A (System Administration Guide: Security Services)

System Administration Guide: Security Services


A

	absolute mode
		changing file permissions ( ) ( )
		description ( )
		setting special permissions ( )

	access
		getting to server
			with SEAM ( )
		obtaining for a specific service ( )
		restricting for KDC servers ( )
		`root` access
			displaying attempts on console ( ) ( )
			monitoring `su` command use ( ) ( ) ( )
			restricting ( ) ( ) ( )
		security
			ACLs ( ) ( ) ( )
			file access restriction ( )
			firewall setup ( ) ( )
			login access restrictions ( ) ( )
			login control ( )
			monitoring system usage ( )
			network control ( )
			path variable setting ( )
			physical site security ( )
			reporting problems ( )
			`root` access restrictions ( )
			`root` login tracking ( )
			`setuid` programs ( )
		sharing files ( )
		system logins ( ) ( )

	access control list
		See ACL

	Access Control Lists (ACLs)
		See ACL

	ACL
		adding entries ( )
		changing entries ( )
		checking entries ( )
		commands ( )
		default entries for directories ( ) ( )
		deleting entries ( ) ( )
		description ( ) ( )
		directory entries ( ) ( )
		displaying entries ( ) ( )
		format of entries ( )
		`kadm5.acl` file ( ) ( ) ( ) ( )
		setting entries ( ) ( )
		valid file entries ( )

	`acl` token, format ( )

	`ad` audit flag ( )

	Add Administrative Role wizard
		description ( ) ( )

	Add Right dialog box, description ( )

	Add User wizard, description ( )

	adding
		administration principals (SEAM) ( )
		allocatable devices (BSM) ( )
		custom roles (RBAC) ( )
		PAM module ( )
		rights profiles (RBAC) ( )
		roles (RBAC) ( ) ( )
		service principal to keytab file (SEAM) ( )
		the first role (RBAC) ( )
		the first user (RBAC) ( )

	`admin_server` section, `krb5.conf` file ( )

	administering
		BSM
			audit class ( )
			audit classes ( )
			audit event ( )
			audit files ( )
			audit flags ( ) ( )
			audit records ( )
			audit trail overflow prevention ( )
			`auditreduce` command ( )
			cost control ( )
			description ( )
			efficiency ( )
			kernel events ( )
			process preselection mask ( )
			reducing storage-space requirements ( )
			user-level events ( )
		SEAM
			keytabs ( )
			policies ( )
			principals ( )
		Secure Shell ( )

	`administrative` audit class ( )

	`aes128–cbc` encryption algorithm, `ssh_config` file ( )

	agent daemon, Secure Shell ( )

	aliases file (ASET)
		description ( )
		example ( )
		format ( )
		specification ( )

	`all`
		audit class ( )
		audit flag
			caution for using ( )
			described ( )
		in user audit fields ( )

	All rights profile
		description ( ) ( )

	`allhard` string, `audit_warn` script ( )

	`allocate` command
		authorizations required ( )
		how the allocate mechanism works ( )
		options ( )
		using ( )

	allocate error state ( ) ( )

	`AllowGroups` keyword, `sshd_config` file ( )

	`AllowTCPForwarding` keyword, `sshd_config` file ( )

	`AllowUsers` keyword, `sshd_config` file ( )

	`allsoft` string, `audit_warn` script ( )

	always-audit flags
		description ( ) ( )
		process preselection mask ( )

	analysis
		`praudit` command ( ) ( )

	`ap` audit flag ( )

	`application` audit class ( )

	`arbitrary` token
		format ( )
		item size field ( )
		print format field ( )

	Archive tape drive clean script ( )

	`arg` token ( )

	`arge` audit policy
		description ( )
		`exec_env` token and ( )

	`argv` audit policy
		description ( )
		`exec_args` token and ( )

	ASET
		description ( )
		environment variables ( )
		error messages ( )
		NFS servers and ( )

	`aset` command
		initiating ASET sessions ( )
		`-p` option ( )
		running ASET interactively ( )
		running ASET periodically ( )
		stop running ASET periodically ( )

	`aset.restore` command, description ( )

	`ASETDIR` variable (ASET), working directory specification ( )

	`asetenv` file
		description ( )
		modifying ( )
		running ASET periodically ( )

	`ASETSECLEVEL` variable (ASET), setting security levels ( )

	Assign Administrative Role dialog box, description ( )

	Assign Rights to Role dialog box, description ( )

	asterisk (*)
		`device_allocate` file ( ) ( )
		wildcard character ( )

	`at` command, authorizations required ( )

	`atq` command, authorizations required ( )

	`attr` token ( )

	audio_clean script ( )

	audio devices, device-clean scripts ( )

	AUDIO_DRAIN ioctl system call ( )

	AUDIO_SETINFO ioctl system call ( )

	AUDIOGETREG ioctl system call ( )

	AUDIOSETREG ioctl system call ( )

	audit characteristics
		overview ( )
		process preselection mask ( )

	audit class
		description ( ) ( )

	audit classes
		`auditconfig` command options ( )
		description ( )
		flags and definitions ( ) ( )
		mapping events ( )

	`audit` command
		`-n` option ( )
		preselection mask for existing processes (`-s` option) ( )
		rereading audit files (`-s` option) ( )
		resetting directory pointer (`-s` option) ( )

