Go to main content
oracle home
Securing Systems and Attached Devices in Oracle
®
Solaris 11.3
Exit Print View
Search Term
Search Scope:
This Document
Entire Library
» ...
Documentation Home
»
Oracle Solaris 11.3 Information Library
»
Securing Systems and Attached Devices in ...
»
Index Numbers and Symbols
Updated: April 2019
Securing Systems and Attached Devices in Oracle
®
Solaris 11.3
Document Information
Using This Documentation
Product Documentation Library
Feedback
Chapter 1 Managing Computer System Security
What's New in Securing Systems and Devices in Oracle Solaris 11.3
Controlling Access to a Computer System
Maintaining Physical Security
Controlling Access to Boot Processes
Controlling Access to USB Ports
Controlling Logins
Managing Password Information
Password Encryption
Special System Accounts
Two-Factor Authentication With OTP and Smart Cards
Remote Logins
Controlling Access to System Resources
Using the Secure by Default Configuration
Preventing Intentional Misuse of System Resources
Limiting and Monitoring Superuser Access
Configuring Role-Based Access Control to Replace Superuser
Preventing Unintentional Misuse of System Resources
Setting the PATH Variable
Assigning a Restricted Shell to Users
Restricting Access to Data in Files
Restricting setuid Executable Files
Using Resource Management Features
Using Oracle Solaris Zones
Auditing System Use
Monitoring Compliance
Controlling Access to Files
Encrypting Files on Disk
Using Access Control Lists
Sharing Files Across Systems
Restricting root Access to Shared Files
Monitoring File Integrity
Controlling Access to Devices
Device Policy
Device Allocation
Controlling Network Access
Network Security Mechanisms
Authentication and Authorization for Remote Access
Firewall Systems
Encryption and Firewall Systems
Reporting Security Problems
Chapter 2 Protecting Oracle Solaris System Integrity
Using Verified Boot
SPARC: Firmware Upgrade for Verified Boot
Verified Boot and ELF Signatures
Verification Sequence During System Boot
Policy for Verified Boot
Public Key Certificates for Verified Boot
Using Trusted Platform Module
Initializing and Backing Up TPM on Oracle Solaris Systems
How to Check Whether the TPM Device Is Recognized by the Operating System
SPARC: How to Initialize TPM Using the Oracle ILOM Interface
SPARC: How to Back Up TPM Data and Keys
x86: How to Initialize TPM Using BIOS
How to Enable PKCS #11 Consumers to Use TPM as a Secure Keystore
Troubleshooting TPM
Monitoring TPM Status
SPARC: TPM Failover Option
SPARC: Migrating or Restoring TPM Data and Keys
SPARC: How to Migrate or Restore TPM Data and Keys
Using ILOM to Prevent Access to USB Ports
How to Disable USB Ports by Using ILOM
Protecting Against Malware With Security Extensions
Randomizing the Layout of the Address Space
Protecting the Process Heap and Executable Stacks From Compromise
nxstack and noexec_user_stack Compatibility
How to Prevent the Execution of Malicious Code From the Process Stack and Process Heap
Chapter 3 Controlling Access to Systems
Securing Logins and Passwords
How to Display the User's Login Status
How to Display Users Without Passwords
How to Temporarily Disable User Logins
Changing the Default Algorithm for Password Encryption
How to Specify an Algorithm for Password Encryption
How to Specify a New Password Algorithm for an NIS Domain
How to Specify a New Password Algorithm for an LDAP Domain
Monitoring and Restricting root Access
How to Monitor Who Is Using the su Command
How to Restrict and Monitor root Logins
Controlling Access to System Hardware
How to Require a Password for SPARC Hardware Access
How to Disable a System's Abort Sequence
Chapter 4 Controlling Access to Devices
Configuring Device Policy
How to View Device Policy
How to Audit Changes in Device Policy
How to Retrieve IP MIB-II Information From a /dev/* Device
Managing Device Allocation
Enabling or Disabled Device Allocation
Authorizing Users to Allocate a Device
How to Authorize Users to Allocate a Device
Viewing Allocation Information About a Device
Forcibly Allocating or Deallocating a Device
Forcibly Allocating a Device
Forcibly Deallocating a Device
Changing Which Devices Can Be Allocated
Auditing Device Allocation
Allocating Devices
How to Allocate a Device
How to Mount an Allocated Device
How to Deallocate a Device
Device Protection Reference
Device Policy Commands
Device Allocation
Components of Device Allocation
Device Allocation Service
Device Allocation Rights Profiles
Device Allocation Commands
Allocate Error State
device_maps File
device_allocate File
Device-Clean Scripts
Chapter 5 Scanning for Viruses
About Virus Scanning
About the vscan Service
Using the vscan Service
How to Install Virus Scanning Software
How to Enable Virus Scanning on a File System
How to Enable the vscan Service
How to Add a Scan Engine
How to View vscan Properties
How to Change vscan Properties
How to Exclude Files From Virus Scans
Systems and Devices Glossary
Index
Index Numbers and Symbols
Index A
Index B
Index C
Index D
Index E
Index F
Index G
Index H
Index I
Index K
Index L
Index M
Index N
Index O
Index P
Index R
Index S
Index T
Index U
Index V
Index X
Index Z
Language:
English
Index
Numbers and Symbols
#
(pound sign)
device_allocate
file
device_allocate File
device_maps
file
Sample device_maps Entry
> (redirect output)
preventing
Assigning a Restricted Shell to Users
>> (append output)
preventing
Assigning a Restricted Shell to Users
*
(asterisk)
device_allocate
file
device_allocate File
device_allocate File
+
(plus sign)
sulog
file
How to Monitor Who Is Using the su Command
-
(minus sign)
sulog
file
