Sun and OracleChannel SunHow to BuyLog InEnglish

Security, Performance, and Accounting Administration
  Search only this book
Search Help
Contained Within
Find More Documentation
Featured Support Resources
 Download this book in PDF

............................Contents


Preface 		xvii

Part 1--Security

1. Introduction to Security Administration 		1
...Overview of Security Administration 1
......Granting Access to a Computer System 2
......Reporting Security Problems 5

2. Securing System Access 		7
...About Restricting Access to Your System 8
......Restricting Login Access 8
......Passwords 8
......Password Databases 9
......Password Aging 10
......Password Protection Using Dial-Up Passwords 11
......Restricted Shell 13
......Restricting Root Access 14
......Maintaining a Log of Unsuccessful Login Attempts 15
......Special Logins 15
...Instructions for Securing and Controlling System Access 16
......· How to Change, Lock, or Show Status of Passwords 16
......· How to Enable and Disable Password Aging 18
......· How to Force a User to Enter a New Password 18
......· How to Display Login Information 19
......· How to Enable Login Logging 20
......· How to Set Up Automatic Account Expiration 20
......· How to Disable and Re-Enable Inactive Accounts 21
......· How to Create a Dial-Up Password 22
......· How to Monitor and Control su Use 23

3. Securing Files and Data 		25
...About File Access 26
......Viewing Permissions 28
......Changing Permissions With chmod 28
......Special Permissions (setuid, setgid and Sticky Bit) 31
......Setting a Default umask 33
......Encrypting Files 34
...Instructions for Securing Your Files 35
......· How to Display File Permissions and Ownership 35
......· How to Find Files With setuid Permissions Set 36
......· How to Create a Group for Users 37
......· How to Change the Owner of a File or Directory 38
......· How to Change the Group of a File 38
......· How to Set Permissions in Absolute Mode 38
......· How to Change Permissions in Symbolic Mode 39

4. Securing the Network 		41
...About Network Security 42
......Protecting the Network With Firewall Machines 42
......Remote Logins 43
......NFS Distributed Computing File System 46
......Secure RPC 46
......DES Encryption 46
......Alternative to Secure RPC 48
......Access Control 48
......Administration Tool 49
......Security Levels 52
......Name Service Information 53
......Creating a Security Policy for Administration Tool 55
......ttyhstmgr Security 57
...Instructions for Administering Network Security 58
......· How to Search for and Remove .rhosts Files 58
......· How to Set Up NIS+ Security for a User or a Client 58
......· How to Set Up an NIS+ Client to Use DES Security 61
......· How to Share and Mount Files With DES Authentication 62
......· How to Share and Mount Files With Kerberos
........Authentication 62
......· How to Acquire a Kerberos Ticket for Root on a Client 63
......· How to Log In to Kerberos Service 64
......· How to List Kerberos Tickets 64
......· How to Access a Directory With Kerberos Authentication 65
......· How to Destroy a Kerberos Ticket 66
......· How to Set Up Security for Administration Tool 66
......· How to Set Up DES Authentication for Administration Tool
........67
...Reference Material for Administering Network Security 69
......Implementation of Secure RPC 69
......Implementation of Kerberos Authentication 71

5. Monitoring and Controlling Security Using ASET 		73
...About ASET 74
......ASET Security Levels 75
......ASET Tasks 75
......ASET Reports 78
......ASET Files 82
......Configuring ASET 84
......Restoring System Files Modified by ASET 87
......Network Operation Using the NFS System 88
......· How to Run ASET Interactively 89
......· How to Use Environment Variables to Set Options 91
......· How to Set Up ASET to Run Periodically 91
......· How to Manage the ASET Reports 93
......· How to Collect Reports on a Server 93
...Reference Material for Using ASET 95
......Environment Variables 95
......ASET File Examples 98

Part 2--Performance and Accounting

6. Introduction to Performance 		103
...About Performance 103
......Managing System Resources 104
......Monitoring Tools 108
......Kernel Parameters 109
......Sources of Information 110

