Go to main content

Securing Systems and Attached Devices in Oracle® Solaris 11.4

Exit Print View

Updated: July 2019
 
 

Index

Numbers and Symbols

# (pound sign)
device_allocate fileindex icondevice_allocate File
device_maps fileindex iconSample device_maps Entry
> (redirect output)
preventingindex iconAssigning a Restricted Shell to Users
>> (append output)
preventingindex iconAssigning a Restricted Shell to Users
* (asterisk)
device_allocate file
index icondevice_allocate File
index icondevice_allocate File
+ (plus sign)
sulog fileindex iconHow to Monitor Who Is Using the su Command
- (minus sign)
sulog fileindex iconHow to Monitor Who Is Using the su Command
32-bit executables
protecting from compromising securityindex iconProtecting the Process Heap and Executable Stacks From Compromise
; (semicolon)
device_allocate fileindex icondevice_allocate File
@ (at sign)
device_allocate fileindex icondevice_allocate File
\ (backslash)
device_allocate fileindex icondevice_allocate File
device_maps fileindex iconSample device_maps Entry

A

access
address spaceindex iconRandomizing the Layout of the Address Space
restricting for
devices
index iconConfiguring Device Policy
index iconControlling Access to Devices
system hardwareindex iconControlling Access to System Hardware
root access
displaying attempts on consoleindex iconHow to Restrict and Monitor root Logins
monitoring su command attempts
index iconHow to Monitor Who Is Using the su Command
index iconLimiting and Monitoring Superuser Access
restricting
index iconHow to Restrict and Monitor root Logins
index iconRestricting root Access to Shared Files
security
ACLsindex iconUsing Access Control Lists
controlling system usageindex iconControlling Access to System Resources
devicesindex iconConfiguring Device Policy
file access restrictionindex iconRestricting Access to Data in Files
firewall setup
index iconFirewall Systems
index iconFirewall Systems
login access restrictionsindex iconControlling Logins
login controlindex iconControlling Logins
monitoring system usage
index iconMonitoring File Integrity
index iconAuditing System Use
network controlindex iconControlling Network Access
PATH variable settingindex iconSetting the PATH Variable
peripheral devicesindex iconControlling Access to Devices
physical securityindex iconMaintaining Physical Security
protecting system integrityindex iconProtecting Oracle Solaris System Integrity
reporting problemsindex iconReporting Security Problems
root login trackingindex iconLimiting and Monitoring Superuser Access
setuid programsindex iconRestricting setuid Executable Files
system hardwareindex iconControlling Access to System Hardware
sharing filesindex iconSharing Files Across Systems
account-policy SMF stencil
algorithms configurationindex iconHow to Specify an Algorithm for Password Encryption
attributes for password algorithmsindex iconPassword Hashes Configuration
changing on all systems
index iconHow to Specify a New Password Algorithm for an LDAP Domain
index iconHow to Specify a New Password Algorithm for an NIS Domain
changing password configurationindex iconPassword Hashes Configuration
changing SMF properties
index iconHow to Restrict and Monitor root Logins
index iconHow to Monitor Who Is Using the su Command
for password algorithmsindex iconPassword Algorithm Identifiers
specifying password algorithmsindex iconHow to Specify an Algorithm for Password Encryption
system-wide changesindex iconPassword Parameters
ACL descriptionindex iconUsing Access Control Lists
add_drv command
descriptionindex iconDevice Management Commands
adding
allocatable deviceindex iconEnabling or Disabled Device Allocation
security to devicesindex iconManaging Device Allocation
security to system hardwareindex iconHow to Require a Password for SPARC Hardware Access
address space
random layoutindex iconRandomizing the Layout of the Address Space
adiheap security extensionindex iconPreventing Process Heap Corruption Using adiheap
adistack security extensionindex iconADI-Based Stack Protection Using adistack
administering
device allocationindex iconManaging Device Allocation Task Map
device allocation task mapindex iconManaging Device Allocation Task Map
device policyindex iconConfiguring Device Policy Task Map
devicesindex iconManaging Device Allocation Task Map
password algorithmsindex iconChanging the Default Algorithm for Password Encryption
Administrator Message Edit rights profileindex iconHow to Place a Security Message in Banner Files
algorithms
list of password configurationindex iconHow to Specify an Algorithm for Password Encryption
password encryptionindex iconChanging the Default Algorithm for Password Encryption
password hashes
index iconPassword Hashing Algorithms
index iconPassword Hashes
allocate error stateindex iconAllocate Error State
allocate command
allocate error stateindex iconAllocate Error State
authorizations requiredindex iconAuthorizations for the Allocation Commands
removable mediaindex iconAllocating a USB Flash Drive
user authorizationindex iconHow to Authorize Users to Allocate a Device
usingindex iconHow to Allocate a Device
allocating devices
by usersindex iconHow to Allocate a Device
forciblyindex iconForcibly Allocating or Deallocating a Device
troubleshootingindex iconAllocating a USB Flash Drive
antivirus software  Seeindex iconvirus scanning
appending arrow (>>)
preventing appendingindex iconAssigning a Restricted Shell to Users
aslr security extensionindex iconRandomizing the Layout of the Address Space
asterisk (*)
device_allocate file
index icondevice_allocate File
index icondevice_allocate File
at sign (@)
device_allocate fileindex icondevice_allocate File
audio devices
securityindex iconDevice-Clean Script for Audio
auditing
changes in device policyindex iconHow to Audit Changes in Device Policy
device allocationindex iconAuditing Device Allocation
authentication
descriptionindex iconAuthentication and Authorization for Remote Access
network securityindex iconAuthentication and Authorization for Remote Access
typesindex iconAuthentication and Authorization for Remote Access
authorizations
for device allocation
index iconAuthorizations for the Allocation Commands
index iconDevice Allocation Rights Profiles
index iconHow to Authorize Users to Allocate a Device
not requiring for device allocationindex iconPermitting Any User to Allocate a Device
solaris.device.allocate
index iconDevice Allocation Commands
index iconHow to Authorize Users to Allocate a Device
solaris.device.revokeindex iconAuthorizations for the Allocation Commands
typesindex iconAuthentication and Authorization for Remote Access

