|  |  |  |  | 
| A | 
|  | 
|  | absolute mode | 
|  |  | changing file permissions (  ) (  ) | 
|  |  | description (  ) | 
|  |  | setting special permissions (  ) | 
|  | 
|  | access | 
|  |  | getting to server | 
|  |  |  | with SEAM (  ) | 
|  |  | obtaining for a specific service (  ) | 
|  |  | restricting for KDC servers (  ) | 
|  |  | root access | 
|  |  |  | displaying attempts on console (  ) | 
|  |  |  | monitoring su command use (  ) (  ) | 
|  |  |  | restricting (  ) (  ) | 
|  |  | security | 
|  |  |  | ACLs (  ) (  ) (  ) | 
|  |  |  | controlling system usage (  ) | 
|  |  |  | file access restriction (  ) | 
|  |  |  | firewall setup (  ) (  ) | 
|  |  |  | login access restrictions (  ) (  ) | 
|  |  |  | login control (  ) | 
|  |  |  | monitoring system usage (  ) | 
|  |  |  | network control (  ) | 
|  |  |  | path variable setting (  ) | 
|  |  |  | physical security (  ) | 
|  |  |  | reporting problems (  ) | 
|  |  |  | root login tracking (  ) | 
|  |  |  | setuid programs (  ) | 
|  |  | sharing files (  ) | 
|  |  | system logins (  ) (  ) | 
|  | 
|  | access control list | 
|  |  | See ACL |  | 
|  | 
|  | Access Control Lists (ACLs) | 
|  |  | See ACL |  | 
|  | 
|  | ACL | 
|  |  | adding entries (  ) | 
|  |  | changing entries (  ) | 
|  |  | checking entries (  ) | 
|  |  | commands (  ) | 
|  |  | default entries for directories (  ) (  ) | 
|  |  | deleting entries (  ) (  ) | 
|  |  | description (  ) (  ) | 
|  |  | directory entries (  ) (  ) | 
|  |  | displaying entries (  ) (  ) | 
|  |  | format of entries (  ) | 
|  |  | kadm5.acl file (  ) (  ) (  ) (  ) | 
|  |  | setting entries (  ) (  ) | 
|  |  | valid file entries (  ) | 
|  | 
|  | acl token, format (  ) | 
|  | 
|  | ad audit flag (  ) | 
|  | 
|  | Add Administrative Role wizard | 
|  |  | description (  ) (  ) | 
|  | 
|  | Add Right dialog box, description (  ) | 
|  | 
|  | Add User wizard, description (  ) | 
|  | 
|  | adding | 
|  |  | administration principals (SEAM) (  ) | 
|  |  | allocatable devices (BSM) (  ) | 
|  |  | custom roles (RBAC) (  ) | 
|  |  | PAM module (  ) | 
|  |  | password encryption module (  ) | 
|  |  | rights profiles (RBAC) (  ) | 
|  |  | roles (RBAC) (  ) (  ) | 
|  |  | service principal to keytab file (SEAM) (  ) | 
|  |  | the first role (RBAC) (  ) | 
|  |  | the first user (RBAC) (  ) | 
|  | 
|  | admin_server section, krb5.conf file (  ) | 
|  | 
|  | administering | 
|  |  | BSM | 
|  |  |  | audit class (  ) | 
|  |  |  | audit classes (  ) | 
|  |  |  | audit event (  ) | 
|  |  |  | audit files (  ) | 
|  |  |  | audit flags (  ) (  ) | 
|  |  |  | audit records (  ) | 
|  |  |  | audit trail overflow prevention (  ) | 
|  |  |  | auditreduce command (  ) | 
|  |  |  | cost control (  ) | 
|  |  |  | description (  ) | 
|  |  |  | efficiency (  ) | 
|  |  |  | kernel events (  ) | 
|  |  |  | process preselection mask (  ) | 
|  |  |  | reducing storage-space requirements (  ) | 
|  |  |  | user-level events (  ) | 
|  |  | SEAM | 
|  |  |  | keytabs (  ) | 
|  |  |  | policies (  ) | 
|  |  |  | principals (  ) | 
|  |  | Secure Shell (  ) | 
|  | 
|  | administrative audit class (  ) | 
|  | 
|  | aes128–cbc encryption algorithm, ssh_config file (  ) | 
|  | 
|  | agent daemon, Secure Shell (  ) | 
|  | 
|  | algorithms | 
|  |  | configuration (  ) | 
|  |  | password encryption (  ) | 
|  | 
|  | aliases file (ASET) | 
|  |  | description (  ) | 
|  |  | example (  ) | 
|  |  | format (  ) | 
|  |  | specification (  ) | 
|  | 
|  | all | 
|  |  | audit class (  ) | 
|  |  | audit flag | 
|  |  |  | caution for using (  ) | 
|  |  |  | described (  ) | 
|  |  | in user audit fields (  ) | 
|  | 
|  | All rights profile | 
|  |  | description (  ) (  ) | 
|  | 
|  | allhard string, audit_warn script (  ) | 
|  | 
|  | allocate command | 
|  |  | authorizations required (  ) | 
|  |  | how the allocate mechanism works (  ) | 
|  |  | options (  ) | 
|  |  | using (  ) | 
|  | 
|  | allocate error state (  ) (  ) | 
|  | 
|  | AllowGroups keyword, sshd_config file (  ) | 
|  | 
|  | AllowTCPForwarding keyword, sshd_config file (  ) | 
|  | 
|  | AllowUsers keyword, sshd_config file (  ) | 
|  | 
|  | allsoft string, audit_warn script (  ) | 
|  | 
|  | always-audit flags | 
|  |  | description (  ) (  ) | 
|  |  | process preselection mask (  ) | 
|  | 
|  | analysis | 
|  |  | praudit command (  ) (  ) | 
|  | 
|  | ap audit flag (  ) | 
|  | 
|  | application audit class (  ) | 
|  | 
|  | arbitrary token | 
|  |  | format (  ) | 
|  |  | item size field (  ) | 
|  |  | print format field (  ) | 
|  | 
|  | Archive tape drive clean script (  ) | 
|  | 
|  | arg token (  ) | 
|  | 
|  | arge audit policy | 
|  |  | description (  ) | 
|  |  | exec_env token and (  ) | 
|  | 
|  | argv audit policy | 
|  |  | description (  ) | 
|  |  | exec_args token and (  ) | 
|  | 
|  | ASET | 
|  |  | description (  ) | 
|  |  | environment variables (  ) | 
|  |  | error messages (  ) | 
|  |  | NFS servers and (  ) | 
|  | 
|  | aset command | 
|  |  | initiating ASET sessions (  ) | 
|  |  | -p option (  ) | 
|  |  | running ASET interactively (  ) | 
|  |  | running ASET periodically (  ) | 
|  |  | stop running ASET periodically (  ) | 
|  | 
|  | aset.restore command, description (  ) | 
|  | 
|  | ASETDIR variable (ASET), working directory specification (  ) | 
|  | 
|  | asetenv file | 
|  |  | description (  ) | 
|  |  | modifying (  ) | 
|  |  | running ASET periodically (  ) | 
|  | 
|  | ASETSECLEVEL variable (ASET), setting security levels (  ) | 
|  | 
|  | Assign Administrative Role dialog box, description (  ) | 
|  | 
|  | Assign Rights to Role dialog box, description (  ) | 
|  | 
|  | asterisk (*) | 
|  |  | device_allocate file (  ) (  ) | 
|  |  | wildcard character (  ) | 
|  | 
|  | at command, authorizations required (  ) | 
|  | 
|  | atq command, authorizations required (  ) | 
|  | 
|  | attr token (  ) | 
|  | 
|  | audio_clean script (  ) | 
|  | 
|  | audio devices, device-clean scripts (  ) | 
|  | 
|  | AUDIO_DRAIN ioctl system call (  ) | 
|  | 
|  | AUDIO_SETINFO ioctl system call (  ) | 
|  | 
|  | AUDIOGETREG ioctl system call (  ) | 
|  | 
|  | AUDIOSETREG ioctl system call (  ) | 
|  | 
|  | audit characteristics | 
|  |  | overview (  ) | 
|  |  | process preselection mask (  ) | 
|  | 
|  | audit class | 
|  |  | description (  ) (  ) | 
|  | 
|  | audit classes | 
|  |  | auditconfig command options (  ) | 
|  |  | description (  ) | 
|  |  | flags and definitions (  ) (  ) | 
|  |  | mapping events (  ) | 
|  | 
|  | audit command | 
|  |  | -n option (  ) | 
|  |  | preselection mask for existing processes (-s option) (  ) | 
|  |  | rereading audit files (-s option) (  ) | 
|  |  | resetting directory pointer (-s option) (  ) | 
|  | 
|  | audit_control file | 
|  |  | audit daemon rereading after editing (  ) | 
|  |  | audit_user file modification (  ) | 
|  |  | dir: line | 
|  |  |  | described (  ) | 
|  |  |  | examples (  ) | 
|  |  | examples (  ) | 
|  |  | flags: line | 
|  |  |  | described (  ) | 
|  |  |  | prefixes in (  ) (  ) | 
|  |  |  | process preselection mask (  ) | 
|  |  | minfree: line | 
|  |  |  | audit_warn condition (  ) | 
|  |  |  | described (  ) | 
|  |  | naflags: line (  ) | 
|  |  | overview (  ) (  ) (  ) | 
|  |  | prefixes in flags line (  ) (  ) | 
|  |  | problem with contents (  ) | 
|  | 
|  | audit daemon | 
|  |  | audit_startup file (  ) | 
|  |  | audit trail creation (  ) (  ) | 
|  |  | audit_warn script | 
|  |  |  | conditions invoking (  ) (  ) | 
|  |  |  | described (  ) (  ) | 
|  |  |  | execution of (  ) | 
|  |  | enabling auditing (  ) | 
|  |  | functions (  ) | 
|  |  | order audit files are opened (  ) | 
|  |  | rereading the audit_control file (  ) | 
|  | 
|  | audit_data file (  ) | 
|  | 
|  | audit directory, description (  ) | 
|  | 
|  | audit event | 
|  |  | audit_event file (  ) (  ) | 
|  |  | description (  ) (  ) (  ) | 
|  |  | kernel event (  ) | 
|  |  | mapping to classes (  ) | 
|  |  | user-level events (  ) | 
|  | 
|  | audit_event file (  ) (  ) | 
|  | 
|  | audit events | 
|  |  | kernel events | 
|  |  |  | auditconfig command options (  ) | 
|  |  |  | auditconfig command options (  ) | 
|  |  | user-level events | 
|  |  |  | auditconfig command options (  ) | 
|  | 
|  | audit files | 
|  |  | auditreduce command (  ) (  ) | 
|  |  | combining (  ) (  ) (  ) | 
|  |  | copying messages to single file (  ) | 
|  |  | displaying in entirety (  ) | 
|  |  | file token (  ) | 
|  |  | minimum free space for file systems (  ) | 
|  |  | names (  ) (  ) (  ) (  ) (  ) (  ) (  ) | 
|  |  |  | form (  ) | 
|  |  |  | still-active files (  ) | 
|  |  | nonactive files marked not_terminated (  ) | 
|  |  | order for opening (  ) | 
|  |  | printing (  ) | 
|  |  | reducing (  ) (  ) (  ) | 
|  |  | reducing storage-space requirements (  ) (  ) | 
|  |  | switching to new file (  ) | 
|  |  | time stamps (  ) | 
|  | 
|  | audit flags (  ) | 
|  |  | audit_control file line (  ) | 
|  |  | audit_user file (  ) (  ) | 
|  |  | auditconfig command options (  ) | 
|  |  | definitions (  ) (  ) | 
|  |  | description (  ) | 
|  |  | machine-wide (  ) (  ) (  ) | 
|  |  | overview (  ) (  ) | 
|  |  | prefixes (  ) (  ) | 
|  |  | process preselection mask (  ) | 
|  |  | syntax (  ) (  ) | 
|  | 
|  | audit ID (  ) | 
|  |  | overview (  ) | 
|  | 
