A computer is as secure as its weakest point of entry. The following task map shows the areas that you should monitor and secure.
Task |
Description |
For Instructions |
---|---|---|
Display a user's login status |
Use the logins command to view a user's login status information. | |
Find users who do not have passwords |
Use the logins command to find only those users whose accounts do not require a password. | |
Disable logins temporarily |
Deny user logins to a machine as part of system shutdown or routine maintenance. | |
Provide strong password encryption |
Specify algorithms for password encryption. | |
Provide strong password encryption with a name service |
Specify algorithms for password encryption when you are using a name service. |
How to Specify a New Password Algorithm for an NIS+ Domain |
Add new password encryption module |
Add third-party algorithms. |
How to Install a Password Encryption Module From a Third Party |
Save failed login attempts |
Create a log of users who failed to provide the correct password after five attempts. | |
Create a dial-up password |
Require an additional password for users who log in remotely through a modem or dial-up port. | |
Disable dial-up entry temporarily |
Prevent users from dialing in remotely through a modem or port. | |
Monitor who is using the su command |
Read the sulog file on a regular basis. | |
Display superuser activity on the console |
Monitor superuser access attempts. |
How to Display Superuser (root) Access Attempts to the Console |
Prevent remote access to the console as superuser |
Require remote users to log in with their username and then become root. | |
Prevent users from changing machine parameters |
Prevent users from changing PROM settings. | |
Disable the abort sequence |
Prevent users from accessing the PROM. |