B

backslash (\)
device_allocate file
index icondevice_allocate File
index iconSample device_maps Entry
banner messages
configuringindex iconHow to Place a Security Message in Banner Files
Blowfish encryption algorithm
allowing in heterogeneous environmentindex iconConstraining Password Encryption Algorithms in a Heterogeneous Environment
descriptionindex iconPassword Hashing Algorithms
policy.conf fileindex iconConstraining Password Encryption Algorithms in a Heterogeneous Environment
boot verification
  Seeindex iconverified boot
  Seeindex iconverified boot
boot_policy property
verified bootindex iconPolicy for Verified Boot

C

CD-ROM drives
allocatingindex iconAllocating a CD-ROM Drive
securityindex iconDevice-Clean Scripts for CD-ROM Drives
certificates
managing with Oracle ILOMindex iconPublic Key Certificates for Verified Boot
verified boot andindex iconPublic Key Certificates for Verified Boot
verifying manually for verified bootindex iconManually Verifying a Kernel Module's Signature
changing
allocatable devicesindex iconChanging Which Devices Can Be Allocated
default password algorithmindex iconChanging the Default Algorithm for Password Encryption
password algorithm for a domainindex iconHow to Specify a New Password Algorithm for an NIS Domain
password algorithm task mapindex iconChanging the Default Algorithm for Password Encryption
commands  See Alsoindex iconindividual commands
device allocation commandsindex iconDevice Allocation Commands
device policy commandsindex iconDevice Policy Commands
compliance
monitoring
monitoring system usageindex iconMonitoring Compliance
components
device allocation mechanismindex iconComponents of Device Allocation
computer security  Seeindex iconsystem security
computer system security  Seeindex iconsystem security
configuration decisions
password algorithmindex iconPassword Hashes
configuration files
device_maps fileindex icondevice_maps File
policy.conf fileindex iconHow to Specify an Algorithm for Password Encryption
configuring
banner messagesindex iconHow to Place a Security Message in Banner Files
device allocationindex iconManaging Device Allocation Task Map
device policyindex iconConfiguring Device Policy Task Map
hardware securityindex iconControlling Access to System Hardware
password for hardware accessindex iconHow to Require a Password for SPARC Hardware Access
console
displaying su command attemptsindex iconHow to Restrict and Monitor root Logins
control lists  Seeindex iconACL description
controlling
system usageindex iconControlling Access to System Resources
creating
new device-clean scriptsindex iconWriting New Device-Clean Scripts
crypt command
file securityindex iconEncrypting Files on Disk
crypt_bsdbf password algorithmindex iconPassword Hashing Algorithms
crypt_bsdmd5 password algorithmindex iconPassword Hashing Algorithms
CRYPT_DEFAULT system variableindex iconHow to Specify an Algorithm for Password Encryption
crypt_sha256 password algorithm
index iconChanging the Default Algorithm for Password Encryption
index iconPassword Hashing Algorithms
crypt_sunmd5 password algorithm
index iconPassword Hashing Algorithms
index iconPassword Hashing Algorithms
crypt_unix password algorithmindex iconPassword Hashing Algorithms

