Index
Numbers and Symbols
- # (pound sign)
- device_allocate file
device_allocate File
- device_maps fileSample device_maps Entry
- device_allocate file
- > (redirect output)
- preventingAssigning a Restricted Shell to Users
- preventing
- >> (append output)
- preventingAssigning a Restricted Shell to Users
- preventing
- * (asterisk)
- device_allocate file
- + (plus sign)
- - (minus sign)
- 32-bit executables
- protecting from compromising securityProtecting the Process Heap and Executable Stacks From Compromise
- protecting from compromising security
- ; (semicolon)
- device_allocate filedevice_allocate File
- device_allocate file
- @ (at sign)
- device_allocate filedevice_allocate File
- device_allocate file
- \ (backslash)
- device_allocate filedevice_allocate File
- device_maps fileSample device_maps Entry
- device_allocate file
A
- access
- address spaceRandomizing the Layout of the Address Space
- restricting for
- system hardwareControlling Access to System Hardware
- system hardware
- root access
- displaying attempts on consoleHow to Restrict and Monitor root Logins
- monitoring su command attempts
- displaying attempts on console
- security
- controlling system usageControlling Access to System Resources
- devicesConfiguring Device Policy
- file access restrictionRestricting Access to Data in Files
- firewall setup
- login access restrictionsControlling Logins
- login controlControlling Logins
- monitoring system usage
- network controlControlling Network Access
- PATH variable settingSetting the PATH Variable
- peripheral devicesControlling Access to Devices
- physical securityMaintaining Physical Security
- protecting system integrityProtecting Oracle Solaris System Integrity
- reporting problemsReporting Security Problems
- root login trackingLimiting and Monitoring Superuser Access
- setuid programsRestricting setuid Executable Files
- system hardwareControlling Access to System Hardware
- controlling system usage
- sharing filesSharing Files Across Systems
- address space
- ACL descriptionUsing Access Control Lists
- add_drv command
- descriptionDevice Management Commands
- description
- adding
- allocatable deviceEnabling or Disabled Device Allocation
- security to devicesManaging Device Allocation
- security to system hardwareHow to Require a Password for SPARC Hardware Access
- allocatable device
- address space
- random layoutRandomizing the Layout of the Address Space
- random layout
- administering
- device allocationManaging Device Allocation Task Map
- device allocation task mapManaging Device Allocation Task Map
- device policyConfiguring Device Policy Task Map
- password algorithmsChanging the Default Algorithm for Password Encryption
- device allocation
- algorithms
- list of password configurationHow to Specify an Algorithm for Password Encryption
- password encryption
- password hashesPassword Hashing Algorithms
- list of password configuration
- allocate error stateAllocate Error State
- allocate command
- allocate error stateAllocate Error State
- authorizations requiredAuthorizations for the Allocation Commands
- removable mediaAllocating a USB Flash Drive
- user authorizationHow to Authorize Users to Allocate a Device
- allocate error state
- allocating devices
- by usersHow to Allocate a Device
- troubleshootingAllocating a USB Flash Drive
- by users
- antivirus software Seevirus scanning
- appending arrow (>>)
- preventing appendingAssigning a Restricted Shell to Users
- preventing appending
- aslr security extensionRandomizing the Layout of the Address Space
- asterisk (*)
- device_allocate file
- at sign (@)
- device_allocate filedevice_allocate File
- device_allocate file
- audio devices
- securityDevice-Clean Script for Audio
- security
- auditing
- changes in device policyHow to Audit Changes in Device Policy
- device allocationAuditing Device Allocation
- changes in device policy
- authentication
- network securityAuthentication and Authorization for Remote Access
- network security
- authorizations
- for device allocation
- not requiring for device allocationPermitting Any User to Allocate a Device
- solaris.device.allocate
- solaris.device.revokeAuthorizations for the Allocation Commands
B
- backslash (\)
- device_allocate file
- Blowfish encryption algorithm
- allowing in heterogeneous environmentConstraining Password Encryption Algorithms in a Heterogeneous
Environment
- descriptionPassword Hashing Algorithms
- allowing in heterogeneous environment
- boot verification
- Seeverified boot
- Seeverified boot
- See
- boot_policy property
- verified bootPolicy for Verified Boot
- verified boot
C
- CD-ROM drives
- allocatingAllocating a CD-ROM Drive
- allocating
- certificates
- managing with Oracle ILOMPublic Key Certificates for Verified Boot
- verified boot andPublic Key Certificates for Verified Boot
