Index
Symbols
-
; (semicolon)
- device_allocate file 4.4.2.7
-
/dev/arp device
- getting IP MIB-II information 4.1.3
- /etc/certs/elfsign/ORCLS11SE file 2.1.4
-
/etc/certs/elfsign directory
- verified boot 2.1.2
- /etc/default/kbd file 3.4.2
-
/etc/default/login
file
- restricting remote root access 3.3.2
-
/etc/default/passwd file
- changes to 1.2.4.2
- /etc/default/su file
- /etc/issue file 3.1.1
- /etc/logindevperm file 1.2.4.5
- /etc/motd file 3.1.1
-
/etc/nologin file
- disabling user logins temporarily 3.1.4
- /etc/security/device_allocate file 4.4.2.7
- /etc/security/device_maps file 4.4.2.6
- /etc/security/policy.conf file
- /usr/lib/security/$ISA/pkcs11_tpm.so 2.2.1.5
-
/var/adm/sulog file
- monitoring contents of 3.3.1
-
- (minus sign)
- sulog file 3.3.1
-
@ (at sign)
- device_allocate file 4.4.2.7
-
* (asterisk)
- device_allocate file 4.4.2.7
- \ (backslash)
- # (pound sign)
-
+ (plus sign)
- sulog file 3.3.1
- > (redirect output)
- preventing 1.3.5.2
- >> (append output)
- preventing 1.3.5.2
A
- access
- address space 2.4.1
- restricting for
- root access
- security
- ACLs 1.4.2
- controlling system usage 1.3
- devices 4.1
- file access restriction 1.3.5.3
- firewall setup 1.6.3
- login access restrictions 1.2.4
- login control 1.2.4
- monitoring system usage 1.3.9, 1.4.6
- network control 1.6
- PATH variable setting 1.3.5.1
- peripheral devices 1.5
- physical security 1.2.1
- protecting system integrity 2
- reporting problems 1.7
- root login tracking 1.3.3
- setuid programs 1.3.6
- system hardware 3.4
- sharing files 1.4.3
-
account-policy SMF stencil
- algorithms configuration 2.2.1.1, 2.2.2.3.1, 2.4.3.1, 3.2.1, 3.2.2, 3.2.3, 3.3.1, 3.3.2, 2.2.1.2, 2.2.1.3, 2.2.1.4
- attributes for password algorithms 1.2.4.2.3
- changing on all systems 3.2.2
- changing password configuration 1.2.4.2.3
- changing SMF properties 3.3.1, 3.3.2
- for password algorithms 1.2.4.2.2
- specifying password algorithms 2.2.1.1, 2.2.2.3.1, 2.4.3.1, 3.2.1, 3.2.2, 3.2.3, 3.3.1, 3.3.2, 2.2.1.2, 2.2.1.3, 2.2.1.4
- system-wide changes 1.2.4.2
- ACL description 1.4.2
-
add_drv command
- description 4.4.1
- adding
- address space
- random layout 2.4.1
- adiheap security extension 2.4.4
- adistack security extension 2.4.5
- administering
- Administrator Message Edit rights profile 3.1.1
- algorithms
- allocate command
- allocate error state 4.4.2.5
- allocating devices
- antivirus software 5
- appending arrow (>>)
- preventing appending 1.3.5.2
- aslr security extension 2.4.1
- asterisk (*)
- device_allocate file 4.4.2.7
- at sign (@)
- device_allocate file 4.4.2.7
- audio devices
- security 4.4.2.8.3
- auditing
- authentication
- authorizations
C
- CD-ROM drives
- certificates
- changing
- commands 3
- compliance
- monitoring
- monitoring system usage 1.3.10
- monitoring
- components
- device allocation mechanism 4.4.2.1
- computer security 3
- computer system security 3
- configuration decisions
- password algorithm 1.2.4.2.1
- configuration files
- configuring
- console
- displaying su command attempts 3.3.2
- controlling
- system usage 1.3
- control lists 1.3.5.3
- creating
- new device-clean scripts 4.4.2.8.4
- crypt_bsdbf password algorithm 1.2.4.2.2
- crypt_bsdmd5 password algorithm 1.2.4.2.2
- CRYPT_DEFAULT system variable 3.2.1
- crypt_sha256 password algorithm 1.2.4.2.2, 3.2
- crypt_sunmd5 password algorithm 1.2.4.2.2
- crypt_unix password algorithm 1.2.4.2.2
-
crypt command
- file security 1.4.1
D
- data
- migrating or restoring TPM 2.2.2.3
