( ) |
| | copying administration files from slave to master ( ) |
| | creating database ( ) |
| | creating host principal ( ) |
| | creating root principal ( ) ( ) |
| | database propagation ( ) |
| | master |
| | | definition ( ) |
| | planning ( ) |
| | ports ( ) |
| | propagating database with kprop_util ( ) |
| | restricting access to servers ( ) |
| | slave ( ) |
| | | definition ( ) |
| | slave or master ( ) ( ) |
| | starting daemon ( ) |
| | swapping master and slave ( ) |
| | synchronizing clocks ( ) ( ) |
|
| kdc.conf file |
| | description ( ) |
| | ticket lifetime and ( ) |
|
| kdc file, description ( ) |
|
| kdc.log file, description ( ) |
|
| kdc.master file, description ( ) |
|
| kdestroy command, example ( ) |
|
| KeepAlive keyword |
| | ssh_config file ( ) |
| | sshd_config file ( ) |
|
| KERB authentication, dfstab file option ( ) |
|
| Kerberos |
| | and Kerberos V5 ( ) |
| | and SEAM ( ) ( ) |
| | dfstab file option ( ) |
| | terminology ( ) |
|
| Kerberos (KERB) authentication ( ) |
|
| kernel events |
| | auditconfig command options ( ) ( ) |
| | BSM and ( ) |
|
| key |
| | creating for an NIS user ( ) |
| | creating for Secure Shell ( ) |
| | description ( ) |
| | private ( ) |
| | service ( ) |
| | service key ( ) |
| | session ( ) ( ) |
|
| Key Distribution Center |
| | See KDC | |
|
| keylogin command ( ) ( ) |
| | running ( ) |
|
| KeyRegenerationInterval keyword, sshd_config file ( ) |
|
| keyserv daemon |
| | starting ( ) |
| | verifying ( ) |
|
| keytab file |
| | adding master KDC's host principal to ( ) |
| | adding service principal to ( ) ( ) |
| | administering ( ) |
| | administering with ktutil command ( ) |
| | creating ( ) |
| | disabling a host's service with delete_entry command ( ) |
| | read into keytab buffer with with read_kt command ( ) |
| | read into keytab with read_kt command ( ) |
| | removing principals with ktremove command ( ) |
| | removing service principal from ( ) |
| | viewing contents with ktutil command ( ) ( ) |
| | viewing keylist buffer with list command ( ) ( ) |
|
| kinds of tickets ( ) |
|
| kinit command |
| | example ( ) |
| | -F option ( ) |
| | ticket lifetime ( ) |
|
| klist command |
| | example ( ) |
| | -f option ( ) |
|
| known_hosts file |
| | configuring Secure Shell ( ) |
| | controlling distribution ( ) |
| | description ( ) |
| | role in authentication ( ) |
|
| Korn shell |
| | ASET working directory specification ( ) |
| | privileged version ( ) |
|
| kpasswd command |
| | and passwd command ( ) |
| | error message ( ) |
| | example ( ) |
|
| kprop command, description ( ) |
|
| kprop_script script ( ) |
|
| kpropd.acl file ( ) |
| | description ( ) |
|
| kpropd daemon, SEAM and ( ) |
|
| krb5.conf file |
| | description ( ) |
| | domain_realm section ( ) |
| | editing ( ) |
| | ports definition ( ) |
|
| krb5.keytab file, description ( ) |
|
| krb5 module, description ( ) |
|
| krb5cc_uid file, description ( ) |
|
| krb5kdc daemon ( ) |
| | master KDC and ( ) |
| | SEAM and ( ) |
|
| ksh command ( ) |
| | dial-up passwords ( ) |
| | privileged version ( ) |
|
| ktadd command ( ) ( ) |
| | syntax ( ) |
|
| ktremove command ( ) |
|
| ktutil command ( ) |
| | delete_entry command ( ) |
| | list command ( ) ( ) |
| | read_kt command ( ) ( ) |
| | viewing list of principals ( ) ( ) |
| | | |
L |
|
| -l option, praudit command ( ) |
|
| -L option |
| | ssh command ( ) ( ) |
|
| lcd subcommand, sftp command ( ) |
|
| ldap module, description ( ) |
|
| legacy application, securing ( ) |
|
| lifetime of ticket, in SEAM ( ) |
|
| list command ( ) ( ) |
|
| list_devices command ( ) |
| | authorizations required ( ) |
|
| list privileges in SEAM Administration Tool ( ) |
|
| ListenAddress keyword, sshd_config file ( ) |
|
| lo audit flag ( ) |
|
| LocalForward keyword, ssh_config file ( ) |
|
| lock files |
| | how the allocate mechanism works ( ) |
| | setting up ( ) |
|
| log files |
