Skip Navigation Links | |
Exit Print View | |
System Administration Guide: Security Services Oracle Solaris 10 1/13 Information Library |
1. Security Services (Overview)
Authentication With Encryption
Part II System, File, and Device Security
2. Managing Machine Security (Overview)
3. Controlling Access to Systems (Tasks)
4. Controlling Access to Devices (Tasks)
5. Using the Basic Audit Reporting Tool (Tasks)
6. Controlling Access to Files (Tasks)
7. Using the Automated Security Enhancement Tool (Tasks)
Part III Roles, Rights Profiles, and Privileges
8. Using Roles and Privileges (Overview)
9. Using Role-Based Access Control (Tasks)
10. Role-Based Access Control (Reference)
Part IV Cryptographic Services
13. Oracle Solaris Cryptographic Framework (Overview)
14. Oracle Solaris Cryptographic Framework (Tasks)
15. Oracle Solaris Key Management Framework
Part V Authentication Services and Secure Communication
16. Using Authentication Services (Tasks)
19. Using Secure Shell (Tasks)
21. Introduction to the Kerberos Service
22. Planning for the Kerberos Service
23. Configuring the Kerberos Service (Tasks)
24. Kerberos Error Messages and Troubleshooting
25. Administering Kerberos Principals and Policies (Tasks)
26. Using Kerberos Applications (Tasks)
27. The Kerberos Service (Reference)
Part VII Auditing in Oracle Solaris
28. Oracle Solaris Auditing (Overview)
29. Planning for Oracle Solaris Auditing
30. Managing Oracle Solaris Auditing (Tasks)
System security ensures that the system's resources are used properly. Access controls can restrict who is permitted access to resources on the system. The Oracle Solaris OS features for system security and access control include the following:
Login administration tools – Commands for monitoring and controlling a user's ability to log in. See Securing Logins and Passwords (Task Map).
Hardware access – Commands for limiting access to the PROM, and for restricting who can boot the system. See SPARC: Controlling Access to System Hardware (Task Map).
Resource access – Tools and strategies for maximizing the appropriate use of machine resources while minimizing the misuse of those resources. See Controlling Access to Machine Resources.
Role-based access control (RBAC) – An architecture for creating special, restricted user accounts that are permitted to perform specific administrative tasks. See Role-Based Access Control (Overview).
Privileges – Discrete rights on processes to perform operations. These process rights are enforced in the kernel. See Privileges (Overview).
Device management – Device policy additionally protects devices that are already protected by UNIX permissions. Device allocation controls access to peripheral devices, such as a microphone or CD-ROM drive. Upon deallocation, device-clean scripts can then erase any data from the device. See Controlling Access to Devices.
Basic Audit Reporting Tool (BART) – A snapshot, called a manifest, of the file attributes of files on a system. By comparing the manifests across systems or on one system over time, changes to files can be monitored to reduce security risks. See Chapter 5, Using the Basic Audit Reporting Tool (Tasks).
File permissions – Attributes of a file or directory. Permissions restrict the users and groups that are permitted to read, write, or execute a file, or search a directory. See Chapter 6, Controlling Access to Files (Tasks).
Security enhancement scripts – Through the use of scripts, many system files and parameters can be adjusted to reduce security risks. See Chapter 7, Using the Automated Security Enhancement Tool (Tasks).