- deallocate command
- deallocating
- defaults
- system-wide in account-policy SMF stencil 1.2.4.2.2
- desktop login
- security messages 3.1.1
-
devfsadm command
- description 4.4.1
- device_allocate file
- device_maps file 4.4.2.6
- device allocation
- adding devices 4.2
- allocatable devices 4.4.2.7
- allocate error state 4.4.2.5
- allocating devices 4.3.1
- auditing 4.2.6
- authorizations 4.4.2.3
- authorizations for commands 4.4.2.4.1
- authorizing users to allocate 4.2.2.1
- changing allocatable devices 4.2.5
- commands 4.4.2.4
- components of mechanism 4.4.2.1
- configuration file 4.4.2.6
- deallocate command
- deallocating devices 4.3.3
- device_allocate file 4.4.2.7
- device_maps file 4.4.2.6
- device-clean scripts
- disabling 4.2.1
- enabling 4.2.1
- examples 4.3.1
- forcibly allocating devices 4.2.4
- forcibly deallocating devices 4.2.4
- making device allocatable 4.2.1
- managing devices 4.2
- mounting devices 4.3.2
- not requiring authorization 4.2.5
- preventing 4.2.5
- requiring authorization 4.2.5
- rights profiles 4.4.2.3
- SMF service 4.4.2.2
- task map 4.2
- troubleshooting 4.3.1, 4.3.2
- troubleshooting permissions 4.2.3
- unmounting allocated device 4.3.3
- user procedures 4.2
- using 4.2
- using allocate command 4.3.1
- viewing information 4.2.3
- device-allocation package 4.2
- device-clean scripts
- device management 4.1
- Device Management rights profile 4.4.2.3
- device policy
- devices
- allocating for use 4.2
- allocation 4.1
- auditing allocation of 4.2.6
- auditing policy changes 4.1.2
- authorizing users to allocate 4.2.2.1
- changing which are allocatable 4.2.5
- deallocating 4.3.3
- forcibly allocating 4.2.4
- forcibly deallocating 4.2.4
- getting IP MIB-II information 4.1.3
- listing 4.1.1
- listing device names 4.2.3
- login access control 1.5
- making allocatable 4.2.1
- managing 4.1
- managing allocation of 4.2
- mounting allocated devices 4.3.2
- not requiring authorization for use 4.2.5
- policy commands 4.4.1
- preventing use of all 4.2.5
- preventing use of some 4.2.5
- protecting by device allocation 1.5
- protecting in the kernel 1.5
- security 1.5
- unmounting allocated device 4.3.3
- viewing allocation information 4.2.3
- viewing device policy 4.1.1
- zones and 1.5
- Device Security rights profile 4.2.1, 4.4.2.3
- disabling
- displaying
- dminfo command 4.4.2.6
E
I
L
- L1DF security extension 2.5.2
- labeling file systems 1.4.5
- layout of address space
- load-time randomization 2.4.1
- LDAP naming service
- ld -z sx=adistack linker option 2.4.5
- ld -z sx= linker options 2.4.8
- linker options
-
list_devices command
- authorizations required 4.4.2.4.1
- listing
- load-time randomization
- address space layout 2.4.1
- log files
- logging in
- login access restrictions
- svc:/system/name-service/switch:default 1.2.4
-
login file
- restricting remote root access 3.3.2
- logins command
M
- managing 1.2
- man pages
- device allocation 4.4.2.4
- MD_CLEAR security extension 2.5.2
- MD5 encryption algorithm
- MDS_NO security extension 2.5.2
- media
- device-clean scripts 4.4.2.8
- messages file
- microphone
- deallocating 4.3.3
- migrating
- TPM data and keys 2.2.2.3
- minimum microcode version
- Intel Xeon CPU 2.5.2
- mitigating platform vulnerabilities
- modules
- password hashes 1.2.4.2.1
- monitoring
-
mount command
- with security attributes 4.2.2.1
- mounting
- mt command 4.4.2.8.1
N
- names
- naming conventions
- devices 4.2.3
- naming service configuration