| | ASET execution log ( ) ( ) |
| | monitoring su command ( ) ( ) ( ) |
|
| logging in |
| | displaying user's login status ( ) ( ) |
| | root login |
| | | access restrictions ( ) |
| | | account ( ) ( ) |
| | | restricting to console ( ) ( ) |
| | | tracking ( ) |
| | security |
| | | access restrictions ( ) ( ) |
| | | saving failed attempts ( ) ( ) |
| | | system access control ( ) |
| | | system device access control ( ) |
| | | tracking root login ( ) |
| | system logins ( ) ( ) |
|
| .login file, path variable entry ( ) |
|
| login file |
| | restricting root access to console ( ) |
| | restricting root access to devices ( ) |
|
| login_logout audit class ( ) |
|
| login service name, PAM ( ) |
|
| logindevperm file, description ( ) |
|
| LoginGraceTime keyword, sshd_config file ( ) |
|
| loginlog file |
| | overview ( ) |
| | saving failed login attempts ( ) ( ) |
|
| logins command |
| | displaying user's login status ( ) ( ) |
| | displaying users with no passwords ( ) |
| | syntax ( ) ( ) |
|
| LogLevel keyword |
| | ssh_config file ( ) |
| | sshd_config file ( ) |
|
| low ASET security level ( ) |
|
| ls subcommand, sftp command ( ) |
|
| -lsevent option, auditconfig command ( ) |
|
| -lspolicy option, auditconfig command ( ) |
| | | |
P |
|
| packet transfers |
| | firewall security ( ) |
| | packet smashing ( ) |
|
| PAM |
| | add a module ( ) |
| | configuration file ( ) ( ) ( ) |
| | control flags ( ) |
| | /etc/syslog.conf file ( ) |
| | module types ( ) |
| | modules ( ) |
| | overview ( ) |
| | password mapping ( ) |
| | planning ( ) |
| | SEAM and ( ) ( ) ( ) |
| | service names ( ) |
| | stacking ( ) |
| | try_first_pass ( ) |
|
| pam_*.so.1 files, description ( ) |
|
| pam.conf file |
| | description ( ) |
| | SEAM and ( ) |
|
| pam_roles command, description ( ) |
|
| panels, table of SEAM Administration Tool ( ) |
|
| passphrase, example ( ) |
|
| passwd command |
| | and kpasswd command ( ) |
| | try_first_pass ( ) |
|
| passwd file |
| | ASET checks ( ) |
| | /etc/d_passwd file and ( ) |
|
| passwd service name, PAM ( ) |
|
| password mapping, in PAM ( ) |
|
| PasswordAuthentication keyword, sshd_config file ( ) |
|
| passwords |
| | and policies ( ) |
| | capturing encrypted passwords ( ) |
| | changing with kpasswd command ( ) |
| | changing with passwd command ( ) |
| | dial-up passwords |
| | | disabling dial-up logins temporarily ( ) |
| | | /etc/d_passwd file ( ) ( ) ( ) |
| | | /etc/dialups file ( ) |
| | displaying users with no passwords ( ) |
| | eeprom security ( ) |
| | eliminating in Secure Shell use ( ) ( ) |
| | login security ( ) ( ) ( ) ( ) |
| | management ( ) |
| | modifying a principal's password ( ) |
| | secret-key decryption ( ) |
| | Secure Shell ( ) |
| | suggestions on choosing ( ) |
| | system logins ( ) ( ) |
| | UNIX and Kerberos ( ) |
|
| path audit policy, description ( ) |
|
| path token ( ) |
|
| path variable, setting ( ) |
|
| pc audit flag ( ) |
|
| PERIODIC_SCHEDULE variable (ASET) |
| | scheduling ASET ( ) ( ) ( ) ( ) |
|
| permissions |
| | ACLs and ( ) ( ) |
| | ASET handling of ( ) ( ) |
| | changing file permissions |
| | | absolute mode ( ) ( ) |
| | | chmod command ( ) |
| | | symbolic mode ( ) ( ) ( ) ( ) |
| | defaults ( ) |
| | directory permissions ( ) |
| | file permissions |
| | | absolute mode ( ) ( ) |
| | | changing ( ) ( ) |
| | | description ( ) |
| | | special permissions ( ) ( ) ( ) |
| | | symbolic mode ( ) ( ) ( ) ( ) |
| | setgid permissions |
| | | absolute mode ( ) ( ) |
| | | description ( ) ( ) |
| | | symbolic mode ( ) |
| | setuid permissions |
| | | absolute mode ( ) ( ) |
| | | description ( ) |
| | | finding files with permissions set ( ) ( ) |
| | | security risks ( ) |
| | | symbolic mode ( ) |
| | special file permissions ( ) ( ) ( ) |
| | sticky bit ( ) |
| | tune files (ASET) ( ) ( ) ( ) ( ) |
| | umask settings ( ) |
| | user classes and ( ) |
|
| PermitEmptyPasswords keyword, sshd_config file ( ) |