How to Monitor Who Is Using the su Command
32-bit executables
protecting from compromising security
Protecting the Process Heap and Executable Stacks From Compromise
;
(semicolon)
device_allocate
file
device_allocate File
@
(at sign)
device_allocate
file
device_allocate File
\
(backslash)
device_allocate
file
device_allocate File
device_maps
file
Sample device_maps Entry
A
access
address space
Randomizing the Layout of the Address Space
restricting for
devices
Configuring Device Policy
Controlling Access to Devices
system hardware
Controlling Access to System Hardware
root
access
displaying attempts on console
How to Restrict and Monitor root Logins
monitoring
su
command attempts
How to Monitor Who Is Using the su Command
Limiting and Monitoring Superuser Access
restricting
How to Restrict and Monitor root Logins
Restricting root Access to Shared Files
security
ACLs
Using Access Control Lists
controlling system usage
Controlling Access to System Resources
devices
Configuring Device Policy
file access restriction
Restricting Access to Data in Files
firewall setup
Firewall Systems
Firewall Systems
login access restrictions
Controlling Logins
login control
Controlling Logins
monitoring system usage
Monitoring File Integrity
Auditing System Use
network control
Controlling Network Access
PATH variable setting
Setting the PATH Variable
peripheral devices
Controlling Access to Devices
physical security
Maintaining Physical Security
protecting system integrity
Protecting Oracle Solaris System Integrity
reporting problems
Reporting Security Problems
root
login tracking
Limiting and Monitoring Superuser Access
setuid
programs
Restricting setuid Executable Files
system hardware
Controlling Access to System Hardware
sharing files
Sharing Files Across Systems
ACL description
Using Access Control Lists
add_drv
command
description
Device Management Commands
adding
allocatable device
Enabling or Disabled Device Allocation
security to devices
Managing Device Allocation
security to system hardware
How to Require a Password for SPARC Hardware Access
address space
random layout
Randomizing the Layout of the Address Space
administering
device allocation
Managing Device Allocation Task Map
device allocation task map
Managing Device Allocation Task Map
device policy
Configuring Device Policy Task Map
devices
Managing Device Allocation Task Map
password algorithms
Changing the Default Algorithm for Password Encryption
algorithms
list of password configuration
How to Specify an Algorithm for Password Encryption
password encryption
Changing the Default Algorithm for Password Encryption
Password Encryption
password hashes
Password Hashing Algorithms
allocate error state
Allocate Error State
allocate
command
allocate error state
Allocate Error State
authorizations required
Authorizations for the Allocation Commands
removable media
Allocating a USB Flash Drive
user authorization
How to Authorize Users to Allocate a Device
using
How to Allocate a Device
allocating devices
by users
How to Allocate a Device
forcibly
Forcibly Allocating or Deallocating a Device
troubleshooting
Allocating a USB Flash Drive
antivirus software
See
virus scanning
appending arrow (>>)
preventing appending
Assigning a Restricted Shell to Users
aslr
security extension
Randomizing the Layout of the Address Space
asterisk (
*
)
device_allocate
file
device_allocate File
device_allocate File
at sign (
@
)
device_allocate
file
device_allocate File
audio devices
security
Device-Clean Script for Audio
auditing
changes in device policy
How to Audit Changes in Device Policy
device allocation
Auditing Device Allocation
authentication
description
Authentication and Authorization for Remote Access
network security
Authentication and Authorization for Remote Access
types
Authentication and Authorization for Remote Access
authorizations
for device allocation
Authorizations for the Allocation Commands
Device Allocation Rights Profiles
How to Authorize Users to Allocate a Device
not requiring for device allocation
Permitting Any User to Allocate a Device
solaris.device.allocate
Device Allocation Commands
How to Authorize Users to Allocate a Device
solaris.device.revoke
Authorizations for the Allocation Commands
types
Authentication and Authorization for Remote Access
B
backslash (
\
)
device_allocate
file
device_allocate File
Sample device_maps Entry
Blowfish encryption algorithm
allowing in heterogeneous environment
Constraining Password Encryption Algorithms in a Heterogeneous Environment
description
Password Hashing Algorithms
policy.conf
file
Constraining Password Encryption Algorithms in a Heterogeneous Environment
boot verification
See
verified boot
See
verified boot
boot_policy
property
verified boot
Policy for Verified Boot
C
CD-ROM drives
allocating
Allocating a CD-ROM Drive
security
Device-Clean Scripts for CD-ROM Drives
certificates
managing with Oracle ILOM
Public Key Certificates for Verified Boot
verified boot and
Public Key Certificates for Verified Boot
verifying manually for verified boot
Manually Verifying a Kernel Module's Signature
changing
allocatable devices
Changing Which Devices Can Be Allocated
default password algorithm
Changing the Default Algorithm for Password Encryption
password algorithm for a domain
How to Specify a New Password Algorithm for an NIS Domain
password algorithm task map
Changing the Default Algorithm for Password Encryption
commands
See Also
individual commands
device allocation commands
Device Allocation Commands
device policy commands
Device Policy Commands
compliance
monitoring
monitoring system usage
Monitoring Compliance
components