|  | audit messages, copying to single file (  ) | 
|  | 
|  | audit policies | 
|  |  | auditconfig options (  ) | 
|  |  | default (  ) | 
|  |  | description (  ) | 
|  |  | list of (  ) | 
|  | 
|  | audit records | 
|  |  | audit directories full (  ) (  ) (  ) (  ) | 
|  |  | converting to readable format (  ) (  ) (  ) (  ) | 
|  |  | description (  ) | 
|  |  | events that generate (  ) | 
|  |  | format or structure (  ) | 
|  |  | overview (  ) | 
|  |  | reducing audit files (  ) | 
|  | 
|  | audit session ID (  ) | 
|  | 
|  | audit_startup file (  ) | 
|  | 
|  | audit threshold (  ) | 
|  | 
|  | audit tokens | 
|  |  | audit record format (  ) | 
|  |  | description (  ) (  ) | 
|  |  | format (  ) | 
|  |  | table of (  ) | 
|  | 
|  | audit trail | 
|  |  | analysis | 
|  |  |  | praudit command (  ) (  ) | 
|  |  | analysis costs (  ) | 
|  |  | creating | 
|  |  |  | audit daemon's role (  ) (  ) (  ) | 
|  |  |  | audit_data file (  ) | 
|  |  |  | overview (  ) | 
|  |  | description (  ) | 
|  |  | events included (  ) | 
|  |  | merging all files (  ) (  ) | 
|  |  | monitoring in real time (  ) | 
|  |  | overflow prevention (  ) | 
|  |  | overview (  ) | 
|  | 
|  | audit_user file | 
|  |  | prefixes for flags (  ) (  ) | 
|  |  | process preselection mask (  ) | 
|  |  | user audit fields (  ) (  ) | 
|  | 
|  | audit_warn script (  ) | 
|  |  | audit daemon execution of (  ) | 
|  |  | conditions invoking (  ) (  ) | 
|  |  | description (  ) | 
|  |  | strings (  ) (  ) | 
|  | 
|  | auditconfig command | 
|  |  | audit flags as arguments (  ) (  ) | 
|  |  | options (  ) (  ) | 
|  |  | prefixes for flags (  ) (  ) | 
|  | 
|  | auditd daemon | 
|  |  | audit_startup file (  ) | 
|  |  | audit trail creation (  ) (  ) (  ) (  ) | 
|  |  | audit_warn script | 
|  |  |  | conditions invoking (  ) (  ) | 
|  |  |  | described (  ) | 
|  |  |  | execution of (  ) | 
|  |  | enabling auditing (  ) | 
|  |  | functions (  ) | 
|  |  | order audit files are opened (  ) | 
|  |  | rereading the audit_control file (  ) | 
|  | 
|  | auditreduce command (  ) (  ) | 
|  |  | -c option (  ) | 
|  |  | cleaning not_terminated files (  ) | 
|  |  | -d option (  ) | 
|  |  | description (  ) (  ) | 
|  |  | examples (  ) | 
|  |  | -O option (  ) | 
|  |  | options (  ) | 
|  |  | time stamp use (  ) | 
|  |  | without options (  ) (  ) | 
|  | 
|  | auditsvc() system call | 
|  |  | audit_warn script and (  ) | 
|  |  | trailer token and (  ) | 
|  | 
|  | AUE_... names, description (  ) | 
|  | 
|  | auth_attr database | 
|  |  | description (  ) (  ) | 
|  |  | RBAC relationships (  ) | 
|  | 
|  | AUTH_DH authentication (  ) | 
|  | 
|  | AUTH_DH client-server session (  ) (  ) | 
|  |  | additional transaction (  ) | 
|  |  | client authenticates server (  ) | 
|  |  | contacting the server (  ) (  ) | 
|  |  | decrypting the conversation key (  ) | 
|  |  | generating public and secret keys (  ) | 
|  |  | generating the conversation key (  ) | 
|  |  | running keylogin (  ) | 
|  |  | storing information on the server (  ) (  ) | 
|  |  | verifier returned to client (  ) | 
|  | 
|  | authentication | 
|  |  | configuring cross-realm (  ) | 
|  |  | description (  ) | 
|  |  | DH (  ) (  ) | 
|  |  | network security (  ) (  ) | 
|  |  | overview of Kerberos (  ) | 
|  |  | root for NFS (  ) | 
|  |  | SEAM and (  ) | 
|  |  | Secure Shell | 
|  |  |  | description (  ) | 
|  |  |  | hosts (  ) | 
|  |  |  | methods (  ) | 
|  |  |  | steps (  ) | 
|  |  |  | users (  ) | 
|  |  | terminology (  ) | 
|  |  | types (  ) | 
|  | 
|  | authentication parameters, ssh_config file (  ) | 
|  | 
|  | authenticator | 
|  |  | in SEAM (  ) (  ) | 
|  | 
|  | authorization | 
|  |  | database | 
|  |  |  | See auth_attr database |  | 
|  |  | delegating (  ) | 
|  |  | description (  ) (  ) (  ) (  ) | 
|  |  | granularity (  ) | 
|  |  | naming convention (  ) | 
|  |  | network security (  ) (  ) | 
|  |  | SEAM and (  ) | 
|  |  | types (  ) | 
|  | 
|  | authorized_keys file, description (  ) | 
|  | 
|  | auths command, description (  ) | 
|  | 
|  | authtok_check module, description (  ) | 
|  | 
|  | authtok_get module, description (  ) | 
|  | 
|  | authtok_store module, description (  ) | 
|  | 
|  | Automated Security Enhancement Tool | 
|  |  | See ASET |  | 
|  | 
|  | automatically enabling auditing (  ) | 
|  | 
|  | automating principal creation (  ) | 
|  |  |  |  | 
| C | 
|  | 
|  | -c option, auditreduce command (  ) | 
|  | 
|  | C shell | 
|  |  | ASET working directory specification (  ) | 
|  |  | privileged version (  ) | 
|  | 
|  | cache, credential (  ) | 
|  | 
|  | caret (^) in audit flag prefixes (  ) (  ) | 
|  | 
|  | CD-ROM drives | 
|  |  | device-clean scripts (  ) (  ) | 
|  | 
|  | cd subcommand, sftp command (  ) | 
|  | 
|  | changepw principal (  ) | 
|  | 
|  | changing | 
|  |  | (command line) user properties (  ) | 
|  |  | rights profiles (command line) (  ) | 
|  |  | role properties (command line) (  ) | 
|  |  | your password with kpasswd (  ) | 
|  |  | your password with passwd (  ) | 
|  | 
|  | CheckHostIP keyword, ssh_config file (  ) | 
|  | 
|  | chgrp command | 
|  |  | description (  ) | 
|  |  | syntax (  ) | 
|  | 
|  | chgrp subcommand, sftp command (  ) | 
|  | 
|  | -chkconf option, auditconfig command (  ) | 
|  | 
|  | chkey command (  ) (  ) | 
|  | 
|  | chmod command | 
|  |  | changing special permissions (  ) (  ) | 
|  |  | description (  ) | 
|  |  | syntax (  ) | 
|  | 
|  | chmod subcommand, sftp command (  ) | 
|  | 
|  | choosing, your password (  ) | 
|  | 
|  | chown command | 
|  |  | description (  ) | 
|  |  | syntax (  ) | 
|  | 
|  | Cipher keyword, ssh_config file (  ) | 
|  | 
|  | Ciphers keyword | 
|  |  | ssh_config file (  ) | 
|  |  | sshd_config file (  ) | 
|  | 
|  | cklist.rpt file | 
|  |  | description (  ) (  ) | 
|  | 
|  | CKLISTPATH_level variable (ASET), setting the directories to be checked (  ) | 
|  | 
|  | cl audit flag (  ) | 
|  | 
|  | class | 
|  |  | description (  ) (  ) | 
|  | 
|  | classes | 
|  |  | auditconfig command options (  ) | 
|  |  | flags and definitions (  ) (  ) | 
|  | 
|  | cleaning, not_terminated files (  ) | 
|  | 
|  | client | 
|  |  | AUTH_DH client-server session (  ) (  ) | 
|  |  | definition in SEAM (  ) | 
|  | 
|  | client names, planning for in SEAM (  ) | 
|  | 
|  | clients (SEAM), configuring (  ) | 
|  | 
|  | clock skew | 
|  |  | SEAM and (  ) (  ) | 
|  | 
|  | clock synchronizing | 
|  |  | SEAM and (  ) (  ) (  ) | 
|  | 
|  | cnt audit policy, description (  ) | 
|  | 
|  | combining audit files (  ) | 
|  |  | auditreduce command (  ) (  ) | 
|  | 
|  | command-line equivalents of SEAM Administration Tool (  ) | 
|  | 
|  | commands | 
|  |  | device-allocation commands (  ) | 
|  |  | table of SEAM (  ) | 
|  | 
|  | comments | 
|  |  | device_allocate file (  ) | 
|  |  | device_maps file (  ) | 
|  | 
|  | common key | 
|  |  | calculation (  ) | 
|  |  | DH authentication and (  ) | 
|  | 
|  | Compression keyword, ssh_config file (  ) | 
|  | 
|  | CompressionLevel keyword, ssh_config file (  ) | 
|  | 
|  | Computer Emergency Response Team/Coordination Center (CERT/CC) (  ) (  ) | 
|  | 
|  | computer security | 
|  |  | See system security |  | 
|  | 
|  | -conf option, auditconfig command (  ) | 
|  | 
|  | configuration decisions | 
|  |  | SEAM | 
|  |  |  | client and service principal names (  ) | 
|  |  |  | clock synchronization (  ) | 
|  |  |  | database propagation (  ) | 
|  |  |  | mapping hostnames onto realms (  ) | 
|  |  |  | number of realms (  ) | 
|  |  |  | ports (  ) | 
|  |  |  | realm hierarchy (  ) | 
|  |  |  | realm names (  ) | 
|  |  |  | realms (  ) | 
|  |  |  | slave KDCs (  ) | 
|  | 
|  | configuration file | 
|  |  | PAM (  ) (  ) | 
|  | 
|  | configuring | 
|  |  | ASET (  ) (  ) | 
|  |  | audit trail overflow prevention (  ) | 
|  |  | auditconfig command (  ) (  ) | 
|  |  | RBAC | 
|  |  |  | task map (  ) | 
|  |  | SEAM | 
|  |  |  | adding administration principals (  ) | 
|  |  |  | clients (  ) | 
|  |  |  | cross-realm authentication (  ) | 
|  |  |  | master KDC server (  ) | 
|  |  |  | NFS servers (  ) | 
|  |  |  | overview (  ) | 
|  |  |  | slave KDC server (  ) | 
|  |  |  | task map (  ) | 
|  |  | Secure Shell (  ) | 
|  | 
|  | ConnectionAttempts keyword, ssh_config file (  ) | 
|  | 
|  | console | 
|  |  | displaying su command use on (  ) | 
|  |  | root access restriction to (  ) | 
|  | 
|  | context-sensitive help (  ) | 
|  | 
|  | control flags, PAM (  ) | 
|  | 
|  | controlling, system usage (  ) | 
|  | 
|  | conversation key | 
|  |  | decrypting (  ) | 
|  |  | generating (  ) | 
|  | 
|  | converting | 
|  |  | audit records to readable format (  ) (  ) (  ) | 
|  | 
|  | copying audit messages to single file (  ) | 
|  | 
|  | cost control, BSM and (  ) | 
|  | 
|  | creating | 
|  |  | credential table (  ) | 
|  |  | /etc/d_passwd file (  ) | 
|  |  | keytab file (  ) | 
|  |  | new policy (  ) | 
|  |  | new policy (SEAM) (  ) | 
|  |  | new principal (SEAM) (  ) | 
|  |  | Secure Shell keys (  ) | 
|  |  | stash file (  ) | 
|  |  | tickets with kinit (  ) | 
|  | 
|  | creating the audit trail (  ) | 
|  |  | audit daemon's role (  ) | 
|  |  | audit_data file (  ) | 
|  |  | auditd daemon (  ) | 
|  |  | overview (  ) | 
|  | 
|  | cred database (  ) (  ) | 