D

/dev/arp device
getting IP MIB-II informationindex iconHow to Retrieve IP MIB-II Information From a /dev/* Device
data
migrating or restoring TPMindex iconMigrating or Restoring TPM Data and Keys
deallocate command
allocate error state
index iconAllocate Error State
index iconAllocate Error State
authorizations requiredindex iconAuthorizations for the Allocation Commands
device-clean scripts andindex iconWriting New Device-Clean Scripts
usingindex iconHow to Deallocate a Device
deallocating
devicesindex iconHow to Deallocate a Device
forciblyindex iconForcibly Allocating or Deallocating a Device
microphoneindex iconDeallocating a Microphone
defaults
system-wide in account-policy SMF stencilindex iconPassword Algorithm Identifiers
desktop login
security messagesindex iconHow to Place a Security Message in Banner Files
devfsadm command
descriptionindex iconDevice Management Commands
device allocation
adding devicesindex iconManaging Device Allocation Task Map
allocatable devices
index icondevice_allocate File
index icondevice_allocate File
allocate error stateindex iconAllocate Error State
allocating devicesindex iconHow to Allocate a Device
auditingindex iconAuditing Device Allocation
authorizationsindex iconDevice Allocation Rights Profiles
authorizations for commandsindex iconAuthorizations for the Allocation Commands
authorizing users to allocateindex iconHow to Authorize Users to Allocate a Device
changing allocatable devicesindex iconChanging Which Devices Can Be Allocated
commandsindex iconDevice Allocation Commands
components of mechanismindex iconComponents of Device Allocation
configuration fileindex icondevice_maps File
deallocate command
device-clean scripts andindex iconWriting New Device-Clean Scripts
usingindex iconHow to Deallocate a Device
deallocating devicesindex iconHow to Deallocate a Device
device-clean scripts
creatingindex iconWriting New Device-Clean Scripts
descriptionindex iconDevice-Clean Scripts
optionsindex iconWriting New Device-Clean Scripts
device_allocate fileindex icondevice_allocate File
device_maps fileindex icondevice_maps File
disablingindex iconEnabling or Disabled Device Allocation
enabling
index iconEnabling or Disabled Device Allocation
index iconEnabling or Disabled Device Allocation
examplesindex iconAllocating a USB Flash Drive
forcibly allocating devicesindex iconForcibly Allocating or Deallocating a Device
forcibly deallocating devicesindex iconForcibly Allocating or Deallocating a Device
making device allocatableindex iconEnabling or Disabled Device Allocation
managing devicesindex iconManaging Device Allocation Task Map
mounting devicesindex iconHow to Mount an Allocated Device
not requiring authorizationindex iconPermitting Any User to Allocate a Device
preventingindex iconPreventing All Peripheral Devices From Being Used
requiring authorizationindex iconChanging Which Devices Can Be Allocated
rights profilesindex iconDevice Allocation Rights Profiles
SMF serviceindex iconDevice Allocation Service
task mapindex iconManaging Device Allocation Task Map
troubleshooting
index iconAllocating a CD-ROM Drive
index iconAllocating a USB Flash Drive
troubleshooting permissionsindex iconViewing Allocation Information About a Device
unmounting allocated deviceindex iconDeallocating a CD-ROM Drive
user proceduresindex iconManaging Device Allocation
usingindex iconManaging Device Allocation
using allocate commandindex iconHow to Allocate a Device
viewing informationindex iconViewing Allocation Information About a Device
device management  Seeindex icondevice policy
Device Management rights profileindex iconDevice Allocation Rights Profiles
device policy
add_drv commandindex iconDevice Policy Commands
auditing changesindex iconHow to Audit Changes in Device Policy
commandsindex iconDevice Policy Commands
configuringindex iconConfiguring Device Policy
kernel protectionindex iconDevice Protection Reference
managing devicesindex iconConfiguring Device Policy Task Map
overview
index iconDevice Policy
index iconControlling Access to Devices
task mapindex iconConfiguring Device Policy Task Map
update_drv commandindex iconDevice Policy Commands
viewingindex iconHow to View Device Policy
Device Security rights profile
index iconDevice Allocation Rights Profiles
index iconEnabling or Disabled Device Allocation
device-allocation packageindex iconManaging Device Allocation
device-clean scripts
descriptionindex iconDevice-Clean Scripts
media
index iconDevice-Clean Scripts
index icondevice_allocate File
object reuseindex iconDevice-Clean Scripts
optionsindex iconWriting New Device-Clean Scripts
writing new scriptsindex iconWriting New Device-Clean Scripts
device_allocate file
descriptionindex icondevice_allocate File
formatindex icondevice_allocate File
sample
index icondevice_allocate File
index iconChanging Which Devices Can Be Allocated
device_maps file
index icondevice_maps File
index icondevice_maps File
devices
allocating for useindex iconManaging Device Allocation
allocation  Seeindex icondevice allocation
auditing allocation ofindex iconAuditing Device Allocation
auditing policy changesindex iconHow to Audit Changes in Device Policy
authorizing users to allocateindex iconHow to Authorize Users to Allocate a Device
changing which are allocatableindex iconChanging Which Devices Can Be Allocated
deallocatingindex iconHow to Deallocate a Device
forcibly allocatingindex iconForcibly Allocating or Deallocating a Device
forcibly deallocatingindex iconForcibly Allocating or Deallocating a Device
getting IP MIB-II informationindex iconHow to Retrieve IP MIB-II Information From a /dev/* Device
listingindex iconHow to View Device Policy
listing device namesindex iconViewing Allocation Information About a Device
login access controlindex iconControlling Access to Devices
making allocatableindex iconEnabling or Disabled Device Allocation
managingindex iconConfiguring Device Policy Task Map
managing allocation ofindex iconManaging Device Allocation Task Map
mounting allocated devicesindex iconHow to Mount an Allocated Device
not requiring authorization for useindex iconPermitting Any User to Allocate a Device
policy commandsindex iconDevice Policy Commands
preventing use of allindex iconPreventing All Peripheral Devices From Being Used
preventing use of someindex iconPreventing Some Peripheral Devices From Being Used
protecting by device allocationindex iconControlling Access to Devices
protecting in the kernelindex iconControlling Access to Devices
securityindex iconControlling Access to Devices
unmounting allocated deviceindex iconDeallocating a CD-ROM Drive
viewing allocation informationindex iconViewing Allocation Information About a Device
viewing device policyindex iconHow to View Device Policy
zones andindex iconControlling Access to Devices
disabling
32-bit executables that compromise securityindex iconProtecting the Process Heap and Executable Stacks From Compromise
abort sequenceindex iconHow to Disable a System's Abort Sequence
device allocationindex iconEnabling or Disabled Device Allocation
keyboard abortindex iconHow to Disable a System's Abort Sequence
keyboard shutdownindex iconHow to Disable a System's Abort Sequence
logins temporarilyindex iconHow to Temporarily Disable User Logins
remote root accessindex iconHow to Restrict and Monitor root Logins
system abort sequenceindex iconHow to Disable a System's Abort Sequence
user loginsindex iconHow to Temporarily Disable User Logins
displaying
allocatable devicesindex iconViewing Allocation Information About a Device
device policyindex iconHow to View Device Policy
root access attemptsindex iconHow to Restrict and Monitor root Logins
su command attemptsindex iconHow to Restrict and Monitor root Logins
user's login status
index iconDisplaying a User's Login Status
index iconHow to Display the User's Login Status
users with no passwordsindex iconHow to Display Users Without Passwords
dminfo commandindex icondevice_maps File

E

/etc/certs/elfsign/ORCLS11SE fileindex iconPolicy for Verified Boot
/etc/certs/elfsign directory
verified bootindex iconVerified Boot and ELF Signatures
/etc/default/kbd fileindex iconHow to Disable a System's Abort Sequence
/etc/default/login file
restricting remote root accessindex iconHow to Restrict and Monitor root Logins
/etc/default/passwd file
changes toindex iconPassword Parameters
/etc/default/su file
displaying su command attemptsindex iconHow to Restrict and Monitor root Logins
monitoring access attemptsindex iconHow to Restrict and Monitor root Logins
monitoring su commandindex iconHow to Monitor Who Is Using the su Command
/etc/issue fileindex iconHow to Place a Security Message in Banner Files
/etc/logindevperm fileindex iconRemote Logins
/etc/motd fileindex iconHow to Place a Security Message in Banner Files
/etc/nologin file
disabling user logins temporarilyindex iconHow to Temporarily Disable User Logins
/etc/security/device_allocate fileindex icondevice_allocate File
/etc/security/device_maps fileindex icondevice_maps File
/etc/security/policy.conf file
algorithms configurationindex iconHow to Specify an Algorithm for Password Encryption
eeprom command
index iconControlling Access to System Hardware
index iconMaintaining Physical Security
eject command
device cleanup andindex iconDevice-Clean Scripts for CD-ROM Drives
ELF signatures
verified bootindex iconVerified Boot and ELF Signatures
enabling
device allocation
index iconEnabling or Disabled Device Allocation
index iconEnabling or Disabled Device Allocation
keyboard abortindex iconHow to Disable a System's Abort Sequence
TPM secure keystore for PKCS #11 customersindex iconHow to Enable PKCS #11 Consumers to Use TPM as a Secure Keystore
verified bootindex iconUsing Verified Boot
encrypting
filesindex iconEncrypting Files on Disk
passwordsindex iconChanging the Default Algorithm for Password Encryption
encryption
list of password algorithmsindex iconPassword Algorithm Identifiers
password hashesindex iconPassword Hashes
specifying password algorithm
locallyindex iconChanging the Default Algorithm for Password Encryption
specifying password algorithms in account-policy SMF stencilindex iconPassword Algorithm Identifiers
environment variables  See Alsoindex iconvariables
PATHindex iconSetting the PATH Variable
errors
allocate error stateindex iconAllocate Error State
executable stacks
preventing insertion of malicious codeindex iconHow to Prevent the Execution of Malicious Code From the Process Stack and Process Heap
protecting against 32-bit processesindex iconProtecting the Process Heap and Executable Stacks From Compromise
troubleshooting protection statusindex iconHow to Prevent the Execution of Malicious Code From the Process Stack and Process Heap
viewing protection statusindex iconHow to Prevent the Execution of Malicious Code From the Process Stack and Process Heap

