Skip to Content
Sun and Oracle
Channel Sun
How to Buy
Log In
English
docs.sun.com Home
>
Solaris 9 9/04 System Administrator Collection
> System Administration Guide: Security Services
System Administration Guide: Security Services
Search only this book
Search Help
Contained Within
Solaris 9 9/04 System Administrator Collection
Solaris 9 4/04 System Administrator Collection
Solaris 9 8/03 System Administrator Collection
Solaris 9 12/03 System Administrator Collection
Find More Documentation
Browse Documentation Titles
Browse Product Documentation
Featured Support Resources
Sun Training Courses
BigAdmin System Admininstration Portal
Sun Support Center
Sun Solve
Download this book in PDF (2441 KB)
System Administration Guide: Security Services
Index
Numbers and Symbols
A
B
C
D
E
F
G
H
I
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
Book Information
Preface
Who Should Use This Book
How the System Administration Volumes Are Organized
Related Books
Accessing Sun Documentation Online
Typographic Conventions
Shell Prompts in Command Examples
Part I Security Overview
1. Security Services (Overview)
Introduction to Security Services
Machine Security
Authentication Services
Secure Communication
Auditing and Device Management
Part II Managing System Security
2. Managing Machine Security (Overview)
Controlling Access to a Computer System
Controlling Access to Machine Resources
Controlling Access to Files
Controlling Network Access
Reporting Security Problems
3. Securing Machines (Tasks)
Securing Machines (Task Map)
Securing Logins and Passwords
How to Display a User's Login Status
How to Display Users Without Passwords
How to Temporarily Disable User Logins
How to Save Failed Login Attempts
How to Create a Dial-up Password
How to Temporarily Disable Dial-up Logins
Changing the Default Algorithm for Password Encryption
How to Specify an Algorithm for Password Encryption
How to Specify a New Password Algorithm for an NIS+ Domain
How to Specify a New Password Algorithm for an NIS Domain
How to Specify a New Password Algorithm for an LDAP Domain
How to Install a Password Encryption Module From a Third Party
Monitoring and Restricting Superuser
How to Monitor Who Is Using the su Command
How to Display Superuser (root) Access Attempts to the Console
How to Prevent Remote Login by Superuser (root)
Securing the Hardware
How to Require a Password for Hardware Access
How to Disable or Enable a System's Abort Sequence
4. Securing Files (Tasks)
File Security Features
Displaying File Information
How to Display File Information
Changing File Ownership
How to Change the Owner of a File
How to Change Group Ownership of a File
Changing File Permissions
How to Change Permissions in Absolute Mode
How to Change Special Permissions in Absolute Mode
How to Change Permissions in Symbolic Mode
Searching for Special Permissions
How to Find Files With setuid Permissions
Executable Stacks and Security
How to Disable Programs From Using Executable Stacks
How to Disable Executable Stack Message Logging
Using Access Control Lists (ACLs)
ACL Entries for Files
ACL Entries for Directories
How to Set an ACL on a File
How to Copy an ACL
How to Check If a File Has an ACL
How to Modify ACL Entries on a File
How to Delete ACL Entries From a File
How to Display ACL Entries for a File
5. Role-Based Access Control (Overview)
RBAC: Replacing the Superuser Model
Solaris RBAC Elements
Privileged Applications
RBAC Roles
RBAC Authorizations
RBAC Rights Profiles
Name Service Scope
6. Role-Based Access Control (Tasks)
Configuring RBAC (Task Map)
Planning for RBAC
First-Time Use of the User Tool Collection
Setting Up Initial Users
Setting Up Initial Roles
Making Root a Role
How to Make Root a Role
Managing RBAC Information (Task Map)
Using Privileged Applications
Creating Roles
Changing Role Properties
Creating or Changing a Rights Profile
Modifying a User's RBAC Properties
Securing Legacy Applications
7. Role-Based Access Control (Reference)
RBAC Elements: Reference Information
Databases That Support RBAC
RBAC Commands
8. Using the Automated Security Enhancement Tool (Tasks)
Automated Security Enhancement Tool (ASET)
Running ASET
How to Run ASET Interactively
How to Run ASET Periodically