device allocation mechanism
Components of Device Allocation
computer security
See
system security
computer system security
See
system security
configuration decisions
password algorithm
Password Encryption
configuration files
device_maps
file
device_maps File
for password algorithms
Password Algorithm Identifiers
policy.conf
file
How to Specify an Algorithm for Password Encryption
Password Algorithm Identifiers
configuring
device allocation
Managing Device Allocation Task Map
device policy
Configuring Device Policy Task Map
hardware security
Controlling Access to System Hardware
password for hardware access
How to Require a Password for SPARC Hardware Access
virus scanning
Using the vscan Service
console
displaying
su
command attempts
How to Restrict and Monitor root Logins
control lists
See
ACL description
controlling
system usage
Controlling Access to System Resources
creating
new device-clean scripts
Writing New Device-Clean Scripts
crypt
command
file security
Encrypting Files on Disk
CRYPT_ALGORITHMS_ALLOW
keyword
policy.conf
file
Password Hashes Configuration
CRYPT_ALGORITHMS_DEPRECATE
keyword
policy.conf
file
Password Hashes Configuration
crypt_bsdbf
password algorithm
Password Hashing Algorithms
crypt_bsdmd5
password algorithm
Password Hashing Algorithms
CRYPT_DEFAULT system variable
How to Specify an Algorithm for Password Encryption
CRYPT_DEFAULT
keyword
policy.conf
file
Password Hashes Configuration
crypt_sha256
password algorithm
Password Hashing Algorithms
crypt_sha256
password algorithm
Changing the Default Algorithm for Password Encryption
crypt_sunmd5
password algorithm
Password Hashing Algorithms
Password Hashing Algorithms
crypt_unix
password algorithm
Password Hashing Algorithms
D
/dev/arp
device
getting IP MIB-II information
How to Retrieve IP MIB-II Information From a /dev/* Device
data
migrating or restoring TPM
Migrating or Restoring TPM Data and Keys
deallocate
command
allocate error state
Allocate Error State
Allocate Error State
authorizations required
Authorizations for the Allocation Commands
device-clean scripts and
Writing New Device-Clean Scripts
using
How to Deallocate a Device
deallocating
devices
How to Deallocate a Device
forcibly
Forcibly Allocating or Deallocating a Device
microphone
Deallocating a Microphone
defaults
system-wide in
policy.conf
file
Password Algorithm Identifiers
devfsadm
command
description
Device Management Commands
device allocation
adding devices
Managing Device Allocation Task Map
allocatable devices
device_allocate File
device_allocate File
allocate error state
Allocate Error State
allocating devices
How to Allocate a Device
auditing
Auditing Device Allocation
authorizations
Device Allocation Rights Profiles
authorizations for commands
Authorizations for the Allocation Commands
authorizing users to allocate
How to Authorize Users to Allocate a Device
changing allocatable devices
Changing Which Devices Can Be Allocated
commands
Device Allocation Commands
components of mechanism
Components of Device Allocation
configuration file
device_maps File
deallocate
command
device-clean scripts and
Writing New Device-Clean Scripts
using
How to Deallocate a Device
deallocating devices
How to Deallocate a Device
device-clean scripts
creating
Writing New Device-Clean Scripts
description
Device-Clean Scripts
options
Writing New Device-Clean Scripts
device_allocate
file
device_allocate File
device_maps
file
device_maps File
disabling
Enabling or Disabled Device Allocation
enabling
Enabling or Disabled Device Allocation
Enabling or Disabled Device Allocation
examples
Allocating a USB Flash Drive
forcibly allocating devices
Forcibly Allocating or Deallocating a Device
forcibly deallocating devices
Forcibly Allocating or Deallocating a Device
making device allocatable
Enabling or Disabled Device Allocation
managing devices
Managing Device Allocation Task Map
mounting devices
How to Mount an Allocated Device
not requiring authorization
Permitting Any User to Allocate a Device
preventing
Preventing All Peripheral Devices From Being Used
requiring authorization
Changing Which Devices Can Be Allocated
rights profiles
Device Allocation Rights Profiles
SMF service
Device Allocation Service
task map
Managing Device Allocation Task Map
troubleshooting
Allocating a CD-ROM Drive
Allocating a USB Flash Drive
troubleshooting permissions
Viewing Allocation Information About a Device
unmounting allocated device
Deallocating a CD-ROM Drive
user procedures
Managing Device Allocation
using
Managing Device Allocation
using
allocate
command
How to Allocate a Device
viewing information
Viewing Allocation Information About a Device
device management
See
device policy
Device Management rights profile
Device Allocation Rights Profiles
device policy
add_drv
command
Device Policy Commands
auditing changes
How to Audit Changes in Device Policy
commands
Device Policy Commands
configuring
Configuring Device Policy
kernel protection
Device Protection Reference
managing devices
Configuring Device Policy Task Map
overview
Device Policy
Controlling Access to Devices
task map
Configuring Device Policy Task Map
update_drv
command
Device Policy Commands
viewing
How to View Device Policy
Device Security rights profile
Device Allocation Rights Profiles
Enabling or Disabled Device Allocation
device-allocation
package
Managing Device Allocation
device-clean scripts
description
Device-Clean Scripts
media
Device-Clean Scripts
device_allocate File
object reuse
Device-Clean Scripts
options
Writing New Device-Clean Scripts
writing new scripts
Writing New Device-Clean Scripts
device_allocate
file
description
device_allocate File