F

file systems
adding a virus scan engineindex iconHow to Add a Scan Engine
enabling virus scanningindex iconHow to Enable the vscan Service
excluding files from virus scansindex iconHow to Exclude Files From Virus Scans
scanning for virusesindex iconHow to Enable Virus Scanning on a File System
securing using labelingindex iconAssigning Labels to Files
sharing filesindex iconSharing Files Across Systems
files
/etc/issueindex iconHow to Place a Security Message in Banner Files
/etc/motdindex iconHow to Place a Security Message in Banner Files
banner filesindex iconHow to Place a Security Message in Banner Files
security
access restrictionindex iconRestricting Access to Data in Files
ACL
index iconUsing Access Control Lists
index iconRestricting Access to Data in Files
device mapindex icondevice_maps File
encryptionindex iconEncrypting Files on Disk
firewall systems
packet smashingindex iconEncryption and Firewall Systems
packet transfersindex iconEncryption and Firewall Systems
securityindex iconFirewall Systems
trusted hostsindex iconFirewall Systems
firmware
boot flow with verified bootindex iconVerification Sequence During System Boot
upgrade for verified bootindex iconFirmware Upgrade for Verified Boot
forced cleanup
st_clean scriptindex iconWriting New Device-Clean Scripts

G

gateways  Seeindex iconfirewall systems
genunix module
verified boot andindex iconVerification Sequence During System Boot
getdevpolicy command
descriptionindex iconDevice Management Commands
GRUB
Trusted Platform Moduleindex iconUsing Trusted Platform Module

H

hardware
protecting
index iconControlling Access to System Hardware
index iconMaintaining Physical Security
requiring password for accessindex iconHow to Require a Password for SPARC Hardware Access
restricting user control ofindex iconHow to Place a Security Message in Banner Files
security extensions forindex iconProtecting Platforms Against Speculative Execution Attacks
hosts
trusted hostsindex iconFirewall Systems
HW_BTI SPARC security extensionindex iconSecurity Extensions Protection on the SPARC Platform

I

IBPB security extensionindex iconSecurity Extensions Protection on the x86 Platform
IBRS security extensionindex iconSecurity Extensions Protection on the x86 Platform
ILOM  Seeindex iconOracle ILOM
installing
Secure by Defaultindex iconUsing the Secure by Default Configuration
virus scanning softwareindex iconHow to Install Virus Scanning Software
Internet firewall setupindex iconFirewall Systems
IP MIB-II
getting information from /dev/arpindex iconHow to Retrieve IP MIB-II Information From a /dev/* Device

K

kbd fileindex iconHow to Disable a System's Abort Sequence
kernel zones
verified bootindex iconUsing Verified Boot
KEYBOARD_ABORT system variableindex iconHow to Disable a System's Abort Sequence
keys
migrating or restoring TPMindex iconMigrating or Restoring TPM Data and Keys
KPTI security extensionindex iconSecurity Extensions Protection on the x86 Platform

L

L1DF security extensionindex iconSecurity Extensions Protection on the x86 Platform
labeling file systemsindex iconAssigning Labels to Files
layout of address space
load-time randomizationindex iconRandomizing the Layout of the Address Space
ld -z sx= linker optionsindex iconSpecifying Per-Object Security Extensions
ld -z sx=adistack linker optionindex iconADI-Based Stack Protection Using adistack
LDAP naming service
passwordsindex iconLDAP Passwords
specifying password algorithmindex iconHow to Specify a New Password Algorithm for an LDAP Domain
linker options
security extensions, forindex iconSpecifying Per-Object Security Extensions
security extensions, for adistackindex iconADI-Based Stack Protection Using adistack
list_devices command
authorizations requiredindex iconAuthorizations for the Allocation Commands
listing
device policyindex iconHow to View Device Policy
users with no passwordsindex iconHow to Display Users Without Passwords
load-time randomization
address space layoutindex iconRandomizing the Layout of the Address Space
log files
executable stack messages andindex iconProtecting the Process Heap and Executable Stacks From Compromise
monitoring su commandindex iconHow to Monitor Who Is Using the su Command
process heap messages andindex iconProtecting the Process Heap and Executable Stacks From Compromise
logging in
disabling temporarilyindex iconHow to Temporarily Disable User Logins
displaying user's login status
index iconDisplaying a User's Login Status
index iconHow to Display the User's Login Status
remotelyindex iconRemote Logins
root login
restricting to consoleindex iconHow to Restrict and Monitor root Logins
trackingindex iconLimiting and Monitoring Superuser Access
security
access control on devicesindex iconRemote Logins
access restrictions
index iconControlling Logins
index iconControlling Logins
system access controlindex iconControlling Logins
tracking root loginindex iconLimiting and Monitoring Superuser Access
system access controlindex iconControlling Logins
task mapindex iconSecuring Logins and Passwords Task Map
login access restrictions
svc:/system/name-service/switch:defaultindex iconControlling Logins
login file
restricting remote root accessindex iconHow to Restrict and Monitor root Logins
logins command
authorization forindex iconHow to Display the User's Login Status
displaying user's login status
index iconDisplaying a User's Login Status
index iconHow to Display the User's Login Status
displaying users with no passwordsindex iconHow to Display Users Without Passwords
syntaxindex iconHow to Display the User's Login Status