- verifying manually for verified bootManually Verifying a Kernel Module's Signature
- managing with Oracle ILOM
- changing
- allocatable devicesChanging Which Devices Can Be Allocated
- default password algorithmChanging the Default Algorithm for Password Encryption
- password algorithm for a domainHow to Specify a New Password Algorithm for an NIS Domain
- password algorithm task mapChanging the Default Algorithm for Password Encryption
- allocatable devices
- commands See Alsoindividual commands
- device allocation commandsDevice Allocation Commands
- device policy commandsDevice Policy Commands
- device allocation commands
- compliance
- monitoring
- monitoring system usageMonitoring Compliance
- monitoring system usage
- monitoring
- components
- device allocation mechanismComponents of Device Allocation
- device allocation mechanism
- computer security Seesystem security
- computer system security Seesystem security
- configuration decisions
- password algorithmPassword Encryption
- password algorithm
- configuration files
- device_maps filedevice_maps File
- for password algorithmsPassword Algorithm Identifiers
- device_maps file
- configuring
- device allocationManaging Device Allocation Task Map
- device policyConfiguring Device Policy Task Map
- hardware securityControlling Access to System Hardware
- password for hardware accessHow to Require a Password for SPARC Hardware Access
- virus scanningUsing the vscan Service
- device allocation
- console
- displaying su command attemptsHow to Restrict and Monitor root Logins
- displaying su command attempts
- control lists SeeACL description
- controlling
- system usageControlling Access to System Resources
- system usage
- creating
- new device-clean scriptsWriting New Device-Clean Scripts
- new device-clean scripts
- crypt command
- file securityEncrypting Files on Disk
- file security
- CRYPT_ALGORITHMS_ALLOW keyword
- policy.conf filePassword Hashes Configuration
- policy.conf file
- CRYPT_ALGORITHMS_DEPRECATE keyword
- policy.conf filePassword Hashes Configuration
- policy.conf file
- crypt_bsdbf password algorithmPassword Hashing Algorithms
- crypt_bsdmd5 password algorithmPassword Hashing Algorithms
- CRYPT_DEFAULT system variableHow to Specify an Algorithm for Password Encryption
- CRYPT_DEFAULT keyword
- policy.conf filePassword Hashes Configuration
- policy.conf file
- crypt_sha256 password algorithmPassword Hashing Algorithms
- crypt_sha256 password algorithmChanging the Default Algorithm for Password Encryption
- crypt_sunmd5 password algorithm
- crypt_unix password algorithmPassword Hashing Algorithms
D
- /dev/arp device
- getting IP MIB-II informationHow to Retrieve IP MIB-II Information From a /dev/* Device
- getting IP MIB-II information
- data
- migrating or restoring TPMMigrating or Restoring TPM Data and Keys
- migrating or restoring TPM
- deallocate command
- allocate error state
- authorizations requiredAuthorizations for the Allocation Commands
- device-clean scripts andWriting New Device-Clean Scripts
- deallocating
- devicesHow to Deallocate a Device
- microphoneDeallocating a Microphone
- devices
- defaults
- system-wide in policy.conf filePassword Algorithm Identifiers
- system-wide in policy.conf file
- devfsadm command
- descriptionDevice Management Commands
- description
- device allocation
- adding devicesManaging Device Allocation Task Map
- allocatable devices
- allocate error stateAllocate Error State
- allocating devicesHow to Allocate a Device
- auditingAuditing Device Allocation
- authorizationsDevice Allocation Rights Profiles
- authorizations for commandsAuthorizations for the Allocation Commands
- authorizing users to allocateHow to Authorize Users to Allocate a Device
- changing allocatable devicesChanging Which Devices Can Be Allocated
- commandsDevice Allocation Commands
- components of mechanismComponents of Device Allocation
- configuration filedevice_maps File
- deallocate command
- device-clean scripts andWriting New Device-Clean Scripts
- device-clean scripts and
- deallocating devicesHow to Deallocate a Device
- device-clean scripts
- creatingWriting New Device-Clean Scripts
- descriptionDevice-Clean Scripts
- creating
- device_allocate filedevice_allocate File
- device_maps filedevice_maps File
- examplesAllocating a USB Flash Drive
- forcibly allocating devicesForcibly Allocating or Deallocating a Device
- forcibly deallocating devicesForcibly Allocating or Deallocating a Device
- making device allocatableEnabling or Disabled Device Allocation
- managing devicesManaging Device Allocation Task Map
- mounting devicesHow to Mount an Allocated Device
- not requiring authorizationPermitting Any User to Allocate a Device
- requiring authorizationChanging Which Devices Can Be Allocated
- rights profilesDevice Allocation Rights Profiles