|  |  | DH authentication and (  ) | 
|  | 
|  | cred table | 
|  |  | information stored by server (  ) (  ) | 
|  | 
|  | credential | 
|  |  | cache (  ) | 
|  |  | description (  ) (  ) | 
|  |  | obtaining for a server (  ) | 
|  |  | obtaining for a TGS (  ) | 
|  |  | or tickets (  ) | 
|  | 
|  | credential cache (  ) | 
|  | 
|  | credential table, adding single entry to (  ) | 
|  | 
|  | cron command, backing up using (  ) | 
|  | 
|  | cron service name, PAM (  ) | 
|  | 
|  | crontab files, authorizations required (  ) | 
|  | 
|  | crontab files | 
|  |  | running ASET periodically (  ) | 
|  |  | stop running ASET periodically (  ) | 
|  | 
|  | cross-realm authentication, configuring (  ) | 
|  | 
|  | crypt command, file security (  ) | 
|  | 
|  | crypt_sunmd5 encryption algorithm (  ) | 
|  | 
|  | csh command | 
|  |  | dial-up passwords (  ) | 
|  |  | privileged version (  ) | 
|  | 
|  | .cshrc file, path variable entry (  ) | 
|  |  |  |  | 
| D | 
|  | 
|  | -d option | 
|  |  | auditreduce command (  ) | 
|  |  | praudit command (  ) | 
|  | 
|  | d_passwd file | 
|  |  | creating (  ) | 
|  |  | description (  ) | 
|  |  | disabling dial-up logins temporarily (  ) | 
|  |  | /etc/passwd file and (  ) | 
|  | 
|  | daemon | 
|  |  | keyserv (  ) | 
|  |  | krb5kdc (  ) | 
|  | 
|  | daemons, table of SEAM (  ) | 
|  | 
|  | Data Encryption Standard | 
|  |  | See DES |  | 
|  | 
|  | data forwarding, Secure Shell (  ) | 
|  | 
|  | database | 
|  |  | backing up and propagating KDC (  ) (  ) | 
|  |  | creating KDC (  ) | 
|  |  | KDC propagation (  ) | 
|  | 
|  | deallocate command | 
|  |  | allocate error state (  ) | 
|  |  | authorizations required (  ) | 
|  |  | description (  ) | 
|  |  | device-clean scripts and (  ) | 
|  |  | using (  ) | 
|  | 
|  | debugging sequence number (  ) | 
|  | 
|  | decrypting | 
|  |  | conversation key (  ) | 
|  |  | secret key (  ) | 
|  | 
|  | default_realm section, krb5.conf file (  ) | 
|  | 
|  | defaults | 
|  |  | ACL entries for directories (  ) (  ) | 
|  |  | audit_startup file (  ) | 
|  |  | machine-wide (  ) | 
|  |  | praudit output format (  ) (  ) | 
|  | 
|  | delete_entry command (  ) | 
|  | 
|  | deleting | 
|  |  | ACL entries (  ) (  ) | 
|  |  | host's service (  ) | 
|  |  | policies (SEAM) (  ) | 
|  |  | principal (SEAM) (  ) | 
|  | 
|  | DenyGroups keyword, sshd_config file (  ) | 
|  | 
|  | DenyUsers keyword, sshd_config file (  ) | 
|  | 
|  | DES encryption (  ) | 
|  | 
|  | destroying, tickets with kdestroy (  ) | 
|  | 
|  | device_allocate file | 
|  |  | format (  ) | 
|  |  | overview (  ) | 
|  | 
|  | device allocation (  ) | 
|  |  | adding devices (  ) | 
|  |  | allocatable devices (  ) (  ) (  ) | 
|  |  | allocate command | 
|  |  |  | how the allocate mechanism works (  ) | 
|  |  |  | options (  ) | 
|  |  |  | using (  ) | 
|  |  | allocate error state (  ) (  ) | 
|  |  | allocating a device (  ) | 
|  |  | commands (  ) (  ) | 
|  |  | components of the allocation mechanism (  ) | 
|  |  | deallocate command | 
|  |  |  | allocate error state (  ) | 
|  |  | deallocate command | 
|  |  |  | allocate error state (  ) | 
|  |  | deallocate command | 
|  |  |  | described (  ) | 
|  |  | deallocate command | 
|  |  |  | device-clean scripts and (  ) | 
|  |  | deallocate command | 
|  |  |  | using (  ) | 
|  |  | description (  ) | 
|  |  | device_allocate file (  ) | 
|  |  | device-clean scripts (  ) | 
|  |  |  | audio devices (  ) | 
|  |  |  | CD-ROM drives (  ) (  ) | 
|  |  |  | described (  ) | 
|  |  |  | diskette drives (  ) (  ) | 
|  |  |  | options (  ) | 
|  |  |  | tape drives (  ) (  ) | 
|  |  |  | writing new scripts (  ) | 
|  |  | device_maps file (  ) | 
|  |  | device_maps file (  ) | 
|  |  | list_devices command (  ) | 
|  |  | lock file setup (  ) | 
|  |  | managing devices (  ) | 
|  |  | reallocating (  ) | 
|  |  | using device allocations (  ) | 
|  | 
|  | device-clean scripts | 
|  |  | audio devices (  ) | 
|  |  | CD-ROM drives (  ) (  ) | 
|  |  | description (  ) | 
|  |  | diskette drives (  ) (  ) | 
|  |  | options (  ) | 
|  |  | tape drives (  ) (  ) | 
|  |  | writing new scripts (  ) | 
|  | 
|  | device_maps file | 
|  |  | format (  ) (  ) | 
|  |  | overview (  ) | 
|  | 
|  | devices | 
|  |  | device allocation | 
|  |  |  | See device allocation |  | 
|  |  | lock files (  ) | 
|  |  | managing (  ) | 
|  |  | system device access control (  ) | 
|  | 
|  | dfstab file | 
|  |  | kerberos option (  ) | 
|  |  | sharing files (  ) | 
|  | 
|  | DH authentication (  ) | 
|  |  | AUTH_DH client-server session (  ) (  ) | 
|  |  | mounting files (  ) | 
|  |  | sharing files (  ) | 
|  | 
|  | DH security | 
|  |  | for an NIS+ client (  ) | 
|  |  | for an NIS client (  ) | 
|  | 
|  | dhkeys module, description (  ) | 
|  | 
|  | dial_auth module, description (  ) | 
|  | 
|  | dial-up passwords | 
|  |  | disabling (  ) | 
|  |  | disabling dial-up logins temporarily (  ) | 
|  |  | /etc/d_passwd file (  ) | 
|  |  | security (  ) | 
|  | 
|  | dialups file, creating (  ) | 
|  | 
|  | Diffie-Hellman, role in authentication (  ) | 
|  | 
|  | dir: line | 
|  |  | audit_control file (  ) (  ) | 
|  | 
|  | direct realms (  ) | 
|  | 
|  | directories | 
|  |  | audit_control file definitions (  ) | 
|  |  | audit daemon pointer (  ) (  ) | 
|  |  | audit directories full (  ) (  ) (  ) | 
|  |  | mounting audit directories (  ) | 
|  | 
|  | directory | 
|  |  | ACL entries (  ) (  ) | 
|  |  | ASET files (  ) | 
|  |  |  | checklist task (CKLISTPATH) setting (  ) (  ) | 
|  |  |  | master files (  ) | 
|  |  |  | reports (  ) | 
|  |  |  | working directory (  ) (  ) | 
|  |  | audit directories full (  ) | 
|  |  | displaying files and related information (  ) (  ) (  ) | 
|  |  | permissions | 
|  |  |  | defaults (  ) | 
|  |  |  | description (  ) | 
|  |  | public directories (  ) | 
|  | 
|  | disabling | 
|  |  | abort sequence (  ) | 
|  |  | dial-up logins temporarily (  ) | 
|  |  | keyboard shutdown (  ) | 
|  |  | service on a host (SEAM) (  ) | 
|  |  | user logins (  ) | 
|  | 
|  | disk-space requirements (  ) | 
|  | 
|  | diskette drives | 
|  |  | device-clean scripts (  ) (  ) | 
|  | 
|  | displaying | 
|  |  | ACL entries (  ) (  ) | 
|  |  | ASET task status (  ) (  ) | 
|  |  | audit log in entirety (  ) | 
|  |  | files and related information (  ) (  ) (  ) | 
|  |  | root access attempts on console (  ) | 
|  |  | su command use on console (  ) | 
|  |  | sublist of principals (SEAM) (  ) | 
|  |  | user's login status (  ) (  ) | 
|  | 
|  | dminfo command (  ) | 
|  | 
|  | DNS (  ) | 
|  |  | SEAM and (  ) | 
|  | 
|  | domain_realm section | 
|  |  | krb5.conf file (  ) (  ) | 
|  | 
|  | dot (.), path variable entry (  ) | 
|  | 
|  | DSAAuthentication keyword, sshd_config file (  ) | 
|  | 
|  | dtlogin service name, PAM (  ) | 
|  | 
|  | .dtprofile script, use in Secure Shell (  ) | 
|  | 
|  | dtsession service name, PAM (  ) | 
|  | 
|  | duplicating, principal (SEAM) (  ) | 
|  |  |  |  | 
| E | 
|  | 
|  | ebusy string, audit_warn script (  ) | 
|  | 
|  | editing rights profiles, task description (  ) | 
|  | 
|  | eeprom command (  ) (  ) | 
|  | 
|  | eeprom.rpt file | 
|  |  | description (  ) (  ) | 
|  | 
|  | efficiency, BSM and (  ) | 
|  | 
|  | eject command, BSM device cleanup and (  ) | 
|  | 
|  | enabling, auditing (  ) | 
|  | 
|  | encrypting | 
|  |  | capturing encrypted passwords (  ) | 
|  |  | files (  ) | 
|  |  | passwords (  ) | 
|  | 
|  | encryption (  ) | 
|  |  | password algorithms (  ) | 
|  |  | privacy service (  ) | 
|  |  | specifying algorithms in policy.conf (  ) | 
|  |  | specifying algorithms in ssh_config (  ) | 
|  |  | specifying algorithms in sshd_config (  ) | 
|  | 
|  | ending, signal received during auditing shutdown (  ) | 
|  | 
|  | env.rpt file | 
|  |  | description (  ) (  ) | 
|  | 
|  | environment file, description (  ) | 
|  | 
|  | environment file (ASET) | 
|  |  | description (  ) | 
|  |  | modifying (  ) | 
|  |  | running ASET periodically (  ) | 
|  | 
|  | environment variables | 
|  |  | ASET | 
|  |  |  | ASETDIR (  ) | 
|  |  |  | ASETSECLEVEL (  ) | 
|  |  |  | CKLISTPATH_level (  ) (  ) | 
|  |  |  | PERIODIC_SCHEDULE (  ) (  ) (  ) (  ) | 
|  |  |  | summary table (  ) | 
|  |  |  | TASKS (  ) (  ) | 
|  |  |  | UID_ALIASES (  ) (  ) (  ) | 
|  |  |  | YPCHECK (  ) (  ) | 
|  | 
|  | equals sign (=), file permissions symbol (  ) | 
|  | 
|  | error message, with kpasswd (  ) | 
|  | 
|  | errors | 
|  |  | allocate error state (  ) (  ) | 
|  |  | audit directories full (  ) (  ) (  ) (  ) | 
|  |  | internal errors (  ) | 
|  | 
|  | EscapeChar keyword, ssh_config file (  ) | 
|  | 
|  | /etc/d_passwd file (  ) | 
|  |  | creating (  ) | 
|  |  | disabling dial-up logins temporarily (  ) | 
|  |  | /etc/passwd file and (  ) | 
|  | 
|  | /etc/default/kbd file (  ) | 
|  | 
|  | /etc/default/login file, restricting root access to console (  ) | 
|  | 
|  | /etc/default/su file | 
|  |  | displaying su command use on console (  ) | 
|  |  | monitoring su command (  ) | 
|  | 
|  | /etc/dfs/dfstab file | 
|  |  | kerberos option (  ) | 
|  |  | sharing files (  ) | 
|  | 
|  | /etc/dialups file, creating (  ) | 
|  | 
|  | /etc/group file, ASET checks (  ) | 
|  | 
|  | /etc/hosts.equiv file, description (  ) | 
|  | 
|  | /etc/init.d/kdc file, description (  ) | 