M

man pages
device allocationindex iconDevice Allocation Commands
managing  Seeindex iconadministering
MD5 encryption algorithm
descriptionindex iconHow to Specify an Algorithm for Password Encryption
policy.conf fileindex iconConstraining Password Encryption Algorithms in a Heterogeneous Environment
media
device-clean scriptsindex iconDevice-Clean Scripts
messages file
executable stack messagesindex iconProtecting the Process Heap and Executable Stacks From Compromise
process heap messagesindex iconProtecting the Process Heap and Executable Stacks From Compromise
microphone
deallocatingindex iconDeallocating a Microphone
migrating
TPM data and keysindex iconMigrating or Restoring TPM Data and Keys
mitigating platform vulnerabilities
SPARC specificindex iconSecurity Extensions Protection on the SPARC Platform
sxadm andindex iconProtecting Platforms Against Speculative Execution Attacks
x86 specificindex iconSecurity Extensions Protection on the x86 Platform
modules
password hashesindex iconPassword Hashes
monitoring
complianceindex iconMonitoring Compliance
root accessindex iconMonitoring and Restricting root Access
root access attemptsindex iconHow to Restrict and Monitor root Logins
su command attempts
index iconHow to Monitor Who Is Using the su Command
index iconLimiting and Monitoring Superuser Access
system usage
index iconMonitoring File Integrity
index iconAuditing System Use
mount command
with security attributesindex iconHow to Authorize Users to Allocate a Device
mounting
allocated CD-ROMindex iconAllocating a CD-ROM Drive
allocated devicesindex iconHow to Mount an Allocated Device
mt commandindex iconDevice-Clean Script for Tapes

N

names
device names
device_maps fileindex icondevice_allocate File
devices in device_mapsindex iconSample device_maps Entry
naming conventions
devicesindex iconViewing Allocation Information About a Device
naming service configuration
login access restrictionsindex iconControlling Logins
naming services  Seeindex iconindividual naming services
netservices limited installation optionindex iconUsing the Secure by Default Configuration
network security
authenticationindex iconAuthentication and Authorization for Remote Access
authorizationsindex iconAuthentication and Authorization for Remote Access
controlling accessindex iconControlling Network Access
firewall systems
need forindex iconFirewall Systems
packet smashingindex iconEncryption and Firewall Systems
trusted hostsindex iconFirewall Systems
overviewindex iconNetwork Security Mechanisms
reporting problemsindex iconReporting Security Problems
NIS naming service
passwordsindex iconNIS Passwords
specifying password algorithmindex iconHow to Specify a New Password Algorithm for an NIS Domain
nobody userindex iconRestricting root Access to Shared Files
noexec_user_stack
compatibility with nxstackindex iconnxstack and noexec_user_stack Compatibility
noexec_user_stack replacementindex iconProtecting the Process Heap and Executable Stacks From Compromise
nxheap
security extensionindex iconProtecting the Process Heap and Executable Stacks From Compromise
variableindex iconHow to Prevent the Execution of Malicious Code From the Process Stack and Process Heap
nxstack
compatibility with noexec_user_stackindex iconnxstack and noexec_user_stack Compatibility
security extensionindex iconProtecting the Process Heap and Executable Stacks From Compromise
variableindex iconHow to Prevent the Execution of Malicious Code From the Process Stack and Process Heap

O

object reuse requirements
device-clean scripts
writing new scriptsindex iconWriting New Device-Clean Scripts
for devicesindex iconDevice-Clean Scripts
Oracle ILOM
preventing access to USB portsindex iconUsing ILOM to Prevent Access to USB Ports
Trusted Platform Moduleindex iconUsing Trusted Platform Module
verified bootindex iconPolicy for Verified Boot
verified boot andindex iconVerified Boot and ELF Signatures
ownership of files
ACLs andindex iconUsing Access Control Lists