format
device_allocate File
sample
device_allocate File
Changing Which Devices Can Be Allocated
device_maps
file
device_maps File
device_maps File
devices
allocating for use
Managing Device Allocation
allocation
See
device allocation
auditing allocation of
Auditing Device Allocation
auditing policy changes
How to Audit Changes in Device Policy
authorizing users to allocate
How to Authorize Users to Allocate a Device
changing which are allocatable
Changing Which Devices Can Be Allocated
deallocating
How to Deallocate a Device
forcibly allocating
Forcibly Allocating or Deallocating a Device
forcibly deallocating
Forcibly Allocating or Deallocating a Device
getting IP MIB-II information
How to Retrieve IP MIB-II Information From a /dev/* Device
listing
How to View Device Policy
listing device names
Viewing Allocation Information About a Device
login access control
Controlling Access to Devices
making allocatable
Enabling or Disabled Device Allocation
managing
Configuring Device Policy Task Map
managing allocation of
Managing Device Allocation Task Map
mounting allocated devices
How to Mount an Allocated Device
not requiring authorization for use
Permitting Any User to Allocate a Device
policy commands
Device Policy Commands
preventing use of all
Preventing All Peripheral Devices From Being Used
preventing use of some
Preventing Some Peripheral Devices From Being Used
protecting by device allocation
Controlling Access to Devices
protecting in the kernel
Controlling Access to Devices
security
Controlling Access to Devices
unmounting allocated device
Deallocating a CD-ROM Drive
viewing allocation information
Viewing Allocation Information About a Device
viewing device policy
How to View Device Policy
zones and
Controlling Access to Devices
disabling
32-bit executables that compromise security
Protecting the Process Heap and Executable Stacks From Compromise
abort sequence
How to Disable a System's Abort Sequence
device allocation
Enabling or Disabled Device Allocation
keyboard abort
How to Disable a System's Abort Sequence
keyboard shutdown
How to Disable a System's Abort Sequence
logins temporarily
How to Temporarily Disable User Logins
remote
root
access
How to Restrict and Monitor root Logins
system abort sequence
How to Disable a System's Abort Sequence
user logins
How to Temporarily Disable User Logins
displaying
allocatable devices
Viewing Allocation Information About a Device
device policy
How to View Device Policy
root
access attempts
How to Restrict and Monitor root Logins
su
command attempts
How to Restrict and Monitor root Logins
user's login status
Displaying a User's Login Status
How to Display the User's Login Status
users with no passwords
How to Display Users Without Passwords
dminfo
command
device_maps File
E
/etc/certs/elfsign/ORCLS11SE
file
Policy for Verified Boot
/etc/certs/elfsign
directory
verified boot
Verified Boot and ELF Signatures
/etc/default/kbd
file
How to Disable a System's Abort Sequence
/etc/default/login
file
restricting remote
root
access
How to Restrict and Monitor root Logins
/etc/default/su
file
displaying
su
command attempts
How to Restrict and Monitor root Logins
monitoring access attempts
How to Restrict and Monitor root Logins
monitoring
su
command
How to Monitor Who Is Using the su Command
/etc/logindevperm
file
Remote Logins
/etc/nologin
file
disabling user logins temporarily
How to Temporarily Disable User Logins
/etc/security/device_allocate
file
device_allocate File
/etc/security/device_maps
file
device_maps File
/etc/security/policy.conf
file
algorithms configuration
How to Specify an Algorithm for Password Encryption
eeprom
command
Controlling Access to System Hardware
Maintaining Physical Security
eject
command
device cleanup and
Device-Clean Scripts for CD-ROM Drives
ELF signatures
verified boot
Verified Boot and ELF Signatures
enabling
device allocation
Enabling or Disabled Device Allocation
Enabling or Disabled Device Allocation
keyboard abort
How to Disable a System's Abort Sequence
TPM secure keystore for PKCS #11 customers
How to Enable PKCS #11 Consumers to Use TPM as a Secure Keystore
verified boot
Using Verified Boot
encrypting
files
Encrypting Files on Disk
passwords
Changing the Default Algorithm for Password Encryption
encryption
list of password algorithms
Password Algorithm Identifiers
password algorithm
Password Encryption
specifying password algorithm
locally
Changing the Default Algorithm for Password Encryption
specifying password algorithms in
policy.conf
file
Password Algorithm Identifiers
environment variables
See Also
variables
PATH
Setting the PATH Variable
errors
allocate error state
Allocate Error State
executable stacks
preventing insertion of malicious code
How to Prevent the Execution of Malicious Code From the Process Stack and Process Heap
protecting against 32-bit processes
Protecting the Process Heap and Executable Stacks From Compromise
troubleshooting protection status
How to Prevent the Execution of Malicious Code From the Process Stack and Process Heap
viewing protection status
How to Prevent the Execution of Malicious Code From the Process Stack and Process Heap
F
file systems
adding a virus scan engine
How to Add a Scan Engine
enabling virus scanning
How to Enable the vscan Service
excluding files from virus scans
How to Exclude Files From Virus Scans
scanning for viruses
How to Enable Virus Scanning on a File System
sharing files
Sharing Files Across Systems
files
security
access restriction
Restricting Access to Data in Files
ACL
Using Access Control Lists
Restricting Access to Data in Files
device map
device_maps File