- login access restrictions 1.2.4
- naming services 1.2
- netservices limited installation option 1.3.1
- network security
- NIS naming service
- nobody user 1.4.4
-
noexec_user_stack
- compatibility with nxstack 2.4.3
- noexec_user_stack replacement 2.4.2
- nxheap
- nxstack
P
- packages
- packet transfers
-
passwd command
- and naming services 1.2.4.1.2
-
password/crypt/algorithms_allow attribute
- account-policy SMF stencil 1.2.4.2.3
-
password/crypt/algorithms_deprecate attribute
- account-policy SMF stencil 1.2.4.2.3
-
password/crypt/default attribute
- account-policy SMF stencil 1.2.4.2.3
- passwords
- algorithms 1.2.4.2.2
- changing with passwd -r command 1.2.4.1.2
- constraining encryption algorithms in heterogeneous environment 3.2.1
- displaying users with no passwords 3.1.3
- encryption algorithms 1.2.4.2.1
- finding users with no passwords 3.1.3
- hardware access and 3.4.1
- LDAP 1.2.4.1.3
- specifying new password algorithm 3.2.3
- local 1.2.4.1.1
- login security 1.2.4, 1.2.4.1
- NIS 1.2.4.1.2
- specifying new password algorithm 3.2.2
- parameter changes 1.2.4.2
- PROM security mode 1.2.1, 3.4
- requiring for hardware access 3.4.1
- specifying algorithm 2.2.1.1, 2.2.2.3.1, 2.4.3.1, 3.2.1, 3.2.2, 3.2.3, 3.3.1, 3.3.2, 2.2.1.2, 2.2.1.3, 2.2.1.4
- task map 3.1
- using Blowfish in heterogeneous environment 3.2.1
- using new algorithm 3.2.1
- PATH environment variable
- permissions
- ACLs and 1.4.2
- physical security
- description 1.2.1
- PKCS #11
- Trusted Platform Module 2.2
- pkcs11_tpm package 2.2.1.5
- platforms
- security extensions for 2.5
- policies
- policy
- verified boot 2.1.4
- policy.conf
- policy.conf file
- pound sign (#)
- pre-boot environment
- verified boot 2.1.2
- privileged ports
- alternative to Secure RPC 1.6.2
- process heaps
- protecting against attack 2.4.2
- PROM security mode 3.4
- protecting
- providers
- pkcs11_tpm.so 2.2.1.5
R
- RDCL_NO security extension 2.5.2
- redirection
- preventing 1.3.5.2
-
rem_drv command
- description 4.4.1
- remote logins
- removable media
- allocating 4.3.1
- restoring
- TPM data and keys 2.2.2.3
- restricted shell (rsh) 1.3.5.2
- restricting
- rights profiles
- roles
- using to access the hardware 3.4.1
- root access
-
root account
- description 1.2.4.3
- root user
- RSBS security extension 2.5.2
- rsh command (restricted shell) 1.3.5.2
S
- scanning for viruses 5
- scripts for cleaning devices 4.4.2.8
- SCSI devices
- st_clean script 4.4.2.7
- Secure by Default installation option 1.3.1
- securing
- security
- device control 4
- devices 1.5
- extensions 2.4
- installation options 1.3.1
- messages in banner files 3.1.1
- netservices limited installation option 1.3.1
- password hashes 1.2.4.2.1
- preventing remote login 3.3.2
- protecting against denial of service 1.3.7
- protecting against Trojan horse 1.3.5.1
- protecting devices 4.4.2.8
- protecting hardware 3.4
- protecting PROM 3.4
- Secure by Default 1.3.1
- system hardware 3.4
- systems 1
- security attributes
- using to mount allocated device 4.2.2.1
- security extensions
- adiheap 2.4.4
- adistack 2.4.5
- aslr 2.4.1
- compiling application with 2.4.8
- enabling inheritance 2.4.7
- framework 1.3.2
- HW_BTI 2.5.1
- IBPB 2.5.2
- IBRS 2.5.2
- IF_PSCHANGE_MC_NO 2.5.2
- KADI 2.4.6
- KPTI 2.5.2
- L1DF 2.5.2
- linker options 2.4.5, 2.4.8
- MD_CLEAR 2.5.2
- MDS_NO 2.5.2
- nxheap 2.4.3.1
- nxstack 2.4.2, 2.4.3.1
- per object 2.4.8
- platforms, for 2.5
- preventing heap corruption 2.4.4
- protecting ADI-based stacks 2.4.5