|  | 
|  | /etc/init.d/kdc.master file, description (  ) | 
|  | 
|  | /etc/krb5/kadm5.acl file, description (  ) | 
|  | 
|  | /etc/krb5/kadm5.keytab file, description (  ) | 
|  | 
|  | /etc/krb5/kdc.conf file, description (  ) | 
|  | 
|  | /etc/krb5/kpropd.acl file, description (  ) | 
|  | 
|  | /etc/krb5/krb5.conf file, description (  ) | 
|  | 
|  | /etc/krb5/krb5.keytab file, description (  ) | 
|  | 
|  | /etc/krb5/warn.conf file, description (  ) | 
|  | 
|  | /etc/logindevperm file, description (  ) | 
|  | 
|  | /etc/nologin file (  ) | 
|  |  | description (  ) | 
|  | 
|  | /etc/nsswitch.conf file, login access restrictions (  ) | 
|  | 
|  | /etc/pam.conf | 
|  |  | description (  ) (  ) | 
|  |  | syntax (  ) | 
|  | 
|  | /etc/pam.conf file, SEAM and (  ) | 
|  | 
|  | /etc/passwd file | 
|  |  | ASET checks (  ) | 
|  |  | /etc/d_passwd file and (  ) | 
|  | 
|  | /etc/publickey file, DH authentication and (  ) | 
|  | 
|  | /etc/security/audit/bsmconv script, devicemaps file creation (  ) | 
|  | 
|  | /etc/security/audit_data file (  ) | 
|  | 
|  | /etc/security/audit_event file (  ) | 
|  |  | audit events and (  ) | 
|  | 
|  | /etc/security/audit_startup file (  ) | 
|  | 
|  | /etc/security/audit_warn script (  ) (  ) | 
|  | 
|  | /etc/security/dev lock files (  ) | 
|  | 
|  | /etc/security/policy.conf file, algorithms configuration (  ) | 
|  | 
|  | /etc/ssh_host_key.pub file, description (  ) | 
|  | 
|  | /etc/ssh/shosts.equiv file, description (  ) | 
|  | 
|  | /etc/ssh/ssh_config file | 
|  |  | client authentication parameters (  ) | 
|  |  | configuring Secure Shell (  ) | 
|  |  | host-specific parameters (  ) | 
|  | 
|  | /etc/ssh/ssh_host_key file, description (  ) | 
|  | 
|  | /etc/ssh/ssh_known_hosts file | 
|  |  | configuring Secure Shell (  ) | 
|  |  | controlling distribution (  ) | 
|  |  | description (  ) | 
|  | 
|  | /etc/ssh/sshd_config file, description (  ) | 
|  | 
|  | /etc/ssh/sshrc file, description (  ) | 
|  | 
|  | /etc/syslog.conf file, PAM (  ) | 
|  | 
|  | event, description (  ) | 
|  | 
|  | event modifier field flags (header token) (  ) | 
|  | 
|  | events | 
|  |  | audit | 
|  |  |  | See audit events |  | 
|  |  | kernel events | 
|  |  |  | auditconfig command options (  ) (  ) | 
|  |  | user-level events | 
|  |  |  | auditconfig command options (  ) | 
|  | 
|  | ex audit flag (  ) | 
|  | 
|  | exec_args token | 
|  |  | argv policy and (  ) | 
|  |  | format (  ) | 
|  | 
|  | exec_attr database | 
|  |  | description (  ) (  ) | 
|  |  | RBAC relationships (  ) | 
|  | 
|  | exec audit class (  ) | 
|  | 
|  | exec_env token, format (  ) | 
|  | 
|  | execute permissions, symbolic mode (  ) | 
|  | 
|  | execution attributes, description (  ) | 
|  | 
|  | execution log (ASET) (  ) (  ) | 
|  | 
|  | exit subcommand, sftp command (  ) | 
|  | 
|  | exit token, format (  ) | 
|  |  |  |  | 
| F | 
|  | 
|  | -F option | 
|  |  | allocate command (  ) | 
|  |  | deallocate command (  ) | 
|  |  | st_clean script (  ) | 
|  | 
|  | fa audit flag (  ) | 
|  | 
|  | failed login attempts (  ) | 
|  | 
|  | failure | 
|  |  | audit flag prefix (  ) (  ) | 
|  |  | turning off audit flags for (  ) (  ) | 
|  | 
|  | FallBackToRsh keyword, ssh_config file (  ) | 
|  | 
|  | fc audit flag (  ) | 
|  | 
|  | fd audit flag (  ) | 
|  | 
|  | fd_clean script, description (  ) | 
|  | 
|  | file_attr_acc audit class (  ) | 
|  | 
|  | file_attr_mod audit class (  ) | 
|  | 
|  | file_close audit class (  ) | 
|  | 
|  | file_creation audit class (  ) | 
|  | 
|  | file_deletion audit class (  ) | 
|  | 
|  | file_read audit class (  ) | 
|  | 
|  | file token, format (  ) | 
|  | 
|  | file vnode token (  ) | 
|  | 
|  | file_write audit class (  ) | 
|  | 
|  | files | 
|  |  | copying with Secure Shell (  ) | 
|  |  | device allocation lock (  ) | 
|  |  | kdc.conf (  ) | 
|  |  | table of SEAM (  ) | 
|  |  | transferring with Secure Shell (  ) | 
|  | 
|  | files and file systems | 
|  |  | ACL entries | 
|  |  |  | adding or modifying (  ) | 
|  |  |  | checking (  ) | 
|  |  |  | deleting (  ) (  ) | 
|  |  |  | displaying (  ) (  ) | 
|  |  |  | setting (  ) (  ) | 
|  |  |  | valid entries (  ) | 
|  |  | ASET checks (  ) (  ) | 
|  |  | ownership | 
|  |  |  | changing (  ) | 
|  |  |  | setgid permission and (  ) | 
|  |  |  | setuid permission and (  ) | 
|  |  | permissions | 
|  |  |  | absolute mode (  ) (  ) | 
|  |  |  | changing (  ) (  ) (  ) | 
|  |  |  | defaults (  ) | 
|  |  |  | description (  ) | 
|  |  |  | setgid (  ) (  ) | 
|  |  |  | setuid (  ) | 
|  |  |  | sticky bit (  ) | 
|  |  |  | symbolic mode (  ) (  ) (  ) (  ) | 
|  |  |  | umask setting (  ) | 
|  |  | security (  ) (  ) | 
|  |  |  | access restriction (  ) | 
|  |  |  | ACL (  ) | 
|  |  |  | changing ownership (  ) (  ) | 
|  |  |  | changing permissions (  ) (  ) | 
|  |  |  | directory permissions (  ) | 
|  |  |  | displaying file information (  ) (  ) (  ) | 
|  |  |  | encryption (  ) | 
|  |  |  | file permissions (  ) | 
|  |  |  | file types (  ) | 
|  |  |  | special file permissions (  ) (  ) (  ) | 
|  |  |  | umask default (  ) | 
|  |  |  | user classes (  ) | 
|  |  | sharing files (  ) | 
|  | 
|  | find command | 
|  |  | finding files with setuid permissions (  ) (  ) | 
|  | 
|  | firewall.rpt file (  ) | 
|  |  | description (  ) | 
|  | 
|  | firewall systems | 
|  |  | ASET setup (  ) (  ) | 
|  |  | outside connections with Secure Shell | 
|  |  |  | from command line (  ) | 
|  |  |  | from configuration file (  ) | 
|  |  | packet smashing (  ) | 
|  |  | security (  ) | 
|  |  | trusted host (  ) | 
|  | 
|  | flags (  ) | 
|  |  | audit | 
|  |  |  | See audit flags |  | 
|  |  | audit_control file line (  ) | 
|  |  | audit_user file (  ) (  ) | 
|  |  | auditconfig command options (  ) | 
|  |  | definitions (  ) (  ) | 
|  |  | machine-wide (  ) (  ) | 
|  |  | overview (  ) | 
|  |  | prefixes (  ) (  ) | 
|  |  | process preselection mask (  ) | 
|  |  | syntax (  ) (  ) | 
|  | 
|  | flags: line in audit_control file | 
|  |  | description (  ) | 
|  |  | prefixes in (  ) (  ) | 
|  |  | process preselection mask (  ) | 
|  | 
|  | fm audit flag (  ) | 
|  | 
|  | forced cleanup (  ) | 
|  | 
|  | forwardable tickets | 
|  |  | definition (  ) | 
|  |  | description (  ) | 
|  |  | example (  ) | 
|  | 
|  | forwarding, specifying in ssh_config (  ) | 
|  | 
|  | ForwardX11 keyword, Secure Shell port forwarding (  ) | 
|  | 
|  | FQDN (Fully Qualified Domain Name), in SEAM (  ) | 
|  | 
|  | fr audit flag (  ) | 
|  | 
|  | ftp command, authentication (  ) | 
|  | 
|  | ftp service name, PAM (  ) | 
|  | 
|  | fw audit flag (  ) | 
|  |  |  |  | 
| K | 
|  | 
|  | .k5.REALM file, description (  ) | 
|  | 
|  | .k5login file, description (  ) | 
|  | 
|  | kadm5.acl file (  ) (  ) (  ) (  ) (  ) (  ) | 
|  |  | description (  ) | 
|  |  | format of entries (  ) | 
|  | 
|  | kadm5.keytab file (  ) | 
|  |  | description (  ) | 
|  | 
|  | kadmin command (  ) (  ) | 
|  |  | description (  ) | 
|  |  | ktadd command (  ) | 
|  |  | ktremove command (  ) | 
|  |  | removing principals from keytab with (  ) | 
|  | 
|  | kadmin.local command (  ) (  ) | 
|  |  | adding administration principals (  ) | 
|  |  | description (  ) | 
|  | 
|  | kadmin.log file, description (  ) | 
|  | 
|  | kadmind daemon | 
|  |  | master KDC and (  ) | 
|  |  | SEAM and (  ) | 
|  | 
|  | kadmind principal (  ) | 
|  | 
|  | kdb5_util command (  ) (  ) | 
|  |  | description (  ) | 
|  | 
|  | KDC | 
|  |  | adding entries to propagation file (  ) | 
|  |  | adding slave names to cron job (  ) | 
|  |  | backing up and propagating (  ) | 
|  |  | configuring master (  ) | 
|  |  | configuring server (  ) | 
|  |  | configuring slave (  ) | 
|  |  | copying administration files from slave to master (  ) | 
|  |  | creating database (  ) | 
|  |  | creating host principal (  ) | 
|  |  | creating root principal (  ) (  ) | 
|  |  | database propagation (  ) | 
|  |  | master | 
|  |  |  | definition (  ) | 
|  |  | planning (  ) | 
|  |  | ports (  ) | 
|  |  | propagating database with kprop_util (  ) | 
|  |  | restricting access to servers (  ) | 
|  |  | slave (  ) | 
|  |  |  | definition (  ) | 
|  |  | slave or master (  ) (  ) | 
|  |  | starting daemon (  ) | 
|  |  | swapping master and slave (  ) | 
|  |  | synchronizing clocks (  ) (  ) | 
|  | 
|  | kdc.conf file | 
|  |  | description (  ) | 
|  |  | ticket lifetime and (  ) | 
|  | 
|  | kdc file, description (  ) | 
|  | 
|  | kdc.log file, description (  ) | 
|  | 
|  | kdc.master file, description (  ) | 
|  | 
|  | kdestroy command | 
|  |  | description (  ) | 
|  |  | example (  ) | 
|  | 
|  | KeepAlive keyword | 
|  |  | ssh_config file (  ) | 
|  |  | sshd_config file (  ) | 
|  | 
|  | KERB authentication, dfstab file option (  ) | 
|  | 
|  | Kerberos | 
|  |  | and Kerberos V5 (  ) | 
|  |  | and SEAM (  ) (  ) | 
|  |  | dfstab file option (  ) | 
|  |  | terminology (  ) | 
|  | 
|  | Kerberos (KERB) authentication (  ) | 
|  | 
|  | kernel events | 
|  |  | auditconfig command options (  ) (  ) | 
|  |  | BSM and (  ) | 
|  | 
|  | key | 
|  |  | creating for an NIS user (  ) | 
|  |  | creating for Secure Shell (  ) | 
|  |  | description (  ) | 
|  |  | private (  ) | 
|  |  | service (  ) | 
|  |  | service key (  ) | 
|  |  | session (  ) (  ) | 
|  | 