encryption
Encrypting Files on Disk
firewall systems
packet smashing
Encryption and Firewall Systems
packet transfers
Encryption and Firewall Systems
security
Firewall Systems
trusted hosts
Firewall Systems
firmware
boot flow with verified boot
Verification Sequence During System Boot
upgrade for verified boot
Firmware Upgrade for Verified Boot
forced cleanup
st_clean
script
Writing New Device-Clean Scripts
G
gateways
See
firewall systems
genunix
module
verified boot and
Verification Sequence During System Boot
getdevpolicy
command
description
Device Management Commands
GRUB
Trusted Platform Module
Using Trusted Platform Module
H
hardware
protecting
Controlling Access to System Hardware
Maintaining Physical Security
requiring password for access
How to Require a Password for SPARC Hardware Access
hosts
trusted hosts
Firewall Systems
I
ILOM
See
Oracle ILOM
installing
Secure by Default
Using the Secure by Default Configuration
Internet firewall setup
Firewall Systems
IP MIB-II
getting information from
/dev/arp
How to Retrieve IP MIB-II Information From a /dev/* Device
K
kbd
file
How to Disable a System's Abort Sequence
kernel zones
verified boot
Using Verified Boot
KEYBOARD_ABORT system variable
How to Disable a System's Abort Sequence
keys
migrating or restoring TPM
Migrating or Restoring TPM Data and Keys
L
layout of address space
load-time randomization
Randomizing the Layout of the Address Space
LDAP naming service
passwords
LDAP Passwords
specifying password algorithm
How to Specify a New Password Algorithm for an LDAP Domain
list_devices
command
authorizations required
Authorizations for the Allocation Commands
listing
device policy
How to View Device Policy
users with no passwords
How to Display Users Without Passwords
load-time randomization
address space layout
Randomizing the Layout of the Address Space
log files
executable stack messages and
Protecting the Process Heap and Executable Stacks From Compromise
monitoring
su
command
How to Monitor Who Is Using the su Command
process heap messages and
Protecting the Process Heap and Executable Stacks From Compromise
logging in
disabling temporarily
How to Temporarily Disable User Logins
displaying user's login status
Displaying a User's Login Status
How to Display the User's Login Status
remotely
Remote Logins
root
login
restricting to console
How to Restrict and Monitor root Logins
tracking
Limiting and Monitoring Superuser Access
security
access control on devices
Remote Logins
access restrictions
Controlling Logins
Controlling Logins
system access control
Controlling Logins
tracking
root
login
Limiting and Monitoring Superuser Access
system access control
Controlling Logins
task map
Securing Logins and Passwords Task Map
login access restrictions
svc:/system/name-service/switch:default
Controlling Logins
login
file
restricting remote
root
access
How to Restrict and Monitor root Logins
logins
command
authorization for
How to Display the User's Login Status
displaying user's login status
Displaying a User's Login Status
How to Display the User's Login Status
displaying users with no passwords
How to Display Users Without Passwords
syntax
How to Display the User's Login Status
M
man pages
device allocation
Device Allocation Commands
managing
See
administering
MD5 encryption algorithm
allowing in heterogeneous environment
Constraining Password Encryption Algorithms in a Heterogeneous Environment
description
How to Specify an Algorithm for Password Encryption
policy.conf
file
Constraining Password Encryption Algorithms in a Heterogeneous Environment
How to Specify an Algorithm for Password Encryption
media
device-clean scripts
Device-Clean Scripts
messages
file
executable stack messages
Protecting the Process Heap and Executable Stacks From Compromise
process heap messages
Protecting the Process Heap and Executable Stacks From Compromise
microphone
deallocating
Deallocating a Microphone
migrating
TPM data and keys
Migrating or Restoring TPM Data and Keys
modules
password encryption
Password Encryption
monitoring
compliance
Monitoring Compliance
root
access
Monitoring and Restricting root Access
root
access attempts
How to Restrict and Monitor root Logins
su
command attempts
How to Monitor Who Is Using the su Command
Limiting and Monitoring Superuser Access
system usage
Monitoring File Integrity
Auditing System Use
mount
command
with security attributes
How to Authorize Users to Allocate a Device
mounting
allocated CD-ROM
Allocating a CD-ROM Drive
allocated devices
How to Mount an Allocated Device
mt
command
Device-Clean Script for Tapes
N
names
device names
device_maps
file
device_allocate File
devices in
device_maps
Sample device_maps Entry
naming conventions
devices
Viewing Allocation Information About a Device
naming service configuration
login access restrictions
Controlling Logins
naming services
See
individual naming services
netservices limited
installation option
Using the Secure by Default Configuration
network security
authentication
Authentication and Authorization for Remote Access
authorizations
Authentication and Authorization for Remote Access
controlling access
Controlling Network Access
firewall systems
need for
Firewall Systems
packet smashing
Encryption and Firewall Systems
trusted hosts
Firewall Systems
overview
Network Security Mechanisms
reporting problems
Reporting Security Problems
NIS naming service
passwords
NIS Passwords
specifying password algorithm
How to Specify a New Password Algorithm for an NIS Domain
nobody
user
Restricting root Access to Shared Files
noexec_user_stack
compatibility with
nxstack
nxstack and noexec_user_stack Compatibility