|
| PermitRootLogin keyword, sshd_config file ( ) |
|
| pfcsh command, description ( ) |
|
| pfexec command, description ( ) |
|
| pfksh command, description ( ) |
|
| pfsh command, description ( ) |
|
| physical security ( ) |
|
| planning |
| | PAM ( ) |
| | RBAC ( ) |
| | SEAM |
| | | client and service principal names ( ) |
| | | clock synchronization ( ) |
| | | configuration decisions ( ) |
| | | database propagation ( ) |
| | | number of realms ( ) |
| | | ports ( ) |
| | | realm hierarchy ( ) |
| | | realm names ( ) |
| | | realms ( ) |
| | | slave KDCs ( ) |
|
| pluggable authentication module |
| | See PAM | |
|
| plus (+) audit flag prefix ( ) ( ) |
|
| plus sign (+), file permissions symbol ( ) |
|
| policies |
| | administering ( ) ( ) |
| | and passwords ( ) |
| | auditconfig options ( ) |
| | creating (SEAM ( ) |
| | creating new (SEAM) ( ) |
| | deleting ( ) |
| | modifying ( ) |
| | SEAM Administration Tool panels for ( ) |
| | task map for administering ( ) |
| | viewing attributes ( ) |
| | viewing list of ( ) |
|
| policy.conf database |
| | Basic Solaris User rights profile ( ) |
| | description ( ) ( ) |
| | RBAC relationships ( ) |
|
| port |
| | for KDC and admin services ( ) |
| | KDC administration daemon ( ) |
|
| port forwarding |
| | configuring ssh_config ( ) |
| | Secure Shell ( ) ( ) ( ) |
|
| Port keyword, sshd_config file ( ) |
|
| postdatable ticket, definition ( ) |
|
| postdated ticket, description ( ) |
|
| postsigterm string, audit_warn script ( ) |
|
| pound sign (#) |
| | device_allocate file ( ) |
| | device_maps file ( ) |
|
| ppp service name, PAM ( ) |
|
| praudit command |
| | converting audit records to readable format ( ) ( ) |
| | output formats ( ) ( ) |
| | piping auditreduce output to ( ) |
| | using ( ) ( ) |
|
| prefixes in audit flags ( ) ( ) |
|
| preselection mask |
| | auditconfig command options ( ) |
| | description ( ) |
| | machine-wide ( ) |
|
| preselection mask (BSM), reducing storage costs ( ) |
|
| primary, in principals names ( ) |
|
| Primary Administrator |
| | rights profile ( ) ( ) ( ) |
| | role ( ) |
|
| primary audit directory ( ) |
|
| principal |
| | adding administration ( ) |
| | adding service principal to keytab ( ) ( ) |
| | administering ( ) ( ) |
| | automating creation of ( ) |
| | creating host ( ) |
| | creating root ( ) ( ) |
| | deleting ( ) |
| | duplicating ( ) |
| | in SEAM ( ) |
| | modifying ( ) |
| | principal name ( ) |
| | removing from keytab file ( ) |
| | removing service principal from keytab ( ) |
| | root ( ) |
| | SEAM Administration Tool panels for ( ) |
| | service principal ( ) |
| | setting up defaults ( ) |
| | task map for administering ( ) |
| | user ID comparison ( ) |
| | user principal ( ) |
| | viewing attributes ( ) |
| | viewing list of ( ) |
| | viewing sublist of principals ( ) |
|
| principal.db file, description ( ) |
|
| principal.kadm5 file, description ( ) |
|
| principal.kadm5.lock file, description ( ) |
|
| principal.ok file, description ( ) |
|
| principals, creating ( ) |
|
| print format field, arbitrary token ( ) |
|
| Printer Management rights profile |
| | description ( ) ( ) |
|
| printing, audit log ( ) |
|
| privacy |
| | SEAM and ( ) |
| | security service ( ) |
|
| private key ( ) |
| | definition in SEAM ( ) |
| | description ( ) |
| | naming convention ( ) |
|
| privilege ( ) |
| | effects on SEAM Administration Tool ( ) |
|
| privileged application |
| | authorization checking ( ) |
| | description ( ) |
| | ID checking ( ) |
|
| process audit characteristics |
| | audit ID ( ) |
| | audit session ID ( ) |
| | process preselection mask ( ) |
| | terminal ID ( ) |
|
| process audit class ( ) |
|
| process preselection mask |
| | auditconfig command options ( ) |
| | description ( ) |
|
| process token, format ( ) |
|
| processing time costs, BSM and ( ) |
|
| prof_attr database |
| | description ( ) ( ) |