P

packages
crypto/tpmindex iconInitializing and Backing Up TPM on Oracle Solaris Systems
device-allocationindex iconManaging Device Allocation
pkcs11_tpmindex iconHow to Enable PKCS #11 Consumers to Use TPM as a Secure Keystore
trousersindex iconInitializing and Backing Up TPM on Oracle Solaris Systems
virus-scanindex iconUsing the vscan Service
packet transfers
firewall securityindex iconFirewall Systems
packet smashingindex iconEncryption and Firewall Systems
passwd command
and naming servicesindex iconNIS Passwords
password/crypt/algorithms_allow attribute
account-policy SMF stencilindex iconPassword Hashes Configuration
password/crypt/algorithms_deprecate attribute
account-policy SMF stencilindex iconPassword Hashes Configuration
password/crypt/default attribute
account-policy SMF stencilindex iconPassword Hashes Configuration
passwords
algorithmsindex iconPassword Hashing Algorithms
changing with passwd -r commandindex iconNIS Passwords
constraining encryption algorithms in heterogeneous environmentindex iconConstraining Password Encryption Algorithms in a Heterogeneous Environment
displaying users with no passwordsindex iconHow to Display Users Without Passwords
encryption algorithmsindex iconPassword Hashes
finding users with no passwordsindex iconHow to Display Users Without Passwords
hardware access andindex iconHow to Require a Password for SPARC Hardware Access
LDAPindex iconLDAP Passwords
specifying new password algorithmindex iconHow to Specify a New Password Algorithm for an LDAP Domain
localindex iconLocal Passwords
login security
index iconManaging Password Information
index iconControlling Logins
index iconControlling Logins
NISindex iconNIS Passwords
specifying new password algorithmindex iconHow to Specify a New Password Algorithm for an NIS Domain
parameter changesindex iconPassword Parameters
PROM security mode
index iconControlling Access to System Hardware
index iconMaintaining Physical Security
requiring for hardware accessindex iconHow to Require a Password for SPARC Hardware Access
specifying algorithmindex iconHow to Specify an Algorithm for Password Encryption
in naming servicesindex iconHow to Specify a New Password Algorithm for an NIS Domain
locallyindex iconChanging the Default Algorithm for Password Encryption
task mapindex iconSecuring Logins and Passwords Task Map
using Blowfish in heterogeneous environmentindex iconConstraining Password Encryption Algorithms in a Heterogeneous Environment
using new algorithmindex iconHow to Specify an Algorithm for Password Encryption
PATH environment variable
and securityindex iconSetting the PATH Variable
settingindex iconSetting the PATH Variable
permissions
ACLs andindex iconUsing Access Control Lists
physical security
descriptionindex iconMaintaining Physical Security
PKCS #11
Trusted Platform Moduleindex iconUsing Trusted Platform Module
pkcs11_tpm packageindex iconHow to Enable PKCS #11 Consumers to Use TPM as a Secure Keystore
platforms
security extensions forindex iconProtecting Platforms Against Speculative Execution Attacks
policies
on devicesindex iconHow to View Device Policy
specifying password algorithmindex iconChanging the Default Algorithm for Password Encryption
policy
verified bootindex iconPolicy for Verified Boot
policy.conf
specifying password algorithmsindex iconHow to Specify an Algorithm for Password Encryption
policy.conf file
specifying encryption algorithms inindex iconHow to Specify an Algorithm for Password Encryption
specifying password algorithm
in naming servicesindex iconHow to Specify a New Password Algorithm for an NIS Domain
pound sign (#)
device_allocate fileindex icondevice_allocate File
device_maps fileindex iconSample device_maps Entry
pre-boot environment
verified bootindex iconVerified Boot and ELF Signatures
privileged ports
alternative to Secure RPCindex iconAuthentication Services for Remote Access
process heaps
protecting against attackindex iconProtecting the Process Heap and Executable Stacks From Compromise
PROM security modeindex iconControlling Access to System Hardware
protecting
32-bit executables from compromising securityindex iconProtecting the Process Heap and Executable Stacks From Compromise
BIOS, pointer toindex iconHow to Require a Password for SPARC Hardware Access
PROMindex iconHow to Require a Password for SPARC Hardware Access
providers
pkcs11_tpm.soindex iconHow to Enable PKCS #11 Consumers to Use TPM as a Secure Keystore

R

RDCL_NO security extensionindex iconSecurity Extensions Protection on the x86 Platform
redirection
preventingindex iconAssigning a Restricted Shell to Users
rem_drv command
descriptionindex iconDevice Management Commands
remote logins
authenticationindex iconAuthentication and Authorization for Remote Access
authorizationindex iconAuthentication and Authorization for Remote Access
preventing root accessindex iconHow to Restrict and Monitor root Logins
securityindex iconRemote Logins
removable media
allocatingindex iconAllocating a USB Flash Drive
restoring
TPM data and keysindex iconMigrating or Restoring TPM Data and Keys
restricted shell (rsh)index iconAssigning a Restricted Shell to Users
restricting
remote root accessindex iconHow to Restrict and Monitor root Logins
root accessindex iconMonitoring and Restricting root Access
rights profiles
Administrator Message Editindex iconHow to Place a Security Message in Banner Files
Device Managementindex iconDevice Allocation Rights Profiles
Device Security
index iconDevice Allocation Rights Profiles
index iconEnabling or Disabled Device Allocation
using the System Administrator profileindex iconHow to Require a Password for SPARC Hardware Access
roles
using to access the hardwareindex iconHow to Require a Password for SPARC Hardware Access
root access
monitoring and restrictingindex iconMonitoring and Restricting root Access
monitoring attemptsindex iconHow to Restrict and Monitor root Logins
troubleshooting remoteindex iconLogging root Access Attempts
root account
descriptionindex iconSpecial System Accounts
root user
displaying access attempts on consoleindex iconHow to Restrict and Monitor root Logins
monitoring su command attempts
index iconHow to Monitor Who Is Using the su Command
index iconLimiting and Monitoring Superuser Access
restricting accessindex iconRestricting root Access to Shared Files
restricting remote access
index iconHow to Restrict and Monitor root Logins
index iconHow to Restrict and Monitor root Logins
tracking loginsindex iconLimiting and Monitoring Superuser Access
rsh command (restricted shell)index iconAssigning a Restricted Shell to Users