	`audit_control` file
		audit daemon rereading after editing ( )
		`audit_user` file modification ( )
		`dir:` line
			described ( )
			examples ( )
		examples ( )
		`flags:` line
			described ( )
			prefixes in ( ) ( )
			process preselection mask ( )
		`minfree:` line
			`audit_warn` condition ( )
			described ( )
		`naflags:` line ( )
		overview ( ) ( ) ( )
		prefixes in flags line ( ) ( )
		problem with contents ( )

	audit daemon
		`audit_startup` file ( )
		audit trail creation ( ) ( )
		`audit_warn` script
			conditions invoking ( ) ( )
			described ( ) ( )
			execution of ( )
		enabling auditing ( )
		functions ( )
		order audit files are opened ( )
		rereading the `audit_control` file ( )

	`audit_data` file ( )

	audit directory, description ( )

	audit event
		`audit_event` file ( ) ( )
		description ( ) ( ) ( )
		kernel event ( )
		mapping to classes ( )
		user-level events ( )

	`audit_event` file ( ) ( )

	audit events
		kernel events
			`auditconfig` command options ( )
			auditconfig command options ( )
		user-level events
			`auditconfig` command options ( )

	audit files
		`auditreduce` command ( ) ( )
		combining ( ) ( ) ( )
		copying messages to single file ( )
		displaying in entirety ( )
		`file` token ( )
		minimum free space for file systems ( )
		names ( ) ( ) ( ) ( ) ( ) ( ) ( )
			form ( )
			still-active files ( )
		nonactive files marked not_terminated ( )
		order for opening ( )
		printing ( )
		reducing ( ) ( ) ( )
		reducing storage-space requirements ( ) ( )
		switching to new file ( )
		time stamps ( )

	audit flags ( )
		`audit_control` file line ( )
		audit_user file ( ) ( )
		`auditconfig` command options ( )
		definitions ( ) ( )
		description ( )
		machine-wide ( ) ( ) ( )
		overview ( ) ( )
		prefixes ( ) ( )
		process preselection mask ( )
		syntax ( ) ( )

	audit ID ( )
		overview ( )

	audit messages, copying to single file ( )

	audit policies
		`auditconfig` options ( )
		default ( )
		description ( )
		list of ( )

	audit records
		audit directories full ( ) ( ) ( ) ( )
		converting to readable format ( ) ( ) ( ) ( )
		description ( )
		events that generate ( )
		format or structure ( )
		overview ( )
		reducing audit files ( )

	audit session ID ( )

	`audit_startup` file ( )

	audit threshold ( )

	audit tokens
		audit record format ( )
		description ( ) ( )
		format ( )
		table of ( )

	audit trail
		analysis
			`praudit` command ( ) ( )
		analysis costs ( )
		creating
			audit daemon's role ( ) ( ) ( )
			`audit_data` file ( )
			overview ( )
		description ( )
		events included ( )
		merging all files ( ) ( )
		monitoring in real time ( )
		overflow prevention ( )
		overview ( )

	`audit_user` file
		prefixes for flags ( ) ( )
		process preselection mask ( )
		user audit fields ( ) ( )

	`audit_warn` script ( )
		audit daemon execution of ( )
		conditions invoking ( ) ( )
		description ( )
		strings ( ) ( )

	`auditconfig` command
		audit flags as arguments ( ) ( )
		options ( ) ( )
		prefixes for flags ( ) ( )

	`auditd` daemon
		`audit_startup` file ( )
		audit trail creation ( ) ( ) ( ) ( )
		`audit_warn` script
			conditions invoking ( ) ( )
			described ( )
			execution of ( )
		enabling auditing ( )
		functions ( )
		order audit files are opened ( )
		rereading the audit_control file ( )

	`auditreduce` command ( ) ( )
		`-c` option ( )
		cleaning not_terminated files ( )
		`-d` option ( )
		description ( ) ( )
		examples ( )
		`-O` option ( )
		options ( )
		time stamp use ( )
		without options ( ) ( )

	`auditsvc()` system call
		`audit_warn` script and ( )
		`trailer` token and ( )

	`AUE_...` names, description ( )

	`auth_attr` database
		description ( ) ( )
		RBAC relationships ( )

	AUTH_DH authentication ( )

	AUTH_DH client-server session ( ) ( )
		additional transaction ( )
		client authenticates server ( )
		contacting the server ( ) ( )
		decrypting the conversation key ( )
		generating public and secret keys ( )
		generating the conversation key ( )
		running `keylogin` ( )
		storing information on the server ( ) ( )
		verifier returned to client ( )

	authentication
		configuring cross-realm ( )
		description ( )
		DH ( ) ( )
		network security ( ) ( )
		overview of Kerberos ( )
		`root` for NFS ( )
		SEAM and ( )
		Secure Shell
			description ( )
			hosts ( )
			methods ( )
			steps ( )
			users ( )
		terminology ( )
		types ( )

	authentication parameters, `ssh_config` file ( )

	authenticator
		in SEAM ( ) ( )

	authorization
		database
			See `auth_attr` database
		delegating ( )
		description ( ) ( ) ( ) ( )
		granularity ( )
		naming convention ( )
		network security ( ) ( )
		SEAM and ( )
		types ( )

	`authorized_keys` file, description ( )

	`auths` command, description ( )

	`authtok_check` module, description ( )

	`authtok_get` module, description ( )

	`authtok_store` module, description ( )

	Automated Security Enhancement Tool
		See ASET

	automatically enabling auditing ( )

	automating principal creation ( )