| | RBAC relationships ( ) |
|
| profile |
| | See rights profile | |
|
| .profile file, path variable entry ( ) |
|
| profile shell, description ( ) |
|
| profiles command, description ( ) |
|
| program, testing for authorizations ( ) |
|
| projects module, description ( ) |
|
| propagation |
| | KDC database ( ) |
| | Kerberos database ( ) |
|
| propagation file, adding entries to ( ) |
|
| Protocol keyword, sshd_config file ( ) |
|
| proxiable ticket, definition ( ) |
|
| proxy ticket, definition ( ) |
|
| ProxyCommand keyword, ssh_config file ( ) |
|
| pseudo-tty, use in Secure Shell ( ) |
|
| public directories ( ) |
|
| public key |
| | description ( ) |
| | DH authentication and ( ) |
| | known hosts file ( ) |
| | naming convention ( ) |
| | Secure Shell ( ) |
|
| public-key cryptography |
| | AUTH_DH client-server session ( ) ( ) |
| | changing public and secret keys ( ) |
| | common key |
| | | calculation ( ) |
| | database of public keys ( ) |
| | generating keys |
| | | conversation key ( ) |
| | | public and secret keys ( ) |
| | secret key |
| | | changing ( ) |
| | | database ( ) |
| | | decrypting ( ) |
| | | generating ( ) |
|
| publickey map, DH authentication and ( ) |
|
| put subcommand |
| | sftp command ( ) ( ) |
| | | |
R |
|
| -R option |
| | ssh command ( ) ( ) |
|
| -r praudit output format ( ) |
|
| raw praudit output format ( ) |
|
| RBAC |
| | administration commands ( ) |
| | authorization database ( ) |
| | basic concept ( ) |
| | database relationships ( ) |
| | elements ( ) |
| | name services ( ) |
| | rights profile database ( ) |
| | tasks ( ) |
| | | adding custom roles ( ) |
| | | adding first role ( ) |
| | | adding first user ( ) |
| | | adding rights profile example ( ) |
| | | adding roles ( ) |
| | | adding roles from command line ( ) |
| | | changing rights profiles from command line ( ) |
| | | changing roles from command line ( ) |
| | | changing user properties from command line ( ) |
| | | checking scripts or programs for authorizations ( ) |
| | | configuration ( ) |
| | | editing rights profiles ( ) |
| | | information management task map ( ) |
| | | modifying roles ( ) |
| | | modifying users ( ) |
| | | planning ( ) |
| | | running the user tools ( ) |
| | | securing legacy applications ( ) |
| | | securing scripts ( ) |
| | | setting IDs on commands ( ) |
| | | using privileged applications ( ) |
|
| rc file, description ( ) |
|
| rcp command, authentication ( ) |
|
| read into keytab buffer with read_kt command ( ) |
|
| read into keytab with read_kt command ( ) |
|
| read_kt command ( ) ( ) |
|
| read permissions, symbolic mode ( ) |
|
| readable audit record format |
| | converting audit records to ( ) ( ) ( ) ( ) |
|
| reallocating devices ( ) |
|
| realms |
| | and servers ( ) |
| | configuration decisions ( ) |
| | configuring cross-realm authentication ( ) |
| | contents of ( ) |
| | direct ( ) |
| | hierarchical ( ) |
| | hierarchical or non-hierarchical ( ) |
| | hierarchy ( ) |
| | in principal names ( ) |
| | in principals names ( ) |
| | mapping hostnames onto ( ) |
| | names ( ) |
| | number of ( ) |
|
| reducing |
| | audit files ( ) |
| | storage-space requirements for audit files ( ) |
|
| reducing audit files |
| | auditreduce command ( ) ( ) |
|
| remote logins |
| | authentication ( ) |
| | authorization ( ) |
| | security and ( ) |
|
| remote systems |
| | logging in |
| | | authentication ( ) |
| | | authorization ( ) |
|
| removing |
| | principals with ktremove command ( ) |
| | service principal from keytab file ( ) |
|
| renewable ticket, definition ( ) |
|
| replayed transactions ( ) |
|
| reports |
| | ASET ( ) ( ) ( ) ( ) |
|
| reports directory (ASET) ( ) |
|
| required control flag, PAM ( ) |
|
| requisite control flag, PAM ( ) |
|
| restoring, ASET ( ) |
|
| restricted shell (rsh) ( ) |
|
| restricting access for KDC servers ( ) |
|
| return token, format ( ) |
|
| rewoffl option |