- SMF serviceDevice Allocation Service
- troubleshooting
- troubleshooting permissionsViewing Allocation Information About a Device
- unmounting allocated deviceDeallocating a CD-ROM Drive
- user proceduresManaging Device Allocation
- using allocate commandHow to Allocate a Device
- viewing informationViewing Allocation Information About a Device
- adding devices
- device management Seedevice policy
- Device Management rights profileDevice Allocation Rights Profiles
- device policy
- add_drv commandDevice Policy Commands
- auditing changesHow to Audit Changes in Device Policy
- commandsDevice Policy Commands
- configuringConfiguring Device Policy
- kernel protectionDevice Protection Reference
- managing devicesConfiguring Device Policy Task Map
- update_drv commandDevice Policy Commands
- viewingHow to View Device Policy
- add_drv command
- Device Security rights profile
- device-allocation packageManaging Device Allocation
- device-clean scripts
- descriptionDevice-Clean Scripts
- object reuseDevice-Clean Scripts
- writing new scriptsWriting New Device-Clean Scripts
- description
- device_allocate file
- descriptiondevice_allocate File
- formatdevice_allocate File
- description
- device_maps file
- devices
- allocating for useManaging Device Allocation
- allocation Seedevice allocation
- auditing allocation ofAuditing Device Allocation
- auditing policy changesHow to Audit Changes in Device Policy
- authorizing users to allocateHow to Authorize Users to Allocate a Device
- changing which are allocatableChanging Which Devices Can Be Allocated
- deallocatingHow to Deallocate a Device
- forcibly allocatingForcibly Allocating or Deallocating a Device
- forcibly deallocatingForcibly Allocating or Deallocating a Device
- getting IP MIB-II informationHow to Retrieve IP MIB-II Information From a /dev/* Device
- listingHow to View Device Policy
- listing device namesViewing Allocation Information About a Device
- login access controlControlling Access to Devices
- making allocatableEnabling or Disabled Device Allocation
- managing allocation ofManaging Device Allocation Task Map
- mounting allocated devicesHow to Mount an Allocated Device
- not requiring authorization for usePermitting Any User to Allocate a Device
- policy commandsDevice Policy Commands
- preventing use of allPreventing All Peripheral Devices From Being Used
- preventing use of somePreventing Some Peripheral Devices From Being Used
- protecting by device allocationControlling Access to Devices
- protecting in the kernelControlling Access to Devices
- securityControlling Access to Devices
- unmounting allocated deviceDeallocating a CD-ROM Drive
- viewing allocation informationViewing Allocation Information About a Device
- viewing device policyHow to View Device Policy
- zones andControlling Access to Devices
- allocating for use
- disabling
- 32-bit executables that compromise securityProtecting the Process Heap and Executable Stacks From Compromise
- abort sequenceHow to Disable a System's Abort Sequence
- device allocationEnabling or Disabled Device Allocation
- keyboard abortHow to Disable a System's Abort Sequence
- keyboard shutdownHow to Disable a System's Abort Sequence
- logins temporarilyHow to Temporarily Disable User Logins
- remote root accessHow to Restrict and Monitor root Logins
- system abort sequenceHow to Disable a System's Abort Sequence
- user loginsHow to Temporarily Disable User Logins
- 32-bit executables that compromise security
- displaying
- allocatable devicesViewing Allocation Information About a Device
- device policyHow to View Device Policy
- root access attemptsHow to Restrict and Monitor root Logins
- su command attemptsHow to Restrict and Monitor root Logins
- user's login status
- users with no passwordsHow to Display Users Without Passwords
- allocatable devices
- dminfo commanddevice_maps File
E
- /etc/certs/elfsign/ORCLS11SE filePolicy for Verified Boot
- /etc/certs/elfsign directory
- verified bootVerified Boot and ELF Signatures
- verified boot
- /etc/default/kbd fileHow to Disable a System's Abort Sequence
- /etc/default/login file
- restricting remote root accessHow to Restrict and Monitor root Logins
- restricting remote root access
- /etc/default/su file
- displaying su command attemptsHow to Restrict and Monitor root Logins
- monitoring access attemptsHow to Restrict and Monitor root Logins
- monitoring su commandHow to Monitor Who Is Using the su Command
- displaying su command attempts
- /etc/logindevperm fileRemote Logins
- /etc/nologin file
- disabling user logins temporarilyHow to Temporarily Disable User Logins
- disabling user logins temporarily
- /etc/security/device_allocate filedevice_allocate File
- /etc/security/device_maps filedevice_maps File
- /etc/security/policy.conf file
- algorithms configurationHow to Specify an Algorithm for Password Encryption