S

scanning for viruses  Seeindex iconvirus scanning
scripts for cleaning devices  Seeindex icondevice-clean scripts
SCSI devices
st_clean scriptindex icondevice_allocate File
Secure by Default installation optionindex iconUsing the Secure by Default Configuration
securing
network at installationindex iconUsing the Secure by Default Configuration
passwordsindex iconSecuring Logins and Passwords Task Map
security
device controlindex iconControlling Access to Devices
devicesindex iconControlling Access to Devices
extensionsindex iconProtecting Against Malware With Security Extensions
installation optionsindex iconUsing the Secure by Default Configuration
messages in banner filesindex iconHow to Place a Security Message in Banner Files
netservices limited installation optionindex iconUsing the Secure by Default Configuration
password hashesindex iconPassword Hashes
preventing remote loginindex iconHow to Restrict and Monitor root Logins
protecting against denial of serviceindex iconUsing Resource Management Features
protecting against Trojan horseindex iconSetting the PATH Variable
protecting devicesindex iconDevice-Clean Scripts
protecting hardwareindex iconControlling Access to System Hardware
protecting PROMindex iconControlling Access to System Hardware
Secure by Defaultindex iconUsing the Secure by Default Configuration
system hardwareindex iconControlling Access to System Hardware
systemsindex iconManaging Computer System Security
security attributes
using to mount allocated deviceindex iconHow to Authorize Users to Allocate a Device
security extensions
adiheapindex iconPreventing Process Heap Corruption Using adiheap
adistackindex iconADI-Based Stack Protection Using adistack
aslrindex iconRandomizing the Layout of the Address Space
compiling application withindex iconSpecifying Per-Object Security Extensions
enabling inheritanceindex iconEnabling Inheritance of Security Extension Status
frameworkindex iconPreventing Intentional Misuse of System Resources
HW_BTIindex iconSecurity Extensions Protection on the SPARC Platform
IBPBindex iconSecurity Extensions Protection on the x86 Platform
IBRSindex iconSecurity Extensions Protection on the x86 Platform
KPTIindex iconSecurity Extensions Protection on the x86 Platform
L1DFindex iconSecurity Extensions Protection on the x86 Platform
linker options
index iconSpecifying Per-Object Security Extensions
index iconADI-Based Stack Protection Using adistack
nxheapindex iconHow to Prevent the Execution of Malicious Code From the Process Stack and Process Heap
nxstack
index iconHow to Prevent the Execution of Malicious Code From the Process Stack and Process Heap
index iconProtecting the Process Heap and Executable Stacks From Compromise
per objectindex iconSpecifying Per-Object Security Extensions
platforms, forindex iconProtecting Platforms Against Speculative Execution Attacks
preventing heap corruptionindex iconPreventing Process Heap Corruption Using adiheap
protecting ADI-based stacksindex iconADI-Based Stack Protection Using adistack
protecting against speculative execution vulnerabilitiesindex iconProtecting Platforms Against Speculative Execution Attacks
protecting heaps and stacksindex iconProtecting the Process Heap and Executable Stacks From Compromise
randomizing address space layoutindex iconRandomizing the Layout of the Address Space
RDCL_NOindex iconSecurity Extensions Protection on the x86 Platform
SMAPindex iconSecurity Extensions Protection on the x86 Platform
SPARC specificindex iconSecurity Extensions Protection on the SPARC Platform
status flagsindex iconProtecting Against Malware With Security Extensions
x86 specificindex iconSecurity Extensions Protection on the x86 Platform
Security Extensions Framework  Seeindex iconsecurity extensions
security messages
on desktop at loginindex iconHow to Place a Security Message in Banner Files
placing in banner filesindex iconHow to Place a Security Message in Banner Files
Service Management Facility (SMF)  Seeindex iconSMF
setuid permissions
security risksindex iconRestricting setuid Executable Files
SHA-2 algorithmsindex iconPassword Hashing Algorithms
sharing files
and network securityindex iconSharing Files Across Systems
SMAP security extensionindex iconSecurity Extensions Protection on the x86 Platform
SMF
device allocation serviceindex iconDevice Allocation Service
managing Secure by Default configurationindex iconUsing the Secure by Default Configuration
password managementindex iconHow to Specify an Algorithm for Password Encryption
SMF stencils
account-policyindex iconPassword Algorithm Identifiers
solaris.device.revoke authorizationindex iconAuthorizations for the Allocation Commands
SPARC systems
mitigating vulnerabilitiesindex iconSecurity Extensions Protection on the SPARC Platform
security extensions forindex iconSecurity Extensions Protection on the SPARC Platform
verified bootindex iconUsing Verified Boot
speculative execution vulnerabilities, mitigatedindex iconProtecting Platforms Against Speculative Execution Attacks
st_clean script
index iconDevice-Clean Script for Tapes
index icondevice_allocate File
standard cleanup
st_clean scriptindex iconWriting New Device-Clean Scripts
starting
device allocationindex iconEnabling or Disabled Device Allocation
su command
displaying access attempts on consoleindex iconHow to Restrict and Monitor root Logins
monitoring useindex iconHow to Monitor Who Is Using the su Command
su file
monitoring su commandindex iconHow to Monitor Who Is Using the su Command
sulog fileindex iconHow to Monitor Who Is Using the su Command
Sun MD5 algorithmindex iconPassword Hashing Algorithms
superuser  Seeindex iconroot role
svc:/system/device/allocate
device allocation serviceindex iconDevice Allocation Service
sxadm command
command overviewindex iconPreventing Intentional Misuse of System Resources
exec inheritance optionindex iconEnabling Inheritance of Security Extension Status
managing adiheapindex iconPreventing Process Heap Corruption Using adiheap
managing adistackindex iconADI-Based Stack Protection Using adistack
managing security extensionsindex iconHow to Prevent the Execution of Malicious Code From the Process Stack and Process Heap
status flagsindex iconProtecting Against Malware With Security Extensions
system accounts
protectingindex iconSpecial System Accounts
System Administrator rights
protecting hardwareindex iconHow to Require a Password for SPARC Hardware Access
system calls
ioctl to clean audio deviceindex iconDevice-Clean Script for Audio
system hardware
controlling access toindex iconControlling Access to System Hardware
system security
accessindex iconManaging Computer System Security
computer system accessindex iconMaintaining Physical Security
displaying
user's login status
index iconDisplaying a User's Login Status
index iconHow to Display the User's Login Status
users with no passwordsindex iconHow to Display Users Without Passwords
firewall systemsindex iconFirewall Systems
hardware protection
index iconControlling Access to System Hardware
index iconMaintaining Physical Security
login access restrictionsindex iconControlling Logins
overview
index iconControlling Access to a Computer System
index iconManaging Computer System Security
password hashesindex iconPassword Hashes
passwordsindex iconManaging Password Information
restricted shell
index iconAssigning a Restricted Shell to Users
index iconAssigning a Restricted Shell to Users
restricting remote root accessindex iconHow to Restrict and Monitor root Logins
role-based access control (RBAC)index iconConfiguring Role-Based Access Control to Replace Superuser
root access restrictions
index iconHow to Restrict and Monitor root Logins
index iconRestricting root Access to Shared Files
special accountsindex iconSpecial System Accounts
su command monitoring
index iconHow to Monitor Who Is Using the su Command
index iconLimiting and Monitoring Superuser Access
system variables  See Alsoindex iconvariables
CRYPT_DEFAULTindex iconHow to Specify an Algorithm for Password Encryption
KEYBOARD_ABORTindex iconHow to Disable a System's Abort Sequence