| | mt command |
| | | BSM device cleanup and ( ) |
|
| rexd service name, PAM ( ) |
|
| .rhosts file |
| | description ( ) |
| | role in authentication ( ) |
|
| rhosts module, description ( ) |
|
| RhostsAuthentication keyword, sshd_config file ( ) |
|
| RhostsRSAAuthentication keyword, sshd_config file ( ) |
|
| right |
| | See rights profile | |
|
| rights profile |
| | See also individual profiles | |
| | changing rights profiles from command line ( ) |
| | creation example ( ) |
| | database |
| | | See prof_attr database and exec_attr database | |
| | description ( ) ( ) |
| | editing ( ) |
| | major rights profiles description ( ) |
|
| Rights tool, description ( ) |
|
| rlogin command, authentication ( ) |
|
| rlogin service name, PAM ( ) |
|
| role |
| | adding custom roles ( ) |
| | adding first role ( ) ( ) |
| | adding roles ( ) |
| | adding roles from command line ( ) |
| | assuming ( ) |
| | assumption example ( ) |
| | changing roles from command line ( ) |
| | description ( ) ( ) |
| | making root a role ( ) |
| | modifying roles ( ) |
| | properties |
| | | summarized ( ) |
| | recommended role rights profiles ( ) |
| | recommended roles ( ) |
| | use in RBAC ( ) |
|
| role-based access control |
| | See RBAC | |
|
| Role Properties dialog box, description ( ) |
|
| roleadd command, description ( ) |
|
| roledel command, description ( ) |
|
| rolemod command, description ( ) |
|
| roles command, description ( ) |
|
| roles module, description ( ) |
|
| root |
| | adding principal to host's keytab ( ) |
| | authentication for NFS ( ) |
| | eliminating root in RBAC ( ) |
|
| root access |
| | displaying attempts on console ( ) ( ) |
| | monitoring su command use ( ) ( ) ( ) |
| | restricting ( ) ( ) ( ) |
|
| root login |
| | account |
| | | access restrictions ( ) |
| | | description ( ) |
| | restricting to console ( ) |
| | tracking ( ) |
|
| root principal |
| | creating ( ) ( ) |
|
| root role, creating ( ) |
|
| RPCSEC_GSS API, SEAM and ( ) |
|
| RSAAuthentication keyword, sshd_config file ( ) |
|
| rsh command (restricted shell) ( ) |
|
| rsh service name, PAM ( ) |
|
| running the User tool, task description ( ) |
| | | |
S |
|
| -s |
| | audit command ( ) |
| | praudit command ( ) |
|
| -S option of st_clean script ( ) |
|
| sac service name, PAM ( ) |
|
| sample module, description ( ) |
|
| saving |
| | failed login attempts ( ) ( ) |
|
| scheduling ASET execution (PERIODIC_SCHEDULE) ( ) ( ) ( ) ( ) ( ) |
|
| scope, description ( ) |
|
| scp command |
| | authentication steps ( ) |
| | description ( ) |
| | using ( ) |
|
| script |
| | securing ( ) |
| | testing for authorizations ( ) |
|
| SCSI devices, st_clean script ( ) |
|
| SEAM |
| | administering ( ) |
| | Administration Tool ( ) |
| | and Kerberos V5 ( ) ( ) |
| | commands ( ) |
| | components of ( ) |
| | configuration decisions ( ) |
| | configuring KDC servers ( ) |
| | daemons ( ) |
| | files ( ) |
| | gaining access to server ( ) |
| | online help ( ) |
| | overview ( ) |
| | overview of authentication ( ) |
| | password management ( ) |
| | planning for ( ) |
| | reference ( ) |
| | terminology ( ) |
| | using ( ) |
|
| SEAM Administration Tool ( ) |
| | and limited administration privileges ( ) |
| | and list privileges ( ) |
| | and X Window system ( ) |
| | command-line equivalents ( ) |
| | context-sensitive help ( ) |
| | creating a new principal ( ) |
| | creating new policy ( ) ( ) |
| | default values ( ) |
| | deleting a principal ( ) |
| | deleting policies ( ) |
| | displaying sublist of principals ( ) |
| | duplicating a principal ( ) |
| | files modified by ( ) |
| | Filter Pattern field ( ) |
| | gkadmin command ( ) |
| | gkadmin command vs. kadmin ( ) ( ) |
| | .gkadmin file ( ) |
| | help (print) ( ) |
| | Help button ( ) |
| | Help Contents ( ) |
| | how affected by privileges ( ) |
| | kadmin command vs. gkadmin ( ) ( ) |
| | login window ( ) |