|  | Key Distribution Center | 
|  |  | See KDC |  | 
|  | 
|  | KEYBOARD_ABORT system variable (  ) | 
|  | 
|  | keylogin command (  ) (  ) | 
|  |  | running (  ) | 
|  | 
|  | KeyRegenerationInterval keyword, sshd_config file (  ) | 
|  | 
|  | keyserv daemon | 
|  |  | starting (  ) | 
|  |  | verifying (  ) | 
|  | 
|  | keytab file | 
|  |  | adding master KDC's host principal to (  ) | 
|  |  | adding service principal to (  ) (  ) | 
|  |  | administering (  ) | 
|  |  | administering with ktutil command (  ) | 
|  |  | creating (  ) | 
|  |  | disabling a host's service with delete_entry command (  ) | 
|  |  | read into keytab buffer with with read_kt command (  ) | 
|  |  | read into keytab with read_kt command (  ) | 
|  |  | removing principals with ktremove command (  ) | 
|  |  | removing service principal from (  ) | 
|  |  | viewing contents with ktutil command (  ) (  ) | 
|  |  | viewing keylist buffer with list command (  ) (  ) | 
|  | 
|  | kinds of tickets (  ) | 
|  | 
|  | kinit command | 
|  |  | description (  ) | 
|  |  | example (  ) | 
|  |  | -F option (  ) | 
|  |  | ticket lifetime (  ) | 
|  | 
|  | klist command | 
|  |  | description (  ) | 
|  |  | example (  ) | 
|  |  | -f option (  ) | 
|  | 
|  | known_hosts file | 
|  |  | configuring Secure Shell (  ) | 
|  |  | controlling distribution (  ) | 
|  |  | description (  ) | 
|  |  | role in authentication (  ) | 
|  | 
|  | Korn shell | 
|  |  | ASET working directory specification (  ) | 
|  |  | privileged version (  ) | 
|  | 
|  | kpasswd command | 
|  |  | and passwd command (  ) | 
|  |  | description (  ) | 
|  |  | error message (  ) | 
|  |  | example (  ) | 
|  | 
|  | kprop command, description (  ) | 
|  | 
|  | kprop_script script (  ) | 
|  | 
|  | kpropd.acl file (  ) | 
|  |  | description (  ) | 
|  | 
|  | kpropd daemon, SEAM and (  ) | 
|  | 
|  | krb5.conf file | 
|  |  | description (  ) | 
|  |  | domain_realm section (  ) | 
|  |  | editing (  ) | 
|  |  | ports definition (  ) | 
|  | 
|  | krb5.keytab file, description (  ) | 
|  | 
|  | krb5 module, description (  ) | 
|  | 
|  | krb5cc_uid file, description (  ) | 
|  | 
|  | krb5kdc daemon (  ) | 
|  |  | master KDC and (  ) | 
|  |  | SEAM and (  ) | 
|  | 
|  | ksh command (  ) | 
|  |  | privileged version (  ) | 
|  | 
|  | ktadd command (  ) (  ) | 
|  |  | syntax (  ) | 
|  | 
|  | ktremove command (  ) | 
|  | 
|  | ktutil command (  ) | 
|  |  | delete_entry command (  ) | 
|  |  | description (  ) | 
|  |  | list command (  ) (  ) | 
|  |  | read_kt command (  ) (  ) | 
|  |  | viewing list of principals (  ) (  ) | 
|  |  |  |  | 
| L | 
|  | 
|  | -l option, praudit command (  ) | 
|  | 
|  | -L option | 
|  |  | ssh command (  ) (  ) | 
|  | 
|  | lcd subcommand, sftp command (  ) | 
|  | 
|  | LDAP | 
|  |  | passwords (  ) (  ) | 
|  | 
|  | ldap module, description (  ) | 
|  | 
|  | legacy application, securing (  ) | 
|  | 
|  | lifetime of ticket, in SEAM (  ) | 
|  | 
|  | list command (  ) (  ) | 
|  | 
|  | list_devices command (  ) | 
|  |  | authorizations required (  ) | 
|  | 
|  | list privileges in SEAM Administration Tool (  ) | 
|  | 
|  | ListenAddress keyword, sshd_config file (  ) | 
|  | 
|  | lo audit flag (  ) | 
|  | 
|  | LocalForward keyword, ssh_config file (  ) | 
|  | 
|  | lock files | 
|  |  | how the allocate mechanism works (  ) | 
|  |  | setting up (  ) | 
|  | 
|  | log files | 
|  |  | ASET execution log (  ) (  ) | 
|  |  | monitoring su command (  ) | 
|  | 
|  | logging in | 
|  |  | displaying user's login status (  ) (  ) | 
|  |  | root login | 
|  |  |  | account (  ) | 
|  |  |  | restricting to console (  ) | 
|  |  |  | tracking (  ) | 
|  |  | security | 
|  |  |  | access restrictions (  ) (  ) | 
|  |  |  | saving failed attempts (  ) | 
|  |  |  | system access control (  ) | 
|  |  |  | system device access control (  ) | 
|  |  |  | tracking root login (  ) | 
|  |  | system logins (  ) (  ) | 
|  | 
|  | .login file, path variable entry (  ) | 
|  | 
|  | login file, restricting root access to console (  ) | 
|  | 
|  | login_logout audit class (  ) | 
|  | 
|  | login service name, PAM (  ) | 
|  | 
|  | logindevperm file, description (  ) | 
|  | 
|  | LoginGraceTime keyword, sshd_config file (  ) | 
|  | 
|  | loginlog file, saving failed login attempts (  ) | 
|  | 
|  | logins command | 
|  |  | displaying user's login status (  ) (  ) | 
|  |  | displaying users with no passwords (  ) | 
|  |  | syntax (  ) (  ) | 
|  | 
|  | LogLevel keyword | 
|  |  | ssh_config file (  ) | 
|  |  | sshd_config file (  ) | 
|  | 
|  | low ASET security level (  ) | 
|  | 
|  | ls subcommand, sftp command (  ) | 
|  | 
|  | -lsevent option, auditconfig command (  ) | 
|  | 
|  | -lspolicy option, auditconfig command (  ) | 
|  |  |  |  | 
| P | 
|  | 
|  | packet transfers | 
|  |  | firewall security (  ) | 
|  |  | packet smashing (  ) | 
|  | 
|  | PAM | 
|  |  | add a module (  ) | 
|  |  | configuration file (  ) (  ) (  ) | 
|  |  | control flags (  ) | 
|  |  | /etc/syslog.conf file (  ) | 
|  |  | module types (  ) | 
|  |  | modules (  ) | 
|  |  | overview (  ) | 
|  |  | password mapping (  ) | 
|  |  | planning (  ) | 
|  |  | SEAM and (  ) (  ) (  ) | 
|  |  | service names (  ) | 
|  |  | stacking (  ) | 
|  |  | try_first_pass (  ) | 
|  | 
|  | pam_*.so.1 files, description (  ) | 
|  | 
|  | pam.conf file | 
|  |  | description (  ) | 
|  |  | SEAM and (  ) | 
|  | 
|  | pam_roles command, description (  ) | 
|  | 
|  | panels, table of SEAM Administration Tool (  ) | 
|  | 
|  | passphrase, example (  ) | 
|  | 
|  | passwd command | 
|  |  | and kpasswd command (  ) | 
|  |  | try_first_pass (  ) | 
|  | 
|  | passwd file | 
|  |  | ASET checks (  ) | 
|  |  | /etc/d_passwd file and (  ) | 
|  | 
|  | passwd service name, PAM (  ) | 
|  | 
|  | password mapping, in PAM (  ) | 
|  | 
|  | PasswordAuthentication keyword, sshd_config file (  ) | 
|  | 
|  | passwords | 
|  |  | and policies (  ) | 
|  |  | capturing encrypted passwords (  ) | 
|  |  | changing with kpasswd command (  ) | 
|  |  | changing with passwd command (  ) | 
|  |  | dial-up passwords | 
|  |  |  | disabling dial-up logins temporarily (  ) | 
|  |  |  | /etc/d_passwd file (  ) | 
|  |  | displaying users with no passwords (  ) | 
|  |  | eliminating in Secure Shell use (  ) (  ) | 
|  |  | encryption algorithms (  ) | 
|  |  | LDAP (  ) (  ) | 
|  |  | local (  ) | 
|  |  | login security (  ) (  ) (  ) | 
|  |  | management (  ) | 
|  |  | modifying a principal's password (  ) | 
|  |  | NIS (  ) (  ) | 
|  |  | NIS+ (  ) (  ) | 
|  |  | PROM security mode (  ) (  ) | 
|  |  | secret-key decryption (  ) | 
|  |  | Secure Shell (  ) | 
|  |  | specifying encryption algorithm (  ) | 
|  |  | suggestions on choosing (  ) | 
|  |  | system logins (  ) (  ) | 
|  |  | UNIX and Kerberos (  ) | 
|  | 
|  | path audit policy, description (  ) | 
|  | 
|  | PATH system variable (  ) | 
|  | 
|  | path token (  ) | 
|  | 
|  | path variable, setting (  ) | 
|  | 
|  | pc audit flag (  ) | 
|  | 
|  | PERIODIC_SCHEDULE variable (ASET) | 
|  |  | scheduling ASET (  ) (  ) (  ) (  ) | 
|  | 
|  | permissions | 
|  |  | ACLs and (  ) (  ) | 
|  |  | ASET handling of (  ) (  ) | 
|  |  | changing file permissions | 
|  |  |  | absolute mode (  ) (  ) | 
|  |  |  | chmod command (  ) | 
|  |  |  | symbolic mode (  ) (  ) (  ) (  ) | 
|  |  | defaults (  ) | 
|  |  | directory permissions (  ) | 
|  |  | file permissions | 
|  |  |  | absolute mode (  ) (  ) | 
|  |  |  | changing (  ) (  ) | 
|  |  |  | description (  ) | 
|  |  |  | special permissions (  ) (  ) (  ) | 
|  |  |  | symbolic mode (  ) (  ) (  ) (  ) | 
|  |  | setgid permissions | 
|  |  |  | absolute mode (  ) (  ) | 
|  |  |  | description (  ) (  ) | 
|  |  |  | symbolic mode (  ) | 
|  |  | setuid permissions | 
|  |  |  | absolute mode (  ) (  ) | 
|  |  |  | description (  ) | 
|  |  |  | finding files with permissions set (  ) (  ) | 
|  |  |  | security risks (  ) | 
|  |  |  | symbolic mode (  ) | 
|  |  | special file permissions (  ) (  ) (  ) | 
|  |  | sticky bit (  ) | 
|  |  | tune files (ASET) (  ) (  ) (  ) (  ) | 
|  |  | umask settings (  ) | 
|  |  | user classes and (  ) | 
|  | 
|  | PermitEmptyPasswords keyword, sshd_config file (  ) | 
|  | 
|  | PermitRootLogin keyword, sshd_config file (  ) | 
|  | 
|  | pfcsh command, description (  ) | 
|  | 
|  | pfexec command, description (  ) | 
|  | 
|  | pfksh command, description (  ) | 
|  | 
|  | pfsh command, description (  ) | 
|  | 
|  | physical security (  ) | 
|  | 
|  | planning | 
|  |  | PAM (  ) | 
|  |  | RBAC (  ) | 
|  |  | SEAM | 
|  |  |  | client and service principal names (  ) | 
|  |  |  | clock synchronization (  ) | 
|  |  |  | configuration decisions (  ) | 
|  |  |  | database propagation (  ) | 
|  |  |  | number of realms (  ) | 
|  |  |  | ports (  ) | 
|  |  |  | realm hierarchy (  ) | 
|  |  |  | realm names (  ) | 
|  |  |  | realms (  ) | 
|  |  |  | slave KDCs (  ) | 
|  | 
|  | pluggable authentication module | 
|  |  | See PAM |  | 
|  | 
|  | plus (+) audit flag prefix (  ) (  ) | 
|  | 
|  | plus sign (+), file permissions symbol (  ) | 
|  | 
|  | policies | 
|  |  | administering (  ) (  ) | 
|  |  | and passwords (  ) | 
|  |  | auditconfig options (  ) | 
|  |  | creating (SEAM (  ) | 
|  |  | creating new (SEAM) (  ) | 
|  |  | deleting (  ) | 