- protecting against speculative execution vulnerabilities 2.5
- protecting heaps and stacks 2.4.2
- randomizing address space layout 2.4.1
- RDCL_NO 2.5.2
- RSBS 2.5.2
- SMAP 2.5.2
- SPARC specific 2.5.1
- SSBD 2.5.1, 2.5.2
- status flags 2.4
- TAA_NO 2.5.2
- TSX_DISABLE 2.5.2
- x86 specific 2.5.2
- Security Extensions Framework 1.3.2
- security messages
- Service Management Facility (SMF) 1
-
setuid permissions
- security risks 1.3.6
- SHA-2 algorithms 1.2.4.2.2
- sharing files
- and network security 1.4.3
- SMAP security extension 2.5.2
- SMF
- SMF stencils
- account-policy 1.2.4.2.2
- solaris.device.revoke authorization 4.4.2.4.1
- SPARC systems
- speculative execution vulnerabilities, mitigated 2.5
- SSBD SPARC security extension 2.5.1
- SSBD x86 security extension 2.5.2
- st_clean script 4.4.2.7, 4.4.2.8.1
- standard cleanup
- st_clean script 4.4.2.8.4
- starting
- device allocation 4.2.1
- su command
-
su file
- monitoring su command 3.3.1
- sulog file 3.3.1
- Sun MD5 algorithm 1.2.4.2.2
- superuser 1
-
svc:/system/device/allocate
- device allocation service 4.4.2.2
- sxadm command
- system accounts
- protecting 1.2.4.3
- System Administrator rights
- protecting hardware 3.4.1
- system calls
- ioctl to clean audio device 4.4.2.8.3
- system hardware
- controlling access to 3.4
- system security
- access 1
- computer system access 1.2.1
- displaying
- firewall systems 1.6.3
- hardware protection 1.2.1, 3.4
- login access restrictions 1.2.4
- overview 1, 1.2
- password hashes 1.2.4.2.1
- passwords 1.2.4.1
- restricted shell 1.3.5.2
- restricting remote root access 3.3.2
- role-based access control (RBAC) 1.3.4
- root access restrictions 1.4.4, 3.3.2
- special accounts 1.2.4.3
- su command monitoring 1.3.3, 3.3.1
- system variables 1.2
T
- TAA_NO security extension 2.5.2
- task maps
-
tcsd daemon
2.2.2.1
- Trusted Platform Module 2.2
- TPM 2
- tpmadm command
- Trojan horse 1.3.5.1
- troubleshooting
- TrouSerS package 2.2.2.1
- Trusted Computing Group Software Stack
- Trusted Platform Module 2.2
- trusted hosts 1.6.3
- Trusted Platform Module
- backing up TPM data and keys
- SPARC based systems 2.2.1.3
- components in Oracle Solaris 2.2
- enabling TPM failover 2.2.2.2
- initializing
- x86 based systems 2.2.1.4
- initializing and backing up 2.2.1
- SPARC based systems 2.2.1.2
- migrating or restoring TPM data and keys 2.2.2.3
- monitoring status 2.2.2.1
- owner of 2.2
- PKCS #11 users 2.2.1.5
- TPM packages in Oracle Solaris 2.2.1, 2.2.2.1
- troubleshooting 2.2.2
- backing up TPM data and keys
- TSX_DISABLE security extension 2.5.2
U
-
umount command
- with security attributes 4.2.2.1
- unmounting
- allocated devices 4.3.3
-
update_drv command
- description 4.4.1
- upgrading
- firmware for verified boot 2.1.1
- USB ports
- preventing access 2.3
- user accounts 1.2
- displaying login status 3.1.2
- user ID numbers (UIDs)
- special accounts and 1.2.4.3
- user procedures
- allocating devices 4.2
- users
V
- variables
- verified boot
- boot_policy 1.2.2
- certificate sources 2.1.5
- configuration properties 2.1.4
- ELF signatures 2.1.2
- enabling 2.1
- firmware upgrade 2.1.1
- manual certificate verification 2.1.5
- Oracle ILOM and 2.1.2
- Oracle ILOM and SPARC 2.1
- policy 2.1.4
- SPARC and x86 systems 2.1
- SPARC systems with Oracle ILOM 2.1
- verification sequence 2.1.3
- verified boot certificate 2.1.4
- verifying
- verified boot certificates manually 2.1.5
- viewing
- viruses
- virus scanning
- virus-scan package 5.3