noexec_user_stack
replacement
Protecting the Process Heap and Executable Stacks From Compromise
nxheap
security extension
Protecting the Process Heap and Executable Stacks From Compromise
variable
How to Prevent the Execution of Malicious Code From the Process Stack and Process Heap
nxstack
compatibility with
noexec_user_stack
nxstack and noexec_user_stack Compatibility
security extension
Protecting the Process Heap and Executable Stacks From Compromise
variable
How to Prevent the Execution of Malicious Code From the Process Stack and Process Heap
O
object reuse requirements
device-clean scripts
writing new scripts
Writing New Device-Clean Scripts
for devices
Device-Clean Scripts
Oracle ILOM
preventing access to USB ports
Using ILOM to Prevent Access to USB Ports
Trusted Platform Module
Using Trusted Platform Module
verified boot
Policy for Verified Boot
verified boot and
Verified Boot and ELF Signatures
ownership of files
ACLs and
Using Access Control Lists
P
packages
crypto/tpm
Initializing and Backing Up TPM on Oracle Solaris Systems
device-allocation
Managing Device Allocation
pkcs11_tpm
How to Enable PKCS #11 Consumers to Use TPM as a Secure Keystore
trousers
Initializing and Backing Up TPM on Oracle Solaris Systems
virus-scan
How to Install Virus Scanning Software
packet transfers
firewall security
Firewall Systems
packet smashing
Encryption and Firewall Systems
passwd
command
and naming services
NIS Passwords
passwords
algorithms
Password Hashing Algorithms
changing with
passwd -r
command
NIS Passwords
constraining encryption algorithms in heterogeneous environment
Constraining Password Encryption Algorithms in a Heterogeneous Environment
displaying users with no passwords
How to Display Users Without Passwords
encryption algorithms
Password Encryption
finding users with no passwords
How to Display Users Without Passwords
hardware access and
How to Require a Password for SPARC Hardware Access
LDAP
LDAP Passwords
specifying new password algorithm
How to Specify a New Password Algorithm for an LDAP Domain
local
Local Passwords
login security
Managing Password Information
Controlling Logins
Controlling Logins
NIS
NIS Passwords
specifying new password algorithm
How to Specify a New Password Algorithm for an NIS Domain
PROM security mode
Controlling Access to System Hardware
Maintaining Physical Security
requiring for hardware access
How to Require a Password for SPARC Hardware Access
specifying algorithm
How to Specify an Algorithm for Password Encryption
in naming services
How to Specify a New Password Algorithm for an NIS Domain
locally
Changing the Default Algorithm for Password Encryption
task map
Securing Logins and Passwords Task Map
using Blowfish in heterogeneous environment
Constraining Password Encryption Algorithms in a Heterogeneous Environment
using MD5 encryption algorithm for
How to Specify an Algorithm for Password Encryption
using new algorithm
How to Specify an Algorithm for Password Encryption
PATH environment variable
and security
Setting the PATH Variable
setting
Setting the PATH Variable
permissions
ACLs and
Using Access Control Lists
physical security
description
Maintaining Physical Security
PKCS #11
Trusted Platform Module
Using Trusted Platform Module
pkcs11_tpm
package
How to Enable PKCS #11 Consumers to Use TPM as a Secure Keystore
policies
on devices
How to View Device Policy
specifying password algorithm
Changing the Default Algorithm for Password Encryption
policy
verified boot
Policy for Verified Boot
policy.conf
file
keywords for password algorithms
Password Hashes Configuration
specifying encryption algorithms in
How to Specify an Algorithm for Password Encryption
specifying password algorithm
in naming services
How to Specify a New Password Algorithm for an NIS Domain
specifying password algorithms
How to Specify an Algorithm for Password Encryption
pound sign (
#
)
device_allocate
file
device_allocate File
device_maps
file
Sample device_maps Entry
pre-boot environment
verified boot
Verified Boot and ELF Signatures
privileged ports
alternative to Secure RPC
Authentication Services for Remote Access
process heaps
protecting against attack
Protecting the Process Heap and Executable Stacks From Compromise
PROM security mode
Controlling Access to System Hardware
protecting
32-bit executables from compromising security
Protecting the Process Heap and Executable Stacks From Compromise
BIOS, pointer to
How to Require a Password for SPARC Hardware Access
PROM
How to Require a Password for SPARC Hardware Access
providers
pkcs11_tpm.so
How to Enable PKCS #11 Consumers to Use TPM as a Secure Keystore
R
redirection
preventing
Assigning a Restricted Shell to Users
rem_drv
command
description
Device Management Commands
remote logins
authentication
Authentication and Authorization for Remote Access
authorization
Authentication and Authorization for Remote Access
preventing
root
access
How to Restrict and Monitor root Logins
security
Remote Logins
removable media
allocating
Allocating a USB Flash Drive
restoring
TPM data and keys
Migrating or Restoring TPM Data and Keys
restricted shell (
rsh
)
Assigning a Restricted Shell to Users
restricting
remote
root
access
How to Restrict and Monitor root Logins
root
access
Monitoring and Restricting root Access
rights profiles
Device Management
Device Allocation Rights Profiles
Device Security
Device Allocation Rights Profiles
Enabling or Disabled Device Allocation
using the System Administrator profile
How to Require a Password for SPARC Hardware Access
roles
using to access the hardware
How to Require a Password for SPARC Hardware Access
