Oracle® Solaris 11 Security Guidelines

Exit Print View

Updated: August 2014

Securing Users

At this point, only the initial user who can assume the root role has access to the system. The following tasks are best performed in order before regular users can log in.

Table 2-2  Securing Users Task Map
For Instructions
Require strong passwords and regular password changes.
Strengthens the default password constraints on each system.
Configure restrictive file permissions for regular users.
Sets a more restrictive value than 022 for file permissions for regular users.
Set account locking for regular users.
On systems that are not used for administration, sets account locking system-wide and reduces the number of logins that activate the lock.
Preselect the cusa audit class for all users.
Provides better monitoring and recording of potential threats to the system.
Create roles.
Distributes discrete administrative tasks to several trusted users so that no one user can damage the system.
You can use predefined ARMOR roles, create your own roles, or extend ARMOR with your own roles.
Reduce the number of visible GNOME desktop applications.
Prevents users from using desktop applications that can affect security.
Limit a user's privileges.
Removes basic privileges that users do not need.