- algorithms configuration
- eject command
- device cleanup andDevice-Clean Scripts for CD-ROM Drives
- device cleanup and
- ELF signatures
- verified bootVerified Boot and ELF Signatures
- verified boot
- enabling
- keyboard abortHow to Disable a System's Abort Sequence
- TPM secure keystore for PKCS #11 customersHow to Enable PKCS #11 Consumers to Use TPM as a Secure
Keystore
- verified bootUsing Verified Boot
- keyboard abort
- encrypting
- encryption
- list of password algorithmsPassword Algorithm Identifiers
- password algorithmPassword Encryption
- specifying password algorithm
- specifying password algorithms in policy.conf filePassword Algorithm Identifiers
- list of password algorithms
- environment variables See Alsovariables
- errors
- allocate error stateAllocate Error State
- allocate error state
- executable stacks
- preventing insertion of malicious codeHow to Prevent the Execution of Malicious Code From the Process
Stack and Process Heap
- protecting against 32-bit processesProtecting the Process Heap and Executable Stacks From Compromise
- troubleshooting protection statusHow to Prevent the Execution of Malicious Code From the Process
Stack and Process Heap
- viewing protection statusHow to Prevent the Execution of Malicious Code From the Process
Stack and Process Heap
- preventing insertion of malicious code
F
- file systems
- adding a virus scan engineHow to Add a Scan Engine
- enabling virus scanningHow to Enable the vscan Service
- excluding files from virus scansHow to Exclude Files From Virus
Scans
- scanning for virusesHow to Enable Virus Scanning on a File System
- sharing filesSharing Files Across Systems
- adding a virus scan engine
- files
- security
- access restrictionRestricting Access to Data in Files
- device mapdevice_maps File
- encryptionEncrypting Files on Disk
- access restriction
- security
- firewall systems
- packet smashingEncryption and Firewall Systems
- packet transfersEncryption and Firewall Systems
- securityFirewall Systems
- trusted hostsFirewall Systems
- packet smashing
- firmware
- boot flow with verified bootVerification Sequence During System Boot
- upgrade for verified bootFirmware Upgrade for Verified Boot
- boot flow with verified boot
- forced cleanup
- st_clean scriptWriting New Device-Clean Scripts
- st_clean script
G
- gateways Seefirewall systems
- genunix module
- verified boot andVerification Sequence During System Boot
- verified boot and
- getdevpolicy command
- descriptionDevice Management Commands
- description
- GRUB
- Trusted Platform ModuleUsing Trusted Platform Module
- Trusted Platform Module
H
- hardware
- requiring password for accessHow to Require a Password for SPARC Hardware Access
- requiring password for access
- hosts
- trusted hostsFirewall Systems
- trusted hosts
I
- ILOM SeeOracle ILOM
- installing
- Secure by DefaultUsing the Secure by Default Configuration
- Secure by Default
- Internet firewall setupFirewall Systems
- IP MIB-II
- getting information from /dev/arpHow to Retrieve IP MIB-II Information From a /dev/* Device
- getting information from /dev/arp
K
- kernel zones
- verified bootUsing Verified Boot
- verified boot
- KEYBOARD_ABORT system variableHow to Disable a System's Abort Sequence
- keys
- migrating or restoring TPMMigrating or Restoring TPM Data and Keys
- migrating or restoring TPM
L
- layout of address space
- load-time randomizationRandomizing the Layout of the Address Space
- load-time randomization
- LDAP naming service
- passwordsLDAP Passwords
- specifying password algorithmHow to Specify a New Password Algorithm for an LDAP Domain
- passwords
- list_devices command
- authorizations requiredAuthorizations for the Allocation Commands
- authorizations required
- listing
- device policyHow to View Device Policy
- users with no passwordsHow to Display Users Without Passwords
- device policy
- load-time randomization
- address space layoutRandomizing the Layout of the Address Space
- address space layout
- log files
- executable stack messages andProtecting the Process Heap and Executable Stacks From Compromise
- monitoring su commandHow to Monitor Who Is Using the su Command
- process heap messages andProtecting the Process Heap and Executable Stacks From Compromise
- executable stack messages and
- logging in
- disabling temporarilyHow to Temporarily Disable User Logins
- displaying user's login status
- remotelyRemote Logins
- root login
- restricting to consoleHow to Restrict and Monitor root Logins
- restricting to console
- security
- access control on devicesRemote Logins
- access restrictions
- system access controlControlling Logins
- tracking root loginLimiting and Monitoring Superuser Access
- access control on devices
- system access controlControlling Logins
- disabling temporarily
- login access restrictions