root
access
monitoring and restricting
Monitoring and Restricting root Access
monitoring attempts
How to Restrict and Monitor root Logins
troubleshooting remote
Logging root Access Attempts
root
account
description
Special System Accounts
root
user
displaying access attempts on console
How to Restrict and Monitor root Logins
monitoring
su
command attempts
How to Monitor Who Is Using the su Command
Limiting and Monitoring Superuser Access
restricting access
Restricting root Access to Shared Files
restricting remote access
How to Restrict and Monitor root Logins
How to Restrict and Monitor root Logins
tracking logins
Limiting and Monitoring Superuser Access
rsh
command (restricted shell)
Assigning a Restricted Shell to Users
S
scanning for viruses
See
virus scanning
scripts for cleaning devices
See
device-clean scripts
SCSI devices
st_clean
script
device_allocate File
Secure by Default installation option
Using the Secure by Default Configuration
Secure RPC
alternative
Authentication Services for Remote Access
overview
Authentication and Authorization for Remote Access
securing
network at installation
Using the Secure by Default Configuration
passwords
Securing Logins and Passwords Task Map
security
device control
Controlling Access to Devices
devices
Controlling Access to Devices
extensions
Protecting Against Malware With Security Extensions
installation options
Using the Secure by Default Configuration
netservices limited
installation option
Using the Secure by Default Configuration
password encryption
Password Encryption
preventing remote login
How to Restrict and Monitor root Logins
protecting against denial of service
Using Resource Management Features
protecting against Trojan horse
Setting the PATH Variable
protecting devices
Device-Clean Scripts
protecting hardware
Controlling Access to System Hardware
protecting PROM
Controlling Access to System Hardware
Secure by Default
Using the Secure by Default Configuration
system hardware
Controlling Access to System Hardware
systems
Managing Computer System Security
security attributes
using to mount allocated device
How to Authorize Users to Allocate a Device
security extensions
aslr
Randomizing the Layout of the Address Space
framework
Preventing Intentional Misuse of System Resources
nxheap
How to Prevent the Execution of Malicious Code From the Process Stack and Process Heap
nxstack
How to Prevent the Execution of Malicious Code From the Process Stack and Process Heap
Protecting the Process Heap and Executable Stacks From Compromise
protecting heaps and stacks
Protecting the Process Heap and Executable Stacks From Compromise
randomizing address space layout
Randomizing the Layout of the Address Space
Security Extensions Framework
See
security extensions
Service Management Facility (SMF)
See
SMF
setuid
permissions
security risks
Restricting setuid Executable Files
SHA-2
algorithms
Password Hashing Algorithms
sharing files
and network security
Sharing Files Across Systems
SMF
device allocation service
Device Allocation Service
managing Secure by Default configuration
Using the Secure by Default Configuration
solaris.device.revoke
authorization
Authorizations for the Allocation Commands
SPARC systems
verified boot
Using Verified Boot
st_clean
script
Device-Clean Script for Tapes
device_allocate File
standard cleanup
st_clean
script
Writing New Device-Clean Scripts
starting
device allocation
Enabling or Disabled Device Allocation
su
command
displaying access attempts on console
How to Restrict and Monitor root Logins
monitoring use
How to Monitor Who Is Using the su Command
su
file
monitoring
su
command
How to Monitor Who Is Using the su Command
sulog
file
How to Monitor Who Is Using the su Command
Sun
MD5
algorithm
Password Hashing Algorithms
superuser
See
root
role
svc:/system/device/allocate
device allocation service
Device Allocation Service
sxadm
command
command overview
Preventing Intentional Misuse of System Resources
managing security extensions
How to Prevent the Execution of Malicious Code From the Process Stack and Process Heap
system accounts
protecting
Special System Accounts
System Administrator rights
protecting hardware
How to Require a Password for SPARC Hardware Access
system calls
ioctl to clean audio device
Device-Clean Script for Audio
system hardware
controlling access to
Controlling Access to System Hardware
system security
access
Managing Computer System Security
computer system access
Maintaining Physical Security
displaying
user's login status
Displaying a User's Login Status
How to Display the User's Login Status
users with no passwords
How to Display Users Without Passwords
firewall systems
Firewall Systems
hardware protection
Controlling Access to System Hardware
Maintaining Physical Security
login access restrictions
Controlling Logins
overview
Controlling Access to a Computer System
Managing Computer System Security
password encryption
Password Encryption
passwords
Managing Password Information
restricted shell
Assigning a Restricted Shell to Users
Assigning a Restricted Shell to Users
restricting remote
root
access
How to Restrict and Monitor root Logins
role-based access control (RBAC)
Configuring Role-Based Access Control to Replace Superuser
root
access restrictions
How to Restrict and Monitor root Logins
Restricting root Access to Shared Files
special accounts
Special System Accounts
su
command monitoring
How to Monitor Who Is Using the su Command
Limiting and Monitoring Superuser Access
system variables
See Also
variables
CRYPT_DEFAULT
How to Specify an Algorithm for Password Encryption
KEYBOARD_ABORT