| | modifying a principal ( ) |
| | modifying policies ( ) |
| | online help ( ) |
| | panel descriptions ( ) |
| | privileges ( ) |
| | setting up principal defaults ( ) |
| | starting ( ) |
| | table of panels ( ) |
| | viewing a principal's attributes ( ) |
| | viewing list of policies ( ) |
| | viewing list of principals ( ) |
| | viewing policy attributes ( ) |
| | vs. kadmin command ( ) |
|
| searching |
| | files with setuid permissions ( ) ( ) |
|
| secondary audit directory ( ) |
|
| secret key |
| | changing ( ) |
| | database ( ) |
| | decrypting ( ) |
| | generating ( ) |
|
| secure access ( ) |
|
| secure NIS+, adding a user ( ) |
|
| Secure RPC ( ) |
| | implementation of ( ) |
|
| Secure RPC authentication ( ) |
|
| Secure Shell |
| | administering ( ) |
| | authentication ( ) |
| | authentication steps ( ) |
| | configuring ( ) |
| | configuring clients ( ) |
| | connecting outside firewall |
| | | from command line ( ) |
| | | from configuration file ( ) |
| | copying files ( ) |
| | creating keys ( ) |
| | description ( ) |
| | forwarding mail ( ) |
| | important files ( ) |
| | local port forwarding ( ) ( ) |
| | logging in ( ) |
| | naming identity files ( ) |
| | port forwarding ( ) |
| | protocol versions ( ) |
| | public key ( ) |
| | remote port forwarding ( ) |
| | transferring files ( ) |
| | typical session ( ) |
| | user task map ( ) |
| | using without password ( ) |
|
| securing legacy applications, description ( ) |
|
| securing scripts, description ( ) |
|
| security |
| | auditing and ( ) |
| | DH authentication |
| | | AUTH_DH client-server session ( ) ( ) |
| | KERB authentication ( ) |
|
| security mode, setting up environment with multiple ( ) |
|
| security service |
| | in SEAM ( ) |
| | integrity ( ) |
| | privacy ( ) |
|
| seq audit policy |
| | description ( ) |
| | seq token and ( ) |
|
| seq policy, seq token and ( ) |
|
| seq token |
| | format ( ) |
| | seq policy and ( ) |
|
| server authentication parameters, sshd_config file ( ) |
|
| ServerKeyBits keyword, sshd_config file ( ) |
|
| servers |
| | and realms ( ) |
| | AUTH_DH client-server session ( ) ( ) |
| | configuring for Secure Shell ( ) |
| | definition in SEAM ( ) |
| | gaining access with SEAM ( ) |
| | obtaining credential for ( ) |
|
| service |
| | definition in SEAM ( ) |
| | disabling on a host ( ) |
| | obtaining access for specific service ( ) |
|
| service key ( ) |
| | definition in SEAM ( ) |
|
| service names, PAM ( ) |
|
| service principal |
| | adding to keytab file ( ) ( ) |
| | description ( ) |
| | planning for names ( ) |
| | removing from keytab file ( ) |
|
| session ID ( ) |
|
| session key |
| | definition in SEAM ( ) |
| | SEAM authentication and ( ) |
|
| -setclass option, auditconfig command ( ) |
|
| -setcond option, auditconfig command ( ) |
|
| setenv command |
| | ASET security level specification ( ) |
| | ASET working directory specification ( ) |
|
| setfacl command |
| | adding ACL entries ( ) |
| | deleting ACL entries ( ) |
| | description ( ) |
| | examples ( ) ( ) |
| | modifying ACL entries ( ) |
| | setting ACL entries ( ) ( ) |
| | syntax ( ) |
|
| setgid permissions |
| | absolute mode ( ) ( ) |
| | description ( ) ( ) |
| | symbolic mode ( ) |
|
| -setpmask option of auditconfig comman, auditconfig command ( ) |
|
| -setpolicy option, auditconfig command ( ) |
|
| -setsmask option, auditconfig command ( ) |
|
| setting IDs on commands |
| | description ( ) |
| | task description ( ) |
|
| setting up principal defaults ( ) |
|
| setuid permissions |
| | absolute mode ( ) ( ) |
| | description ( ) |
| | finding files with permissions set ( ) ( ) |
| | security risks ( ) |
| | symbolic mode ( ) |
|
| setuid programs ( ) |
|
| -setumask option, auditconfig command ( ) |
|
| sftp command |
| | authentication steps ( ) |
| | description ( ) |
| | using ( ) |
|
| sh command ( ) |
| | dial-up passwords ( ) |
| | privileged version ( ) |
|