- svc:/system/name-service/switch:defaultControlling Logins
- svc:/system/name-service/switch:default
- login file
- restricting remote root accessHow to Restrict and Monitor root Logins
- restricting remote root access
- logins command
- authorization forHow to Display the User's Login Status
- displaying user's login status
- displaying users with no passwordsHow to Display Users Without Passwords
- authorization for
M
- man pages
- device allocationDevice Allocation Commands
- device allocation
- managing Seeadministering
- MD5 encryption algorithm
- allowing in heterogeneous environmentConstraining Password Encryption Algorithms in a Heterogeneous
Environment
- allowing in heterogeneous environment
- media
- device-clean scriptsDevice-Clean Scripts
- device-clean scripts
- messages file
- executable stack messagesProtecting the Process Heap and Executable Stacks From Compromise
- process heap messagesProtecting the Process Heap and Executable Stacks From Compromise
- executable stack messages
- microphone
- deallocatingDeallocating a Microphone
- deallocating
- migrating
- TPM data and keysMigrating or Restoring TPM Data and Keys
- TPM data and keys
- modules
- password encryptionPassword Encryption
- password encryption
- monitoring
- complianceMonitoring Compliance
- root accessMonitoring and Restricting root Access
- root access attemptsHow to Restrict and Monitor root Logins
- su command attempts
- system usage
- compliance
- mount command
- with security attributesHow to Authorize Users to Allocate a Device
- with security attributes
- mounting
- allocated CD-ROMAllocating a CD-ROM Drive
- allocated devicesHow to Mount an Allocated Device
- allocated CD-ROM
- mt commandDevice-Clean Script for Tapes
N
- names
- device names
- device_maps filedevice_allocate File
- device_maps file
- devices in device_mapsSample device_maps Entry
- device names
- naming conventions
- naming service configuration
- login access restrictionsControlling Logins
- login access restrictions
- naming services Seeindividual naming services
- netservices limited installation optionUsing the Secure by Default Configuration
- network security
- authenticationAuthentication and Authorization for Remote Access
- authorizationsAuthentication and Authorization for Remote Access
- controlling accessControlling Network Access
- firewall systems
- need forFirewall Systems
- packet smashingEncryption and Firewall Systems
- trusted hostsFirewall Systems
- need for
- overviewNetwork Security Mechanisms
- reporting problemsReporting Security Problems
- authentication
- NIS naming service
- passwordsNIS Passwords
- specifying password algorithmHow to Specify a New Password Algorithm for an NIS Domain
- passwords
- nobody userRestricting root Access to Shared Files
- noexec_user_stack
- compatibility with nxstacknxstack and
noexec_user_stack Compatibility
- compatibility with nxstack
- noexec_user_stack replacementProtecting the Process Heap and Executable Stacks From Compromise
- nxheap
- security extensionProtecting the Process Heap and Executable Stacks From Compromise
- security extension
- nxstack
- compatibility with noexec_user_stacknxstack and
noexec_user_stack Compatibility
- security extensionProtecting the Process Heap and Executable Stacks From Compromise
- compatibility with noexec_user_stack
O
- object reuse requirements
- device-clean scripts
- writing new scriptsWriting New Device-Clean Scripts
- writing new scripts
- for devicesDevice-Clean Scripts
- device-clean scripts
- Oracle ILOM
- preventing access to USB portsUsing ILOM to Prevent Access to USB Ports
- Trusted Platform ModuleUsing Trusted Platform Module
- verified bootPolicy for Verified Boot
- verified boot andVerified Boot and ELF Signatures
- preventing access to USB ports
- ownership of files
- ACLs andUsing Access Control Lists
- ACLs and
P
- packages
- device-allocationManaging Device Allocation
- virus-scanHow to Install Virus Scanning Software
- device-allocation
- packet transfers
- firewall securityFirewall Systems
- packet smashingEncryption and Firewall Systems
- firewall security
- passwd command
- and naming servicesNIS Passwords
- and naming services
- passwords
- algorithmsPassword Hashing Algorithms
- changing with passwd -r commandNIS Passwords
- constraining encryption algorithms in heterogeneous environmentConstraining Password Encryption Algorithms in a Heterogeneous
Environment
- displaying users with no passwordsHow to Display Users Without Passwords
- encryption algorithmsPassword Encryption
- finding users with no passwordsHow to Display Users Without Passwords
- hardware access andHow to Require a Password for SPARC Hardware Access
- LDAPLDAP Passwords
- specifying new password algorithmHow to Specify a New Password Algorithm for an LDAP Domain
- specifying new password algorithm
