Basic Security
The SunVTS user interface (vtsui, vtsui.ol,and vtstty) must connect to the SunVTS kernel (vtsk) before it can be used to control testing. The SunVTS kernel selectively accepts "connect to" requests from the SunVTS interface based on entries in the SunVTS_install_dir/bin/.sunvts_sec file. Connection permission is governed by three categories in this file as follows:
-
HOSTS--if the requesting user is on a host that belongs to the HOSTS category, then this request is granted without any authentication.
-
GROUPS--if the requesting user is a member in a group that is a member of GROUPS category, then the user interface will prompt the user for a password. The SunVTS kernel compares this password against the password database on the system under test (SUT). If the password does not match, or if the user is not on the list, then the connection is rejected.
-
USERS--if the requesting user is a member of the USER category, then the user interface will prompt the user for a password. The SunVTS kernel compares this password against the password database on the SUT. If the password does not match, or the user is not on the list, then the connection is rejected.
A plus (+) entry in one of these categories means all hosts, groups, or users, are trusted.
The user password needed for authentication is the same password used to log in to the system under test.
The check for connection permission starts with the HOSTS category, then the GROUP category, and finally, the USERS category. A connection is granted as soon as the connection request matches an entry.
If a security file entry is invalid or if there is no entry in the file, all access except root is denied on the local machine. However, you can correct an entry in this file even while the SunVTS kernel is running.
When you specify the -e option while starting the SunVTS kernel, the kernel accepts "connect to" requests from any host, regardless of the entries in the .sunvts_sec file.
Note -
As of SunVTS 3.1, the .sunvts_sec file, by default, is configured for root on the system under test. All other "connect to" requests are rejected.
Note -
The .sunvts_sec file is bypassed if you enable the SEAM security.
The following shows the contents of the default .sunvts_sec file.
Code Example of the Security File (.sunvts_sec):
#This file should be <SunVTS 5.0 install directory>/bin/.sunvts_sec # #Any line beginning with a # is a comment line # # Trusted Hosts entry # One hostname per line. # A "+" entry on a line indicates that ALL hosts are Trusted Hosts. # No password authentication is done. # The line with the label HOSTS: is required to have the list of hosts # HOSTS: #+ #host1 #host2 # # Trusted Groups entry # One groupname per line. # A "+" entry on a line indicates that ALL groups are Trusted Groups. # User password authentication is done. # The line with the label GROUPS: is required to have the list of groups # GROUPS: #group1 # # Trusted Users entry # One username per line. # A "+" entry on a line indicates that ALL users are Trusted Users. # User password authentication is done. # The line with the label USERS: is required to have the list of users. USERS: root #user1 #user2 |
- © 2010, Oracle Corporation and/or its affiliates