|  |  | modifying (  ) | 
|  |  | SEAM Administration Tool panels for (  ) | 
|  |  | specifying password algorithm (  ) | 
|  |  | task map for administering (  ) | 
|  |  | viewing attributes (  ) | 
|  |  | viewing list of (  ) | 
|  | 
|  | policy.conf database | 
|  |  | Basic Solaris User rights profile (  ) | 
|  |  | description (  ) (  ) | 
|  |  | RBAC relationships (  ) | 
|  | 
|  | port | 
|  |  | for KDC and admin services (  ) | 
|  |  | KDC administration daemon (  ) | 
|  | 
|  | port forwarding | 
|  |  | configuring ssh_config (  ) | 
|  |  | Secure Shell (  ) (  ) (  ) | 
|  | 
|  | Port keyword, sshd_config file (  ) | 
|  | 
|  | postdatable ticket, definition (  ) | 
|  | 
|  | postdated ticket, description (  ) | 
|  | 
|  | postsigterm string, audit_warn script (  ) | 
|  | 
|  | pound sign (#) | 
|  |  | device_allocate file (  ) | 
|  |  | device_maps file (  ) | 
|  | 
|  | ppp service name, PAM (  ) | 
|  | 
|  | praudit command | 
|  |  | converting audit records to readable format (  ) (  ) | 
|  |  | output formats (  ) (  ) | 
|  |  | piping auditreduce output to (  ) | 
|  |  | using (  ) (  ) | 
|  | 
|  | prefixes in audit flags (  ) (  ) | 
|  | 
|  | preselection mask | 
|  |  | auditconfig command options (  ) | 
|  |  | description (  ) | 
|  |  | machine-wide (  ) | 
|  | 
|  | preselection mask (BSM), reducing storage costs (  ) | 
|  | 
|  | primary, in principals names (  ) | 
|  | 
|  | Primary Administrator | 
|  |  | rights profile (  ) (  ) (  ) | 
|  |  | role (  ) | 
|  | 
|  | primary audit directory (  ) | 
|  | 
|  | principal | 
|  |  | adding administration (  ) | 
|  |  | adding service principal to keytab (  ) (  ) | 
|  |  | administering (  ) (  ) | 
|  |  | automating creation of (  ) | 
|  |  | creating host (  ) | 
|  |  | creating root (  ) (  ) | 
|  |  | deleting (  ) | 
|  |  | duplicating (  ) | 
|  |  | in SEAM (  ) | 
|  |  | modifying (  ) | 
|  |  | principal name (  ) | 
|  |  | removing from keytab file (  ) | 
|  |  | removing service principal from keytab (  ) | 
|  |  | root (  ) | 
|  |  | SEAM Administration Tool panels for (  ) | 
|  |  | service principal (  ) | 
|  |  | setting up defaults (  ) | 
|  |  | task map for administering (  ) | 
|  |  | user ID comparison (  ) | 
|  |  | user principal (  ) | 
|  |  | viewing attributes (  ) | 
|  |  | viewing list of (  ) | 
|  |  | viewing sublist of principals (  ) | 
|  | 
|  | principal.db file, description (  ) | 
|  | 
|  | principal.kadm5 file, description (  ) | 
|  | 
|  | principal.kadm5.lock file, description (  ) | 
|  | 
|  | principal.ok file, description (  ) | 
|  | 
|  | principals, creating (  ) | 
|  | 
|  | print format field, arbitrary token (  ) | 
|  | 
|  | Printer Management rights profile | 
|  |  | description (  ) (  ) | 
|  | 
|  | printing, audit log (  ) | 
|  | 
|  | privacy | 
|  |  | SEAM and (  ) | 
|  |  | security service (  ) | 
|  | 
|  | private key (  ) | 
|  |  | definition in SEAM (  ) | 
|  |  | description (  ) | 
|  |  | naming convention (  ) | 
|  | 
|  | privilege (  ) | 
|  |  | effects on SEAM Administration Tool (  ) | 
|  | 
|  | privileged application | 
|  |  | authorization checking (  ) | 
|  |  | description (  ) | 
|  |  | ID checking (  ) | 
|  | 
|  | process audit characteristics | 
|  |  | audit ID (  ) | 
|  |  | audit session ID (  ) | 
|  |  | process preselection mask (  ) | 
|  |  | terminal ID (  ) | 
|  | 
|  | process audit class (  ) | 
|  | 
|  | process preselection mask | 
|  |  | auditconfig command options (  ) | 
|  |  | description (  ) | 
|  | 
|  | process token, format (  ) | 
|  | 
|  | processing time costs, BSM and (  ) | 
|  | 
|  | prof_attr database | 
|  |  | description (  ) (  ) | 
|  |  | RBAC relationships (  ) | 
|  | 
|  | profile | 
|  |  | See rights profile |  | 
|  | 
|  | .profile file, path variable entry (  ) | 
|  | 
|  | profile shell, description (  ) | 
|  | 
|  | profiles command, description (  ) | 
|  | 
|  | program, testing for authorizations (  ) | 
|  | 
|  | projects module, description (  ) | 
|  | 
|  | PROM security mode (  ) | 
|  | 
|  | propagation | 
|  |  | KDC database (  ) | 
|  |  | Kerberos database (  ) | 
|  | 
|  | propagation file, adding entries to (  ) | 
|  | 
|  | Protocol keyword, sshd_config file (  ) | 
|  | 
|  | proxiable ticket, definition (  ) | 
|  | 
|  | proxy ticket, definition (  ) | 
|  | 
|  | ProxyCommand keyword, ssh_config file (  ) | 
|  | 
|  | pseudo-tty, use in Secure Shell (  ) | 
|  | 
|  | public directories (  ) | 
|  | 
|  | public key | 
|  |  | description (  ) | 
|  |  | DH authentication and (  ) | 
|  |  | known hosts file (  ) | 
|  |  | naming convention (  ) | 
|  |  | Secure Shell (  ) | 
|  | 
|  | public-key cryptography | 
|  |  | AUTH_DH client-server session (  ) (  ) | 
|  |  | changing public and secret keys (  ) | 
|  |  | common key | 
|  |  |  | calculation (  ) | 
|  |  | database of public keys (  ) | 
|  |  | generating keys | 
|  |  |  | conversation key (  ) | 
|  |  |  | public and secret keys (  ) | 
|  |  | secret key | 
|  |  |  | changing (  ) | 
|  |  |  | database (  ) | 
|  |  |  | decrypting (  ) | 
|  |  |  | generating (  ) | 
|  | 
|  | publickey map, DH authentication and (  ) | 
|  | 
|  | put subcommand | 
|  |  | sftp command (  ) (  ) | 
|  |  |  |  | 
| R | 
|  | 
|  | -R option | 
|  |  | ssh command (  ) (  ) | 
|  | 
|  | -r praudit output format (  ) | 
|  | 
|  | raw praudit output format (  ) | 
|  | 
|  | RBAC | 
|  |  | administration commands (  ) | 
|  |  | authorization database (  ) | 
|  |  | basic concept (  ) | 
|  |  | database relationships (  ) | 
|  |  | elements (  ) | 
|  |  | name services (  ) | 
|  |  | rights profile database (  ) | 
|  |  | tasks (  ) | 
|  |  |  | adding custom roles (  ) | 
|  |  |  | adding first role (  ) | 
|  |  |  | adding first user (  ) | 
|  |  |  | adding rights profile example (  ) | 
|  |  |  | adding roles (  ) | 
|  |  |  | adding roles from command line (  ) | 
|  |  |  | changing rights profiles from command line (  ) | 
|  |  |  | changing roles from command line (  ) | 
|  |  |  | changing user properties from command line (  ) | 
|  |  |  | checking scripts or programs for authorizations (  ) | 
|  |  |  | configuration (  ) | 
|  |  |  | editing rights profiles (  ) | 
|  |  |  | information management task map (  ) | 
|  |  |  | modifying roles (  ) | 
|  |  |  | modifying users (  ) | 
|  |  |  | planning (  ) | 
|  |  |  | running the user tools (  ) | 
|  |  |  | securing legacy applications (  ) | 
|  |  |  | securing scripts (  ) | 
|  |  |  | setting IDs on commands (  ) | 
|  |  |  | using privileged applications (  ) | 
|  | 
|  | rc file, description (  ) | 
|  | 
|  | rcp command, authentication (  ) | 
|  | 
|  | read into keytab buffer with read_kt command (  ) | 
|  | 
|  | read into keytab with read_kt command (  ) | 
|  | 
|  | read_kt command (  ) (  ) | 
|  | 
|  | read permissions, symbolic mode (  ) | 
|  | 
|  | readable audit record format | 
|  |  | converting audit records to (  ) (  ) (  ) (  ) | 
|  | 
|  | reallocating devices (  ) | 
|  | 
|  | realms | 
|  |  | and servers (  ) | 
|  |  | configuration decisions (  ) | 
|  |  | configuring cross-realm authentication (  ) | 
|  |  | contents of (  ) | 
|  |  | direct (  ) | 
|  |  | hierarchical (  ) | 
|  |  | hierarchical or non-hierarchical (  ) | 
|  |  | hierarchy (  ) | 
|  |  | in principal names (  ) | 
|  |  | in principals names (  ) | 
|  |  | mapping hostnames onto (  ) | 
|  |  | names (  ) | 
|  |  | number of (  ) | 
|  | 
|  | reducing | 
|  |  | audit files (  ) | 
|  |  | storage-space requirements for audit files (  ) | 
|  | 
|  | reducing audit files | 
|  |  | auditreduce command (  ) (  ) | 
|  | 
|  | remote logins | 
|  |  | authentication (  ) | 
|  |  | authorization (  ) | 
|  |  | security and (  ) | 
|  | 
|  | remote systems | 
|  |  | logging in | 
|  |  |  | authentication (  ) | 
|  |  |  | authorization (  ) | 
|  | 
|  | removing | 
|  |  | principals with ktremove command (  ) | 
|  |  | service principal from keytab file (  ) | 
|  | 
|  | renewable ticket, definition (  ) | 
|  | 
|  | replayed transactions (  ) | 
|  | 
|  | reports | 
|  |  | ASET (  ) (  ) (  ) (  ) | 
|  | 
|  | reports directory (ASET) (  ) | 
|  | 
|  | required control flag, PAM (  ) | 
|  | 
|  | requisite control flag, PAM (  ) | 
|  | 
|  | restoring, ASET (  ) | 
|  | 
|  | restricted shell (rsh) (  ) | 
|  | 
|  | restricting access for KDC servers (  ) | 
|  | 
|  | return token, format (  ) | 
|  | 
|  | rewoffl option | 
|  |  | mt command | 
|  |  |  | BSM device cleanup and (  ) | 
|  | 
|  | rexd service name, PAM (  ) | 
|  | 
|  | .rhosts file | 
|  |  | description (  ) | 
|  |  | role in authentication (  ) | 
|  | 
|  | rhosts module, description (  ) | 
|  | 
|  | RhostsAuthentication keyword, sshd_config file (  ) | 
|  | 
|  | RhostsRSAAuthentication keyword, sshd_config file (  ) | 
|  | 
|  | right | 
|  |  | See rights profile |  | 
|  | 
|  | rights profile | 
|  |  | See also individual profiles |  | 
|  |  | changing rights profiles from command line (  ) | 
|  |  | creation example (  ) | 
|  |  | database | 
|  |  |  | See prof_attr database and exec_attr database |  | 
|  |  | description (  ) (  ) | 
|  |  | editing (  ) | 
|  |  | major rights profiles description (  ) | 
|  | 
|  | Rights tool, description (  ) | 
|  | 