T

task maps
configuring device policyindex iconConfiguring Device Policy Task Map
device allocationindex iconManaging Device Allocation Task Map
device policyindex iconConfiguring Device Policy Task Map
managing device allocationindex iconManaging Device Allocation Task Map
managing device policyindex iconConfiguring Device Policy Task Map
securing logins and passwordsindex iconSecuring Logins and Passwords Task Map
tcsd daemonindex iconMonitoring TPM Status
Trusted Platform Moduleindex iconUsing Trusted Platform Module
TPM  Seeindex iconTrusted Platform Module
tpmadm command
checking TPM status
index iconHow to Initialize TPM Using BIOS
index iconHow to Initialize TPM Using the Oracle ILOM Interface
initializing TPMindex iconHow to Initialize TPM Using BIOS
reinitializing TPMindex iconHow to Initialize TPM Using the Oracle ILOM Interface
Trusted Platform Moduleindex iconUsing Trusted Platform Module
Trojan horseindex iconSetting the PATH Variable
troubleshooting
allocating a deviceindex iconAllocating a USB Flash Drive
executable stack protectionindex iconHow to Prevent the Execution of Malicious Code From the Process Stack and Process Heap
list_devices commandindex iconViewing Allocation Information About a Device
mounting a deviceindex iconAllocating a CD-ROM Drive
preventing programs from using executable stacksindex iconHow to Prevent the Execution of Malicious Code From the Process Stack and Process Heap
remote root accessindex iconLogging root Access Attempts
terminal where su command originatedindex iconHow to Monitor Who Is Using the su Command
Trusted Platform Moduleindex iconTroubleshooting TPM
TrouSerS package  Seeindex iconTrusted Platform Module, TSS package
Trusted Computing Group Software Stack
Trusted Platform Moduleindex iconUsing Trusted Platform Module
trusted hostsindex iconFirewall Systems
Trusted Platform Module
backing up TPM data and keys
SPARC based systemsindex iconHow to Back Up TPM Data and Keys
components in Oracle Solarisindex iconUsing Trusted Platform Module
enabling TPM failoverindex iconTPM Failover Option
initializing
x86 based systemsindex iconHow to Initialize TPM Using BIOS
initializing and backing upindex iconInitializing and Backing Up TPM on Oracle Solaris Systems
SPARC based systemsindex iconHow to Initialize TPM Using the Oracle ILOM Interface
migrating or restoring TPM data and keysindex iconMigrating or Restoring TPM Data and Keys
monitoring statusindex iconMonitoring TPM Status
owner ofindex iconUsing Trusted Platform Module
PKCS #11 usersindex iconHow to Enable PKCS #11 Consumers to Use TPM as a Secure Keystore
TPM packages in Oracle Solaris
index iconMonitoring TPM Status
index iconInitializing and Backing Up TPM on Oracle Solaris Systems
troubleshootingindex iconTroubleshooting TPM

U

/usr/lib/security/$ISA/pkcs11_tpm.soindex iconHow to Enable PKCS #11 Consumers to Use TPM as a Secure Keystore
umount command
with security attributesindex iconHow to Authorize Users to Allocate a Device
unmounting
allocated devicesindex iconDeallocating a CD-ROM Drive
update_drv command
descriptionindex iconDevice Management Commands
upgrading
firmware for verified bootindex iconFirmware Upgrade for Verified Boot
USB ports
preventing accessindex iconUsing ILOM to Prevent Access to USB Ports
user accounts  See Alsoindex iconusers
displaying login status
index iconDisplaying a User's Login Status
index iconHow to Display the User's Login Status
user ID numbers (UIDs)
special accounts andindex iconSpecial System Accounts
user procedures
allocating devicesindex iconManaging Device Allocation
users
allocating devicesindex iconHow to Allocate a Device
assigning allocate authorization toindex iconHow to Authorize Users to Allocate a Device
deallocating devicesindex iconHow to Deallocate a Device
disabling loginindex iconHow to Temporarily Disable User Logins
displaying login statusindex iconHow to Display the User's Login Status
having no passwordsindex iconHow to Display Users Without Passwords
mounting allocated devicesindex iconHow to Mount an Allocated Device
unmounting allocated devicesindex iconDeallocating a CD-ROM Drive

V

/var/adm/sulog file
monitoring contents ofindex iconHow to Monitor Who Is Using the su Command
variables
KEYBOARD_ABORT system variableindex iconHow to Disable a System's Abort Sequence
noexec_user_stack* deprecatedindex iconnxstack and noexec_user_stack Compatibility
PATH environment variableindex iconSetting the PATH Variable
verified boot
boot_policyindex iconControlling Access to Boot Processes
certificate sourcesindex iconPublic Key Certificates for Verified Boot
configuration propertiesindex iconPolicy for Verified Boot
ELF signaturesindex iconVerified Boot and ELF Signatures
enablingindex iconUsing Verified Boot
firmware upgradeindex iconFirmware Upgrade for Verified Boot
manual certificate verificationindex iconManually Verifying a Kernel Module's Signature
Oracle ILOM andindex iconVerified Boot and ELF Signatures
Oracle ILOM and SPARCindex iconUsing Verified Boot
policyindex iconPolicy for Verified Boot
SPARC and x86 systemsindex iconUsing Verified Boot
SPARC systems with Oracle ILOMindex iconUsing Verified Boot
verification sequenceindex iconVerification Sequence During System Boot
verified boot certificateindex iconPolicy for Verified Boot
verifying
verified boot certificates manuallyindex iconManually Verifying a Kernel Module's Signature
viewing
device allocation informationindex iconViewing Allocation Information About a Device
device policyindex iconHow to View Device Policy
user's login statusindex iconHow to Display the User's Login Status
users with no passwordsindex iconHow to Display Users Without Passwords
virus scanning
describedindex iconAbout the vscan Service
enginesindex iconAntivirus Scan Engine Software
filesindex iconAbout Virus Scanning
package
index iconHow to Install Virus Scanning Software
index iconUsing the vscan Service
index iconUsing the vscan Service
virus-scan packageindex iconUsing the vscan Service
viruses
denial of service attackindex iconUsing Resource Management Features
Trojan horseindex iconSetting the PATH Variable

X

x86 systems
mitigating vulnerabilitiesindex iconSecurity Extensions Protection on the x86 Platform
security extensions forindex iconSecurity Extensions Protection on the x86 Platform
verified bootindex iconUsing Verified Boot

Z

zones
devices andindex iconControlling Access to Devices
kernel and verified bootindex iconUsing Verified Boot