| share command, restricting root access ( ) |
|
| sharing files (network security) ( ) |
|
| shell, privileged versions ( ) |
|
| shell commands |
| | /etc/d_passwd file entries ( ) ( ) |
|
| shell programs |
| | ASET security level specification ( ) |
| | ASET working directory specification ( ) |
|
| short praudit output format ( ) |
|
| shosts.equiv file, description ( ) |
|
| .shosts file, description ( ) |
|
| signal received during auditing shutdown ( ) |
|
| single-sign-on system, SEAM and ( ) |
|
| size |
| | reducing audit files ( ) |
| | | auditreduce command ( ) |
| | | auditreduce command ( ) |
| | reducing storage-space requirements for audit files ( ) |
|
| slave_datatrans file ( ) |
| | description ( ) |
|
| slave KDCs |
| | adding names to cron job ( ) |
| | configuring ( ) |
| | definition ( ) |
| | master KDC and ( ) |
| | or master ( ) |
| | planning for ( ) |
| | swapping with master KDC ( ) |
|
| smartcard module, description ( ) |
|
| smattrpop command, description ( ) |
|
| SMC |
| | See Solaris Management Console | |
|
| smexec command, description ( ) |
|
| smmultiuser command, description ( ) |
|
| smprofile command, description ( ) |
|
| smrole command, description ( ) |
|
| smuser command, description ( ) |
|
| socket token ( ) |
|
| soft limit |
| | audit_warn condition ( ) |
| | minfree: line description ( ) |
|
| soft string with audit_warn script ( ) |
|
| Solaris Management Console |
| | role assumption ( ) |
| | running the user tools ( ) |
|
| sr_clean script, description ( ) |
|
| ssh-add command |
| | description ( ) |
| | example ( ) ( ) |
|
| ssh-agent command |
| | description ( ) |
| | from command line ( ) |
| | in scripts ( ) |
|
| ssh command |
| | authentication steps ( ) |
| | description ( ) |
| | -L option ( ) |
| | -o option ( ) |
| | permitting access ( ) |
| | port forwarding ( ) |
| | -R option ( ) |
| | using ( ) |
|
| ssh_config file |
| | client authentication parameters ( ) |
| | configuring Secure Shell ( ) |
| | connection parameters ( ) |
| | host-specific parameters ( ) |
| | keywords |
| | | See specific keyword | |
| | known host file parameters ( ) |
|
| ssh_host_key file, description ( ) |
|
| ssh_host_key.pub file, description ( ) |
|
| ssh-keygen command |
| | description ( ) |
| | using ( ) |
|
| ssh_known_hosts file |
| | configuring Secure Shell ( ) |
| | description ( ) |
|
| ssh service name, PAM ( ) |
|
| sshd command |
| | configuring for forwarding ( ) |
| | description ( ) |
| | session controls ( ) |
|
| sshd_config file |
| | description ( ) |
| | forwarding parameters ( ) |
| | ports parameters ( ) |
| | server connection parameters ( ) |
| | session control parameters ( ) |
|
| sshd.pid file, description ( ) |
|
| sshrc file, description ( ) |
|
| st_clean script, description ( ) |
|
| st_clean script for tape drives ( ) |
|
| stacking, in PAM ( ) |
|
| standard cleanup ( ) |
|
| starting |
| | ASET |
| | | initiating sessions from shell ( ) |
| | | running interactively ( ) |
| | KDC daemon ( ) |
|
| stash file |
| | creating ( ) |
| | definition ( ) |
|
| sticky bit permissions |
| | absolute mode ( ) ( ) |
| | description ( ) |
| | symbolic mode ( ) |
|
| stopping, dial-up logins temporarily ( ) |
|
| storage, audit records and ( ) |
|
| storage costs, BSM and ( ) |
|
| storage overflow prevention, audit trail ( ) |
|
| StrictHostKeyChecking keyword, ssh_config file ( ) |
|
| StrictModes keyword, sshd_config file ( ) |
|
| su command |
| | displaying use on console ( ) ( ) |
| | in role assumption ( ) |
| | monitoring use ( ) ( ) ( ) |
|
| su file, monitoring su command ( ) |
|
| su service name, PAM ( ) |
|
| subject token, format ( ) |
|
| Subsystem keyword, sshd_config file ( ) |
|
| success |
| | audit flag prefix ( ) ( ) |
| | turning off audit flags for ( ) |
|
| sufficient control flag, PAM ( ) |
|
| sulog file ( ) ( ) ( ) |
|
| superuser |
| | eliminating superuser in RBAC ( ) |