|  | rlogin command, authentication (  ) | 
|  | 
|  | rlogin service name, PAM (  ) | 
|  | 
|  | role | 
|  |  | adding custom roles (  ) | 
|  |  | adding first role (  ) (  ) | 
|  |  | adding roles (  ) | 
|  |  | adding roles from command line (  ) | 
|  |  | assuming (  ) | 
|  |  | assumption example (  ) | 
|  |  | changing roles from command line (  ) | 
|  |  | description (  ) (  ) | 
|  |  | making root a role (  ) | 
|  |  | modifying roles (  ) | 
|  |  | properties | 
|  |  |  | summarized (  ) | 
|  |  | recommended role rights profiles (  ) | 
|  |  | recommended roles (  ) | 
|  |  | use in RBAC (  ) | 
|  | 
|  | role-based access control | 
|  |  | See RBAC |  | 
|  | 
|  | Role Properties dialog box, description (  ) | 
|  | 
|  | roleadd command, description (  ) | 
|  | 
|  | roledel command, description (  ) | 
|  | 
|  | rolemod command, description (  ) | 
|  | 
|  | roles command, description (  ) | 
|  | 
|  | roles module, description (  ) | 
|  | 
|  | root | 
|  |  | adding principal to host's keytab (  ) | 
|  |  | authentication for NFS (  ) | 
|  |  | eliminating root in RBAC (  ) | 
|  | 
|  | root access | 
|  |  | displaying attempts on console (  ) | 
|  |  | monitoring su command use (  ) (  ) | 
|  |  | restricting (  ) (  ) | 
|  | 
|  | root login | 
|  |  | account | 
|  |  |  | description (  ) | 
|  |  | restricting to console (  ) | 
|  |  | tracking (  ) | 
|  | 
|  | root principal | 
|  |  | creating (  ) (  ) | 
|  | 
|  | root role, creating (  ) | 
|  | 
|  | RPCSEC_GSS API, SEAM and (  ) | 
|  | 
|  | RSAAuthentication keyword, sshd_config file (  ) | 
|  | 
|  | rsh command (restricted shell) (  ) | 
|  | 
|  | rsh service name, PAM (  ) | 
|  | 
|  | running the User tool, task description (  ) | 
|  |  |  |  | 
| S | 
|  | 
|  | -s | 
|  |  | audit command (  ) | 
|  |  | praudit command (  ) | 
|  | 
|  | -S option of st_clean script (  ) | 
|  | 
|  | sac service name, PAM (  ) | 
|  | 
|  | sample module, description (  ) | 
|  | 
|  | saving, failed login attempts (  ) | 
|  | 
|  | scheduling ASET execution (PERIODIC_SCHEDULE) (  ) (  ) (  ) (  ) (  ) | 
|  | 
|  | scope, description (  ) | 
|  | 
|  | scp command | 
|  |  | authentication steps (  ) | 
|  |  | description (  ) | 
|  |  | using (  ) | 
|  | 
|  | script | 
|  |  | securing (  ) | 
|  |  | testing for authorizations (  ) | 
|  | 
|  | SCSI devices, st_clean script (  ) | 
|  | 
|  | SEAM | 
|  |  | administering (  ) | 
|  |  | Administration Tool (  ) | 
|  |  | and Kerberos V5 (  ) (  ) | 
|  |  | commands (  ) | 
|  |  | components of (  ) | 
|  |  | configuration decisions (  ) | 
|  |  | configuring KDC servers (  ) | 
|  |  | daemons (  ) | 
|  |  | files (  ) | 
|  |  | gaining access to server (  ) | 
|  |  | online help (  ) | 
|  |  | overview (  ) | 
|  |  | overview of authentication (  ) | 
|  |  | password management (  ) | 
|  |  | planning for (  ) | 
|  |  | reference (  ) | 
|  |  | terminology (  ) | 
|  |  | using (  ) | 
|  | 
|  | SEAM Administration Tool (  ) | 
|  |  | and limited administration privileges (  ) | 
|  |  | and list privileges (  ) | 
|  |  | and X Window system (  ) | 
|  |  | command-line equivalents (  ) | 
|  |  | context-sensitive help (  ) | 
|  |  | creating a new principal (  ) | 
|  |  | creating new policy (  ) (  ) | 
|  |  | default values (  ) | 
|  |  | deleting a principal (  ) | 
|  |  | deleting policies (  ) | 
|  |  | displaying sublist of principals (  ) | 
|  |  | duplicating a principal (  ) | 
|  |  | files modified by (  ) | 
|  |  | Filter Pattern field (  ) | 
|  |  | gkadmin command (  ) | 
|  |  | gkadmin command vs. kadmin (  ) (  ) | 
|  |  | .gkadmin file (  ) | 
|  |  | help (print) (  ) | 
|  |  | Help button (  ) | 
|  |  | Help Contents (  ) | 
|  |  | how affected by privileges (  ) | 
|  |  | kadmin command vs. gkadmin (  ) (  ) | 
|  |  | login window (  ) | 
|  |  | modifying a principal (  ) | 
|  |  | modifying policies (  ) | 
|  |  | online help (  ) | 
|  |  | panel descriptions (  ) | 
|  |  | privileges (  ) | 
|  |  | setting up principal defaults (  ) | 
|  |  | starting (  ) | 
|  |  | table of panels (  ) | 
|  |  | viewing a principal's attributes (  ) | 
|  |  | viewing list of policies (  ) | 
|  |  | viewing list of principals (  ) | 
|  |  | viewing policy attributes (  ) | 
|  |  | vs. kadmin command (  ) | 
|  | 
|  | searching | 
|  |  | files with setuid permissions (  ) (  ) | 
|  | 
|  | secondary audit directory (  ) | 
|  | 
|  | secret key | 
|  |  | changing (  ) | 
|  |  | database (  ) | 
|  |  | decrypting (  ) | 
|  |  | generating (  ) | 
|  | 
|  | secure access (  ) | 
|  | 
|  | secure NIS+, adding a user (  ) | 
|  | 
|  | Secure RPC (  ) | 
|  |  | implementation of (  ) | 
|  | 
|  | Secure RPC authentication (  ) | 
|  | 
|  | Secure Shell | 
|  |  | administering (  ) | 
|  |  | authentication (  ) | 
|  |  | authentication steps (  ) | 
|  |  | configuring (  ) | 
|  |  | configuring clients (  ) | 
|  |  | connecting outside firewall | 
|  |  |  | from command line (  ) | 
|  |  |  | from configuration file (  ) | 
|  |  | copying files (  ) | 
|  |  | creating keys (  ) | 
|  |  | description (  ) | 
|  |  | forwarding mail (  ) | 
|  |  | important files (  ) | 
|  |  | local port forwarding (  ) (  ) | 
|  |  | logging in (  ) | 
|  |  | naming identity files (  ) | 
|  |  | port forwarding (  ) | 
|  |  | protocol versions (  ) | 
|  |  | public key (  ) | 
|  |  | remote port forwarding (  ) | 
|  |  | transferring files (  ) | 
|  |  | typical session (  ) | 
|  |  | user task map (  ) | 
|  |  | using without password (  ) | 
|  | 
|  | securing | 
|  |  | against denial of service (  ) | 
|  |  | against Trojan horse (  ) | 
|  |  | hardware (  ) | 
|  |  | PROM (  ) | 
|  |  | system | 
|  |  |  | task map (  ) | 
|  | 
|  | securing legacy applications, description (  ) | 
|  | 
|  | securing scripts, description (  ) | 
|  | 
|  | security | 
|  |  | auditing and (  ) | 
|  |  | DH authentication | 
|  |  |  | AUTH_DH client-server session (  ) (  ) | 
|  |  | KERB authentication (  ) | 
|  |  | password encryption (  ) | 
|  | 
|  | security commands | 
|  |  | eeprom command (  ) (  ) | 
|  | 
|  | security mode, setting up environment with multiple (  ) | 
|  | 
|  | security service | 
|  |  | in SEAM (  ) | 
|  |  | integrity (  ) | 
|  |  | privacy (  ) | 
|  | 
|  | seq audit policy | 
|  |  | description (  ) | 
|  |  | seq token and (  ) | 
|  | 
|  | seq policy, seq token and (  ) | 
|  | 
|  | seq token | 
|  |  | format (  ) | 
|  |  | seq policy and (  ) | 
|  | 
|  | server authentication parameters, sshd_config file (  ) | 
|  | 
|  | ServerKeyBits keyword, sshd_config file (  ) | 
|  | 
|  | servers | 
|  |  | and realms (  ) | 
|  |  | AUTH_DH client-server session (  ) (  ) | 
|  |  | configuring for Secure Shell (  ) | 
|  |  | definition in SEAM (  ) | 
|  |  | gaining access with SEAM (  ) | 
|  |  | obtaining credential for (  ) | 
|  | 
|  | service | 
|  |  | definition in SEAM (  ) | 
|  |  | disabling on a host (  ) | 
|  |  | obtaining access for specific service (  ) | 
|  | 
|  | service key (  ) | 
|  |  | definition in SEAM (  ) | 
|  | 
|  | service names, PAM (  ) | 
|  | 
|  | service principal | 
|  |  | adding to keytab file (  ) (  ) | 
|  |  | description (  ) | 
|  |  | planning for names (  ) | 
|  |  | removing from keytab file (  ) | 
|  | 
|  | session ID (  ) | 
|  | 
|  | session key | 
|  |  | definition in SEAM (  ) | 
|  |  | SEAM authentication and (  ) | 
|  | 
|  | -setclass option, auditconfig command (  ) | 
|  | 
|  | -setcond option, auditconfig command (  ) | 
|  | 
|  | setenv command | 
|  |  | ASET security level specification (  ) | 
|  |  | ASET working directory specification (  ) | 
|  | 
|  | setfacl command | 
|  |  | adding ACL entries (  ) | 
|  |  | deleting ACL entries (  ) | 
|  |  | description (  ) | 
|  |  | examples (  ) (  ) | 
|  |  | modifying ACL entries (  ) | 
|  |  | setting ACL entries (  ) (  ) | 
|  |  | syntax (  ) | 
|  | 
|  | setgid permissions | 
|  |  | absolute mode (  ) (  ) | 
|  |  | description (  ) (  ) | 
|  |  | symbolic mode (  ) | 
|  | 
|  | -setpmask option of auditconfig comman, auditconfig command (  ) | 
|  | 
|  | -setpolicy option, auditconfig command (  ) | 
|  | 
|  | -setsmask option, auditconfig command (  ) | 
|  | 
|  | setting IDs on commands | 
|  |  | description (  ) | 
|  |  | task description (  ) | 
|  | 
|  | setting up principal defaults (  ) | 
|  | 
|  | setuid permissions | 
|  |  | absolute mode (  ) (  ) | 
|  |  | description (  ) | 
|  |  | finding files with permissions set (  ) (  ) | 
|  |  | security risks (  ) (  ) | 
|  |  | symbolic mode (  ) | 
|  | 
|  | -setumask option, auditconfig command (  ) | 
|  | 
|  | sftp command | 
|  |  | authentication steps (  ) | 
|  |  | description (  ) | 
|  |  | using (  ) | 
|  | 
|  | sh command (  ) | 
|  |  | privileged version (  ) | 
|  | 
|  | share command, restricting root access (  ) | 
|  | 
|  | sharing files (network security) (  ) | 
|  | 
|  | shell, privileged versions (  ) | 
|  | 
|  | shell commands, /etc/d_passwd file entries (  ) | 
|  | 
|  | shell programs | 
|  |  | ASET security level specification (  ) | 
|  |  | ASET working directory specification (  ) | 
|  | 
|  | short praudit output format (  ) | 
|  | 
|  | shosts.equiv file, description (  ) | 
|  | 