7. Managing Processes 		111
...Process Terminology 112
...About Monitoring Processes 113
......The ps Command 113
...Process Priority Levels 116
......Changing the Scheduling Priority of Processes With priocntl
........117
......Changing the Priority of a Timesharing Process With nice 118
...Killing a Process 118
...Instructions for Managing Processes 120
......· How to Get Basic Information About Process Classes . 120
......· How to Designate Priority With priocntl 121
......· How to Change the Class of a Process 123
......· How to Change the Priority of a Process with the nice
........Command 123

8. Monitoring Performance 		125
...About Monitoring Performance 126
......The sar Command 126
......The vmstat Command 127
......The iostat Command 130
......The df Command 131
......The profil Command 132
......Performance Meter 132
......Automatic Collection of System Activity Data 133
......Collecting System Activity Data With sar 135
......Checking File Access With sar -a 137
......Checking Buffer Activity with sar -b 138
......Checking System Calls With sar -c 139
......Checking Disk Activity With sar -d 140
......Checking Page-out and Memory With sar -g 142
......Checking Kernel Memory Allocation With sar -k 143
......Checking Interprocess Communication With sar -m 145
......Checking Page-in Activity With sar -p 146
......Checking Queue Activity With sar -q 148
......Checking Unused Memory With sar -r 149
......Checking CPU Utilization With sar -u 150
......Checking System Table Status With sar -v 151
......Checking Swap Activity With sar -w 152
......Checking Terminal Activity with sar -y 153
......Checking Overall System Performance With sar -A 153
...Instructions for Monitoring Performance 154
......· How to Set Up Automatic Data Collection 154
......· How to Display Statistics With vmstat 155
......· How to Display I/O Statistics With iostat 155
...Reference Material for Monitoring Performance 156

9. A Guide to Network Performance 		157
...ping Command 157
...spray Command 158
...snoop Command 159
...netstat Command 159
...nfsstat Command 161

10. Setting Up and Maintaining Accounting 		165
...Overview of Accounting 165
......Types of Accounting 166
......Accounting Programs 168
...Setting Up Accounting 168
...Daily Accounting 170
...runacct Program 172
......Re-entrant States of the runacct Script 172
......runacct Error Messages 174
......Files Produced by runacct 174
...Fixing Corrupted Files 175
......Fixing wtmp Errors 175
......· How to Fix Errors 176
......Fixing tacct Errors 176
......· How to Fix tacct Errors 176
...Restarting runacct 177
...Billing Users 177
......Setting Up Non-Prime Time Discounts 178
...Daily Accounting Reports 179
......Daily Report 180
......Daily Usage Report 181
......Daily Command Summary 182
......Total Command Summary 185
......Last Login Report 186
...Looking at the pacct File With acctcom 187
...Accounting Files 188
...Quick Reference to Accounting 191

A. Tuning Kernel Parameters 		193
......· How to List the Kernel Parameters 193
......· How to Change the Value of a Parameter 194
...Buffer Cache Parameters 194
...UFS File System Parameters 195
...STREAMS Parameters 195
...Interprocess Communication (IPC) Parameters 196
......· How to Tune the Message Queue Parameters 197
...TPI Loopback Pseudo-Driver Parameters 198
......· How to Tune the TPI Loopback Pseudo-Driver Parameters
........198
...Miscellaneous Parameters 199

B. The Scheduler 		201
...About the Scheduler 202
...Scheduler Class Policies 202
......Timesharing Class Policies 203
......System Class Policies 204
......Real-Time Class Policies 204
...Scheduler Configuration 205
......Default Global Priorities 206
......Tunable Parameters 207
......Scheduler Parameter Tables 209
......Kernel-Mode Parameter Table 214

C. Error Messages 		215
... Accounting Error Messages 215
...ASET Error Messages 217

Index 		221