| | model versus RBAC ( ) |
|
| suser, security policy ( ) |
|
| swapping master and slave KDCs ( ) |
|
| symbolic links |
| | file permissions ( ) |
| | latest directory (ASET) ( ) |
|
| symbolic mode |
| | changing file permissions ( ) ( ) ( ) |
| | description ( ) |
|
| synchronizing clocks ( ) ( ) ( ) |
|
| sysconf.rpt file |
| | description ( ) ( ) |
|
| SyslogFacility keyword, sshd_config file ( ) |
|
| System Administrator |
| | rights profile ( ) ( ) ( ) |
| | role ( ) |
|
| system calls |
| | arg token ( ) |
| | auditsvc() fails ( ) |
| | auditsvc() fails ( ) |
| | close ( ) |
| | event numbers ( ) |
| | exec_args token ( ) |
| | exec_env token ( ) |
| | ioctl ( ) ( ) |
| | return token ( ) |
|
| system security |
| | dial-up passwords ( ) ( ) |
| | | disabling dial-up logins temporarily ( ) |
| | | /etc/d_passwd file ( ) ( ) ( ) |
| | | /etc/dialups file ( ) |
| | displaying |
| | | user's login status ( ) ( ) |
| | | users with no passwords ( ) |
| | introduction ( ) |
| | login access restrictions ( ) ( ) |
| | overview ( ) |
| | passwords ( ) |
| | restricted shell ( ) ( ) |
| | restricting root login to console ( ) ( ) |
| | root access restrictions ( ) ( ) ( ) |
| | saving failed login attempts ( ) ( ) |
| | special logins ( ) ( ) |
| | su command monitoring ( ) ( ) ( ) |
|
| System V IPC |
| | ipc audit class ( ) |
| | ipc_perm token ( ) |
| | ipc token ( ) ( ) |
| | | |
U |
|
| -U option |
| | allocate command ( ) |
| | list_devices command ( ) |
|
| UDP address ( ) |
|
| uid_aliases file |
| | description ( ) |
| | specifying ( ) |
|
| UID_ALIASES variable (ASET) |
| | aliases file specification ( ) ( ) |
| | description ( ) |
|
| umask setting ( ) |
|
| unix_account module, description ( ) |
|
| unix_auth module, description ( ) |
|
| unix module, description ( ) |
|
| unix_session module, description ( ) |
|
| URL for online help ( ) |
|
| UseLogin keyword, sshd_config file ( ) |
|
| user |
| | adding first user ( ) |
| | assigning RBAC defaults ( ) |
| | changing user properties from command line ( ) |
| | database |
| | | See user_attr database | |
| | modifying properties ( ) |
|
| user accounts |
| | ASET check ( ) |
| | displaying login status ( ) ( ) |
|
| User Accounts tool, description ( ) |
|
| user ACL entries |
| | default entries for directories ( ) |
| | description ( ) |
| | setting ( ) ( ) |
|
| user_attr database |
| | description ( ) ( ) |
| | RBAC relationships ( ) |
|
| user audit fields ( ) ( ) |
|
| user classes of files ( ) |
|
| user ID |
| | audit ID and ( ) |
| | in NFS services ( ) |
|
| user ID (audit ID) ( ) |
|
| User keyword, ssh_config file ( ) |
|
| user-level events |
| | auditconfig command options ( ) |
| | BSM and ( ) |
|
| user principal, description ( ) |
|
| useradd command, description ( ) |
|
| userdel command, description ( ) |
|
| UserKnownHostsFile keyword, ssh_config file ( ) |
|
| usermod command, description ( ) |
|
| UseRsh, ssh_config file ( ) |
|
| using privileged applications, task description ( ) |
|
| /usr/aset/asetenv file ( ) |
| | modifying ( ) |
| | running ASET periodically ( ) |
|
| /usr/aset directory ( ) |
|
| /usr/aset/masters/tune files ( ) |
| | example files ( ) |
| | format ( ) |
| | modifying ( ) ( ) |
| | rules ( ) |
|
| /usr/aset/masters/uid_aliases file ( ) |
|
| /usr/aset/reports directory |
| | structure ( ) ( ) |
|
| /usr/aset/reports/latest directory ( ) |
|
| /usr/lib/krb5/kadmind daemon, SEAM and ( ) |
|
| /usr/lib/krb5/kprop command, description ( ) |
|
| /usr/lib/krb5/kpropd daemon, SEAM and ( ) |
|
| /usr/lib/krb5/krb5kdc daemon, SEAM and ( ) |
|
| /usr/sbin/gkadmin command, description ( ) |
|
| /usr/sbin/kadmin command, description ( ) |
|
| /usr/sbin/kadmin.local command, description ( ) |
|
| /usr/sbin/kdb5_util command, description ( ) |
|
| usrgrp.rpt file |
| | description ( ) ( ) |
| | example ( ) |
|
| uucico command ( ) ( ) |
|
| uucp service name, PAM ( ) |