- localLocal Passwords
- NISNIS Passwords
- specifying new password algorithmHow to Specify a New Password Algorithm for an NIS Domain
- specifying new password algorithm
- PROM security mode
- requiring for hardware accessHow to Require a Password for SPARC Hardware Access
- specifying algorithmHow to Specify an Algorithm for Password Encryption
- in naming servicesHow to Specify a New Password Algorithm for an NIS Domain
- in naming services
- using Blowfish in heterogeneous environmentConstraining Password Encryption Algorithms in a Heterogeneous
Environment
- using MD5 encryption algorithm forHow to Specify an Algorithm for Password Encryption
- using new algorithmHow to Specify an Algorithm for Password Encryption
- algorithms
- PATH environment variable
- and securitySetting the PATH Variable
- settingSetting the PATH Variable
- and security
- permissions
- ACLs andUsing Access Control Lists
- ACLs and
- physical security
- descriptionMaintaining Physical Security
- description
- PKCS #11
- Trusted Platform ModuleUsing Trusted Platform Module
- Trusted Platform Module
- pkcs11_tpm packageHow to Enable PKCS #11 Consumers to Use TPM as a Secure
Keystore
- policies
- on devicesHow to View Device Policy
- specifying password algorithmChanging the Default Algorithm for Password Encryption
- on devices
- policy
- verified bootPolicy for Verified Boot
- verified boot
- policy.conf file
- keywords for password algorithmsPassword Hashes Configuration
- specifying encryption algorithms inHow to Specify an Algorithm for Password Encryption
- specifying password algorithm
- in naming servicesHow to Specify a New Password Algorithm for an NIS Domain
- in naming services
- specifying password algorithmsHow to Specify an Algorithm for Password Encryption
- keywords for password algorithms
- pound sign (#)
- device_allocate filedevice_allocate File
- device_maps fileSample device_maps Entry
- device_allocate file
- pre-boot environment
- verified bootVerified Boot and ELF Signatures
- verified boot
- privileged ports
- alternative to Secure RPCAuthentication Services for Remote Access
- alternative to Secure RPC
- process heaps
- protecting against attackProtecting the Process Heap and Executable Stacks From Compromise
- protecting against attack
- PROM security modeControlling Access to System Hardware
- protecting
- 32-bit executables from compromising securityProtecting the Process Heap and Executable Stacks From Compromise
- BIOS, pointer toHow to Require a Password for SPARC Hardware Access
- 32-bit executables from compromising security
- providers
R
- redirection
- preventingAssigning a Restricted Shell to Users
- preventing
- rem_drv command
- descriptionDevice Management Commands
- description
- remote logins
- authenticationAuthentication and Authorization for Remote Access
- authorizationAuthentication and Authorization for Remote Access
- preventing root accessHow to Restrict and Monitor root Logins
- securityRemote Logins
- authentication
- removable media
- allocatingAllocating a USB Flash Drive
- allocating
- restoring
- TPM data and keysMigrating or Restoring TPM Data and Keys
- TPM data and keys
- restricted shell (rsh)Assigning a Restricted Shell to Users
- restricting
- remote root accessHow to Restrict and Monitor root Logins
- root accessMonitoring and Restricting root Access
- remote root access
- rights profiles
- Device ManagementDevice Allocation Rights Profiles
- using the System Administrator profileHow to Require a Password for SPARC Hardware Access
- Device Management
- roles
- using to access the hardwareHow to Require a Password for SPARC Hardware Access
- using to access the hardware
- root access
- monitoring and restrictingMonitoring and Restricting root Access
- monitoring attemptsHow to Restrict and Monitor root Logins
- troubleshooting remoteLogging root Access Attempts
- monitoring and restricting
- root account
- descriptionSpecial System Accounts
- description
- root user
- displaying access attempts on consoleHow to Restrict and Monitor root Logins
- monitoring su command attempts
- restricting accessRestricting root Access to Shared Files
- restricting remote access
- tracking loginsLimiting and Monitoring Superuser Access
- displaying access attempts on console
- rsh command (restricted shell)Assigning a Restricted Shell to Users
S
- scanning for viruses Seevirus scanning
- scripts for cleaning devices Seedevice-clean scripts
- SCSI devices
- st_clean scriptdevice_allocate File
- st_clean script
- Secure by Default installation optionUsing the Secure by Default Configuration
- Secure RPC
- alternativeAuthentication Services for Remote Access
- alternative
- securing
- network at installationUsing the Secure by Default Configuration
- network at installation
- security
- device controlControlling Access to Devices