How to Disable a System's Abort Sequence
T
task maps
configuring device policy
Configuring Device Policy Task Map
device allocation
Managing Device Allocation Task Map
device policy
Configuring Device Policy Task Map
managing device allocation
Managing Device Allocation Task Map
managing device policy
Configuring Device Policy Task Map
securing logins and passwords
Securing Logins and Passwords Task Map
tcsd
daemon
Monitoring TPM Status
Trusted Platform Module
Using Trusted Platform Module
TPM
See
Trusted Platform Module
tpmadm
command
checking TPM status
How to Initialize TPM Using BIOS
How to Initialize TPM Using the Oracle ILOM Interface
initializing TPM
How to Initialize TPM Using BIOS
reinitializing TPM
How to Initialize TPM Using the Oracle ILOM Interface
Trusted Platform Module
Using Trusted Platform Module
Trojan horse
Setting the PATH Variable
troubleshooting
allocating a device
Allocating a USB Flash Drive
executable stack protection
How to Prevent the Execution of Malicious Code From the Process Stack and Process Heap
list_devices
command
Viewing Allocation Information About a Device
mounting a device
Allocating a CD-ROM Drive
preventing programs from using executable stacks
How to Prevent the Execution of Malicious Code From the Process Stack and Process Heap
remote
root
access
Logging root Access Attempts
terminal where
su
command originated
How to Monitor Who Is Using the su Command
Trusted Platform Module
Troubleshooting TPM
TrouSerS package
See
Trusted Platform Module, TSS package
Trusted Computing Group Software Stack
Trusted Platform Module
Using Trusted Platform Module
trusted hosts
Firewall Systems
Trusted Platform Module
backing up TPM data and keys
SPARC based systems
How to Back Up TPM Data and Keys
components in Oracle Solaris
Using Trusted Platform Module
enabling TPM failover
TPM Failover Option
initializing
x86 based systems
How to Initialize TPM Using BIOS
initializing and backing up
Initializing and Backing Up TPM on Oracle Solaris Systems
SPARC based systems
How to Initialize TPM Using the Oracle ILOM Interface
migrating or restoring TPM data and keys
Migrating or Restoring TPM Data and Keys
monitoring status
Monitoring TPM Status
owner of
Using Trusted Platform Module
PKCS #11 users
How to Enable PKCS #11 Consumers to Use TPM as a Secure Keystore
TPM packages in Oracle Solaris
Monitoring TPM Status
Initializing and Backing Up TPM on Oracle Solaris Systems
troubleshooting
Troubleshooting TPM
U
/usr/lib/security/$ISA/pkcs11_tpm.so
How to Enable PKCS #11 Consumers to Use TPM as a Secure Keystore
umount
command
with security attributes
How to Authorize Users to Allocate a Device
unmounting
allocated devices
Deallocating a CD-ROM Drive
update_drv
command
description
Device Management Commands
upgrading
firmware for verified boot
Firmware Upgrade for Verified Boot
USB ports
preventing access
Using ILOM to Prevent Access to USB Ports
user accounts
See Also
users
displaying login status
Displaying a User's Login Status
How to Display the User's Login Status
user ID numbers (UIDs)
special accounts and
Special System Accounts
user procedures
allocating devices
Managing Device Allocation
users
allocating devices
How to Allocate a Device
assigning allocate authorization to
How to Authorize Users to Allocate a Device
deallocating devices
How to Deallocate a Device
disabling login
How to Temporarily Disable User Logins
displaying login status
How to Display the User's Login Status
having no passwords
How to Display Users Without Passwords
mounting allocated devices
How to Mount an Allocated Device
unmounting allocated devices
Deallocating a CD-ROM Drive
V
/var/adm/sulog
file
monitoring contents of
How to Monitor Who Is Using the su Command
variables
CRYPT_DEFAULT
system variable
Password Hashes Configuration
KEYBOARD_ABORT
system variable
How to Disable a System's Abort Sequence
noexec_user_stack*
deprecated
nxstack and noexec_user_stack Compatibility
PATH environment variable
Setting the PATH Variable
verified boot
boot_policy
Controlling Access to Boot Processes
certificate sources
Public Key Certificates for Verified Boot
configuration properties
Policy for Verified Boot
ELF signatures
Verified Boot and ELF Signatures
enabling
Using Verified Boot
firmware upgrade
Firmware Upgrade for Verified Boot
manual certificate verification
Manually Verifying a Kernel Module's Signature
Oracle ILOM and
Verified Boot and ELF Signatures
Oracle ILOM and SPARC
Using Verified Boot
policy
Policy for Verified Boot
SPARC and x86 systems
Using Verified Boot
SPARC systems with Oracle ILOM
Using Verified Boot
verification sequence
Verification Sequence During System Boot
verified boot certificate
Policy for Verified Boot
verifying
verified boot certificates manually
Manually Verifying a Kernel Module's Signature
viewing
device allocation information
Viewing Allocation Information About a Device
device policy
How to View Device Policy
user's login status
How to Display the User's Login Status
users with no passwords
How to Display Users Without Passwords
virus scanning
configuring
Using the vscan Service
described
About the vscan Service
engines
Antivirus Scan Engine Software
files
About Virus Scanning
package
How to Install Virus Scanning Software
service
Using the vscan Service
virus-scan
package
How to Install Virus Scanning Software
viruses
denial of service attack
Using Resource Management Features
Trojan horse
Setting the PATH Variable
vscan
service
Using the vscan Service
X
x86 systems
verified boot
Using Verified Boot
Z
zones
devices and
Controlling Access to Devices
kernel and verified boot
Using Verified Boot
Previous