|  | .shosts file, description (  ) | 
|  | 
|  | signal received during auditing shutdown (  ) | 
|  | 
|  | single-sign-on system, SEAM and (  ) | 
|  | 
|  | size | 
|  |  | reducing audit files (  ) | 
|  |  |  | auditreduce command (  ) | 
|  |  |  | auditreduce command (  ) | 
|  |  | reducing storage-space requirements for audit files (  ) | 
|  | 
|  | slave_datatrans file (  ) | 
|  |  | description (  ) | 
|  | 
|  | slave KDCs | 
|  |  | adding names to cron job (  ) | 
|  |  | configuring (  ) | 
|  |  | definition (  ) | 
|  |  | master KDC and (  ) | 
|  |  | or master (  ) | 
|  |  | planning for (  ) | 
|  |  | swapping with master KDC (  ) | 
|  | 
|  | smartcard module, description (  ) | 
|  | 
|  | smattrpop command, description (  ) | 
|  | 
|  | SMC | 
|  |  | See Solaris Management Console |  | 
|  | 
|  | smexec command, description (  ) | 
|  | 
|  | smmultiuser command, description (  ) | 
|  | 
|  | smprofile command, description (  ) | 
|  | 
|  | smrole command, description (  ) | 
|  | 
|  | smuser command, description (  ) | 
|  | 
|  | socket token (  ) | 
|  | 
|  | soft limit | 
|  |  | audit_warn condition (  ) | 
|  |  | minfree: line description (  ) | 
|  | 
|  | soft string with audit_warn script (  ) | 
|  | 
|  | Solaris Management Console | 
|  |  | role assumption (  ) | 
|  |  | running the user tools (  ) | 
|  | 
|  | sr_clean script, description (  ) | 
|  | 
|  | ssh-add command | 
|  |  | description (  ) | 
|  |  | example (  ) (  ) | 
|  | 
|  | ssh-agent command | 
|  |  | description (  ) | 
|  |  | from command line (  ) | 
|  |  | in scripts (  ) | 
|  | 
|  | ssh command | 
|  |  | authentication steps (  ) | 
|  |  | description (  ) | 
|  |  | -L option (  ) | 
|  |  | -o option (  ) | 
|  |  | permitting access (  ) | 
|  |  | port forwarding (  ) | 
|  |  | -R option (  ) | 
|  |  | using (  ) | 
|  | 
|  | ssh_config file | 
|  |  | client authentication parameters (  ) | 
|  |  | configuring Secure Shell (  ) | 
|  |  | connection parameters (  ) | 
|  |  | host-specific parameters (  ) | 
|  |  | keywords | 
|  |  |  | See specific keyword |  | 
|  |  | known host file parameters (  ) | 
|  | 
|  | ssh_host_key file, description (  ) | 
|  | 
|  | ssh_host_key.pub file, description (  ) | 
|  | 
|  | ssh-keygen command | 
|  |  | description (  ) | 
|  |  | using (  ) | 
|  | 
|  | ssh_known_hosts file | 
|  |  | configuring Secure Shell (  ) | 
|  |  | description (  ) | 
|  | 
|  | ssh service name, PAM (  ) | 
|  | 
|  | sshd command | 
|  |  | configuring for forwarding (  ) | 
|  |  | description (  ) | 
|  |  | session controls (  ) | 
|  | 
|  | sshd_config file | 
|  |  | description (  ) | 
|  |  | forwarding parameters (  ) | 
|  |  | ports parameters (  ) | 
|  |  | server connection parameters (  ) | 
|  |  | session control parameters (  ) | 
|  | 
|  | sshd.pid file, description (  ) | 
|  | 
|  | sshrc file, description (  ) | 
|  | 
|  | st_clean script, description (  ) | 
|  | 
|  | st_clean script for tape drives (  ) | 
|  | 
|  | stacking, in PAM (  ) | 
|  | 
|  | standard cleanup (  ) | 
|  | 
|  | starting | 
|  |  | ASET | 
|  |  |  | initiating sessions from shell (  ) | 
|  |  |  | running interactively (  ) | 
|  |  | KDC daemon (  ) | 
|  | 
|  | stash file | 
|  |  | creating (  ) | 
|  |  | definition (  ) | 
|  | 
|  | sticky bit permissions | 
|  |  | absolute mode (  ) (  ) | 
|  |  | description (  ) | 
|  |  | symbolic mode (  ) | 
|  | 
|  | stopping, dial-up logins temporarily (  ) | 
|  | 
|  | storage, audit records and (  ) | 
|  | 
|  | storage costs, BSM and (  ) | 
|  | 
|  | storage overflow prevention, audit trail (  ) | 
|  | 
|  | StrictHostKeyChecking keyword, ssh_config file (  ) | 
|  | 
|  | StrictModes keyword, sshd_config file (  ) | 
|  | 
|  | su command | 
|  |  | displaying use on console (  ) | 
|  |  | in role assumption (  ) | 
|  |  | monitoring use (  ) | 
|  | 
|  | su file, monitoring su command (  ) | 
|  | 
|  | su service name, PAM (  ) | 
|  | 
|  | subject token, format (  ) | 
|  | 
|  | Subsystem keyword, sshd_config file (  ) | 
|  | 
|  | success | 
|  |  | audit flag prefix (  ) (  ) | 
|  |  | turning off audit flags for (  ) | 
|  | 
|  | sufficient control flag, PAM (  ) | 
|  | 
|  | sulog file (  ) | 
|  | 
|  | superuser | 
|  |  | eliminating superuser in RBAC (  ) | 
|  |  | model versus RBAC (  ) | 
|  | 
|  | suser, security policy (  ) | 
|  | 
|  | swapping master and slave KDCs (  ) | 
|  | 
|  | symbolic links | 
|  |  | file permissions (  ) | 
|  |  | latest directory (ASET) (  ) | 
|  | 
|  | symbolic mode | 
|  |  | changing file permissions (  ) (  ) (  ) | 
|  |  | description (  ) | 
|  | 
|  | synchronizing clocks (  ) (  ) (  ) | 
|  | 
|  | sysconf.rpt file | 
|  |  | description (  ) (  ) | 
|  | 
|  | SyslogFacility keyword, sshd_config file (  ) | 
|  | 
|  | System Administrator | 
|  |  | rights profile (  ) (  ) (  ) | 
|  |  | role (  ) | 
|  | 
|  | system calls | 
|  |  | arg token (  ) | 
|  |  | auditsvc() fails (  ) | 
|  |  | auditsvc() fails (  ) | 
|  |  | close (  ) | 
|  |  | event numbers (  ) | 
|  |  | exec_args token (  ) | 
|  |  | exec_env token (  ) | 
|  |  | ioctl (  ) (  ) | 
|  |  | return token (  ) | 
|  | 
|  | system security | 
|  |  | dial-up login restrictions (  ) | 
|  |  | dial-up passwords | 
|  |  |  | disabling dial-up logins temporarily (  ) | 
|  |  |  | /etc/d_passwd file (  ) | 
|  |  | displaying | 
|  |  |  | user's login status (  ) (  ) | 
|  |  |  | users with no passwords (  ) | 
|  |  | firewall systems (  ) | 
|  |  | hardware protection (  ) (  ) | 
|  |  | introduction (  ) | 
|  |  | login access restrictions (  ) (  ) | 
|  |  | machine access (  ) | 
|  |  | overview (  ) | 
|  |  | password encryption (  ) | 
|  |  | passwords (  ) | 
|  |  | restricted shell (  ) (  ) | 
|  |  | restricting root login to console (  ) | 
|  |  | role-based access control (  ) | 
|  |  | root access restrictions (  ) (  ) | 
|  |  | saving failed login attempts (  ) | 
|  |  | special logins (  ) (  ) | 
|  |  | su command monitoring (  ) (  ) | 
|  | 
|  | System V IPC | 
|  |  | ipc audit class (  ) | 
|  |  | ipc_perm token (  ) | 
|  |  | ipc token (  ) (  ) | 
|  | 
|  | systems | 
|  |  | security | 
|  |  |  | ACL (  ) | 
|  |  |  |  | 
| U | 
|  | 
|  | -U option | 
|  |  | allocate command (  ) | 
|  |  | list_devices command (  ) | 
|  | 
|  | UDP address (  ) | 
|  | 
|  | uid_aliases file | 
|  |  | description (  ) | 
|  |  | specifying (  ) | 
|  | 
|  | UID_ALIASES variable (ASET) | 
|  |  | aliases file specification (  ) (  ) | 
|  |  | description (  ) | 
|  | 
|  | umask setting (  ) | 
|  | 
|  | unix_account module, description (  ) | 
|  | 
|  | unix_auth module, description (  ) | 
|  | 
|  | unix module, description (  ) | 
|  | 
|  | unix_session module, description (  ) | 
|  | 
|  | URL for online help (  ) | 
|  | 
|  | UseLogin keyword, sshd_config file (  ) | 
|  | 
|  | user | 
|  |  | adding first user (  ) | 
|  |  | assigning RBAC defaults (  ) | 
|  |  | changing user properties from command line (  ) | 
|  |  | database | 
|  |  |  | See user_attr database |  | 
|  |  | modifying properties (  ) | 
|  | 
|  | user accounts | 
|  |  | ASET check (  ) | 
|  |  | displaying login status (  ) (  ) | 
|  | 
|  | User Accounts tool, description (  ) | 
|  | 
|  | user ACL entries | 
|  |  | default entries for directories (  ) | 
|  |  | description (  ) | 
|  |  | setting (  ) (  ) | 
|  | 
|  | user_attr database | 
|  |  | description (  ) (  ) | 
|  |  | RBAC relationships (  ) | 
|  | 
|  | user audit fields (  ) (  ) | 
|  | 
|  | user classes of files (  ) | 
|  | 
|  | user ID | 
|  |  | audit ID and (  ) | 
|  |  | in NFS services (  ) | 
|  | 
|  | user ID (audit ID) (  ) | 
|  | 
|  | User keyword, ssh_config file (  ) | 
|  | 
|  | user-level events | 
|  |  | auditconfig command options (  ) | 
|  |  | BSM and (  ) | 
|  | 
|  | user principal, description (  ) | 
|  | 
|  | useradd command, description (  ) | 
|  | 
|  | userdel command, description (  ) | 
|  | 
|  | UserKnownHostsFile keyword, ssh_config file (  ) | 
|  | 
|  | usermod command, description (  ) | 
|  | 
|  | UseRsh, ssh_config file (  ) | 
|  | 
|  | using privileged applications, task description (  ) | 
|  | 
|  | /usr/aset/asetenv file (  ) | 
|  |  | modifying (  ) | 
|  |  | running ASET periodically (  ) | 
|  | 
|  | /usr/aset directory (  ) | 
|  | 
|  | /usr/aset/masters/tune files (  ) | 
|  |  | example files (  ) | 
|  |  | format (  ) | 
|  |  | modifying (  ) (  ) | 
|  |  | rules (  ) | 
|  | 
|  | /usr/aset/masters/uid_aliases file (  ) | 
|  | 
|  | /usr/aset/reports directory | 
|  |  | structure (  ) (  ) | 
|  | 
|  | /usr/aset/reports/latest directory (  ) | 
|  | 
|  | /usr/lib/krb5/kadmind daemon, SEAM and (  ) | 
|  | 
|  | /usr/lib/krb5/kprop command, description (  ) | 
|  | 
|  | /usr/lib/krb5/kpropd daemon, SEAM and (  ) | 
|  | 
|  | /usr/lib/krb5/krb5kdc daemon, SEAM and (  ) | 
|  | 
|  | /usr/sbin/gkadmin command, description (  ) | 
|  | 
|  | /usr/sbin/kadmin command, description (  ) | 
|  | 
|  | /usr/sbin/kadmin.local command, description (  ) | 
|  | 
|  | /usr/sbin/kdb5_util command, description (  ) | 
|  | 
|  | usrgrp.rpt file | 
|  |  | description (  ) (  ) | 
|  |  | example (  ) | 
|  | 
|  | uucico command, login program (  ) | 
|  | 
|  | uucp service name, PAM (  ) |