- installation optionsUsing the Secure by Default Configuration
- netservices limited installation optionUsing the Secure by Default Configuration
- password encryptionPassword Encryption
- preventing remote loginHow to Restrict and Monitor root Logins
- protecting against denial of serviceUsing Resource Management Features
- protecting against Trojan horseSetting the PATH Variable
- protecting devicesDevice-Clean Scripts
- protecting hardwareControlling Access to System Hardware
- protecting PROMControlling Access to System Hardware
- Secure by DefaultUsing the Secure by Default Configuration
- system hardwareControlling Access to System Hardware
- device control
- security attributes
- using to mount allocated deviceHow to Authorize Users to Allocate a Device
- using to mount allocated device
- security extensions
- nxstack
- protecting heaps and stacksProtecting the Process Heap and Executable Stacks From Compromise
- randomizing address space layoutRandomizing the Layout of the Address Space
- Security Extensions Framework Seesecurity extensions
- Service Management Facility (SMF) SeeSMF
- setuid permissions
- security risksRestricting setuid Executable Files
- security risks
- SHA-2 algorithmsPassword Hashing Algorithms
- sharing files
- and network securitySharing Files Across Systems
- and network security
- SMF
- device allocation serviceDevice Allocation Service
- managing Secure by Default configurationUsing the Secure by Default Configuration
- device allocation service
- solaris.device.revoke authorizationAuthorizations for the Allocation Commands
- SPARC systems
- verified bootUsing Verified Boot
- verified boot
- st_clean script
- standard cleanup
- st_clean scriptWriting New Device-Clean Scripts
- st_clean script
- starting
- device allocationEnabling or Disabled Device Allocation
- device allocation
- su command
- displaying access attempts on consoleHow to Restrict and Monitor root Logins
- monitoring useHow to Monitor Who Is Using the su Command
- displaying access attempts on console
- su file
- monitoring su commandHow to Monitor Who Is Using the su Command
- monitoring su command
- Sun MD5 algorithmPassword Hashing Algorithms
- superuser Seeroot role
- svc:/system/device/allocate
- device allocation serviceDevice Allocation Service
- device allocation service
- sxadm command
- command overviewPreventing Intentional Misuse of System Resources
- managing security extensionsHow to Prevent the Execution of Malicious Code From the Process
Stack and Process Heap
- command overview
- system accounts
- protectingSpecial System Accounts
- protecting
- System Administrator rights
- protecting hardwareHow to Require a Password for SPARC Hardware Access
- protecting hardware
- system calls
- ioctl to clean audio deviceDevice-Clean Script for Audio
- ioctl to clean audio device
- system hardware
- controlling access toControlling Access to System Hardware
- controlling access to
- system security
- computer system accessMaintaining Physical Security
- displaying
- user's login status
- users with no passwordsHow to Display Users Without Passwords
- firewall systemsFirewall Systems
- hardware protection
- login access restrictionsControlling Logins
- password encryptionPassword Encryption
- passwordsManaging Password Information
- restricting remote root accessHow to Restrict and Monitor root Logins
- role-based access control (RBAC)Configuring Role-Based Access Control to Replace Superuser
- root access restrictions
- special accountsSpecial System Accounts
- su command monitoring
- computer system access
- system variables See Alsovariables
- CRYPT_DEFAULTHow to Specify an Algorithm for Password Encryption
- KEYBOARD_ABORTHow to Disable a System's Abort Sequence
- CRYPT_DEFAULT
T
- task maps
- configuring device policyConfiguring Device Policy Task Map
- device allocationManaging Device Allocation Task Map
- device policyConfiguring Device Policy Task Map
- managing device allocationManaging Device Allocation Task Map
- managing device policyConfiguring Device Policy Task Map
- securing logins and passwordsSecuring Logins and Passwords Task Map
- configuring device policy
- tcsd daemonMonitoring TPM Status
- Trusted Platform ModuleUsing Trusted Platform Module
- Trusted Platform Module
- TPM SeeTrusted Platform Module
- tpmadm command
- checking TPM status
- initializing TPMHow to Initialize TPM Using BIOS
- reinitializing TPMHow to Initialize TPM Using the Oracle ILOM Interface
- Trusted Platform ModuleUsing Trusted Platform Module
- Trojan horseSetting the PATH Variable
- troubleshooting
- allocating a deviceAllocating a USB Flash Drive
- executable stack protectionHow to Prevent the Execution of Malicious Code From the Process
Stack and Process Heap
- list_devices commandViewing Allocation Information About a Device
- mounting a deviceAllocating a CD-ROM Drive
- preventing programs from using executable stacksHow to Prevent the Execution of Malicious Code From the Process
Stack and Process Heap
- remote root accessLogging root Access Attempts
- terminal where su command originatedHow to Monitor Who Is Using the su Command
- Trusted Platform ModuleTroubleshooting TPM
- allocating a device
- TrouSerS package SeeTrusted Platform Module, TSS package
- Trusted Computing Group Software Stack
- Trusted Platform ModuleUsing Trusted Platform Module
- Trusted Platform Module
- trusted hostsFirewall Systems
- Trusted Platform Module
- backing up TPM data and keys
- SPARC based systemsHow to Back Up TPM Data and Keys
- SPARC based systems
- components in Oracle SolarisUsing Trusted Platform Module
- enabling TPM failoverTPM Failover Option
- initializing
- x86 based systemsHow to Initialize TPM Using BIOS
- x86 based systems
- initializing and backing upInitializing and Backing Up TPM on Oracle Solaris Systems
- SPARC based systemsHow to Initialize TPM Using the Oracle ILOM Interface
- SPARC based systems
- migrating or restoring TPM data and keysMigrating or Restoring TPM Data and Keys
- monitoring statusMonitoring TPM Status
- owner ofUsing Trusted Platform Module
- TPM packages in Oracle Solaris
- troubleshootingTroubleshooting TPM
- backing up TPM data and keys
U
- /usr/lib/security/$ISA/pkcs11_tpm.soHow to Enable PKCS #11 Consumers to Use TPM as a Secure
Keystore
- umount command
- with security attributesHow to Authorize Users to Allocate a Device
- with security attributes
- unmounting
- allocated devicesDeallocating a CD-ROM Drive
- allocated devices
- update_drv command
- descriptionDevice Management Commands
- description
- upgrading
- firmware for verified bootFirmware Upgrade for Verified Boot
- firmware for verified boot
- USB ports
- preventing accessUsing ILOM to Prevent Access to USB Ports
- preventing access
- user accounts See Alsousers
- displaying login status
- user ID numbers (UIDs)
- special accounts andSpecial System Accounts
- special accounts and
- user procedures
- allocating devicesManaging Device Allocation
- allocating devices
- users
- allocating devicesHow to Allocate a Device
- assigning allocate authorization toHow to Authorize Users to Allocate a Device
- deallocating devicesHow to Deallocate a Device
- disabling loginHow to Temporarily Disable User Logins
- displaying login statusHow to Display the User's Login Status
- having no passwordsHow to Display Users Without Passwords
- mounting allocated devicesHow to Mount an Allocated Device
- unmounting allocated devicesDeallocating a CD-ROM Drive
- allocating devices
V
- /var/adm/sulog file
- monitoring contents ofHow to Monitor Who Is Using the su Command
- monitoring contents of
- variables
- CRYPT_DEFAULT system variablePassword Hashes Configuration
- KEYBOARD_ABORT system variableHow to Disable a System's Abort Sequence
- noexec_user_stack* deprecatednxstack and
noexec_user_stack Compatibility
- PATH environment variableSetting the PATH Variable
- CRYPT_DEFAULT system variable
- verified boot
- boot_policyControlling Access to Boot Processes
- certificate sourcesPublic Key Certificates for Verified Boot
- configuration propertiesPolicy for Verified Boot
- ELF signaturesVerified Boot and ELF Signatures
- enablingUsing Verified Boot
- firmware upgradeFirmware Upgrade for Verified Boot
- manual certificate verificationManually Verifying a Kernel Module's Signature
- Oracle ILOM andVerified Boot and ELF Signatures
- Oracle ILOM and SPARCUsing Verified Boot
- policyPolicy for Verified Boot
- SPARC and x86 systemsUsing Verified Boot
- SPARC systems with Oracle ILOMUsing Verified Boot
- verification sequenceVerification Sequence During System Boot
- verified boot certificatePolicy for Verified Boot
- boot_policy
- verifying
- verified boot certificates manuallyManually Verifying a Kernel Module's Signature
- verified boot certificates manually
- viewing
- device allocation informationViewing Allocation Information About a Device
- device policyHow to View Device Policy
- user's login statusHow to Display the User's Login Status
- users with no passwordsHow to Display Users Without Passwords
- device allocation information
- virus scanning
- configuringUsing the vscan Service
- describedAbout the vscan Service
- filesAbout Virus Scanning
- serviceUsing the vscan Service
- configuring
- virus-scan packageHow to Install Virus Scanning Software
- viruses
- denial of service attackUsing Resource Management Features
- Trojan horseSetting the PATH Variable
- denial of service attack
- vscan serviceUsing the vscan Service
X
- x86 systems
- verified bootUsing Verified Boot
- verified boot
Z
- zones
- devices andControlling Access to Devices
- kernel and verified bootUsing Verified Boot
- devices and