How to Stop Running ASET Periodically
How to Collect ASET Reports on a Server
Troubleshooting ASET Problems
Part III Authentication Services and Secure Communication
9. Using Authentication Services (Tasks)
Overview of Secure RPC
Administering Diffie-Hellman Authentication
How to Restart the Keyserver
How to Set Up a root Key in NIS+ Credentials for Diffie-Hellman Authentication
How to Set Up a New User Key That Uses NIS+ Credentials for Diffie-Hellman Authentication
How to Set Up a root Key by Using NIS Credentials With Diffie-Hellman Authentication
How to Create a New User Key That Uses NIS Credentials With Diffie-Hellman Authentication
How to Share and Mount Files With Diffie-Hellman Authentication
10. Using PAM
PAM (Overview)
PAM (Tasks)
PAM (Task Map)
Planning for PAM
How to Add a PAM Module
How to Prevent Unauthorized Access From Remote Systems With PAM
How to Initiate PAM Error Reporting
PAM (Reference)
11. Using Solaris Secure Shell (Tasks)
Introduction to Solaris Secure Shell
Using Solaris Secure Shell (Task Map)
Using Solaris Secure Shell
How to Create a Public/Private Key Pair
How to Log In to Another Host With Solaris Secure Shell
How to Log In With No Password With the ssh-agent Command
How to Set Up the ssh-agent Command to Run Automatically
How to Use Solaris Secure Shell Port Forwarding
How to Copy Files With Solaris Secure Shell
How to Transfer Files Remotely With the sftp Command
How to Set Up Default Connections to Hosts Outside a Firewall
12. Solaris Secure Shell Administration (Reference)
A Typical Solaris Secure Shell Session
Configuring the Solaris Secure Shell
Maintaining Known Hosts on a Site-Wide Basis
Solaris Secure Shell Files
13. Introduction to SEAM
What Is SEAM?
How SEAM Works
SEAM Security Services
SEAM Releases
14. Planning for SEAM
Why Plan for SEAM?
Realms
Mapping Host Names Onto Realms
Client and Service Principal Names
Ports for the KDC and Admin Services
Slave KDCs
Database Propagation
Clock Synchronization
Online Help URL
15. Configuring SEAM (Tasks)
Configuring SEAM (Task Map)
Configuring KDC Servers
How to Configure a Master KDC
How to Configure a Slave KDC
Configuring Cross-Realm Authentication
How to Establish Hierarchical Cross-Realm Authentication
How to Establish Direct Cross-Realm Authentication
Configuring SEAM NFS Servers
How to Configure SEAM NFS Servers
How to Create a Credential Table
How to Add a Single Entry to the Credential Table
How to Set Up a Secure NFS Environment With Multiple Kerberos Security Modes
Configuring SEAM Clients
How to Configure a SEAM Client
Setting Up Root Authentication to Mount NFS File Systems
Synchronizing Clocks between KDCs and SEAM Clients
Swapping a Master KDC and a Slave KDC
How to Configure a Swappable Slave KDC
How to Swap a Master KDC and a Slave KDC
Administering the Kerberos Database
Backing Up and Propagating the Kerberos Database
How to Back Up the Kerberos Database
How to Restore the Kerberos Database
How to Manually Propagate the Kerberos Database to the Slave KDCs
Setting Up Parallel Propagation
How to Set Up Parallel Propagation
Administering the Stash File
How to Remove a Stash File
Increasing Security
How to Restrict Access to KDC Servers
16. SEAM Error Messages and Troubleshooting
SEAM Error Messages
SEAM Troubleshooting
17. Administering Principals and Policies (Tasks)
Ways to Administer Principals and Policies
SEAM Administration Tool
Command-Line Equivalents of the SEAM Tool
Files Modified by the SEAM Tool
Print and Online Help Features of the SEAM Tool
Working With Large Lists in the SEAM Tool
How to Start the SEAM Tool
Administering Principals
Administering Principals (Task Map)
Automating the Creation of New Principals
How to View the List of Principals
How to View a Principal's Attributes
How to Create a New Principal
How to Duplicate a Principal
How to Modify a Principal
How to Delete a Principal
How to Set Up Defaults for Creating New Principals
How to Modify the Kerberos Administration Privileges
Administering Policies
Administering Policies (Task Map)
How to View the List of Policies
How to View a Policy's Attributes
How to Create a New Policy
How to Duplicate a Policy
How to Modify a Policy
How to Delete a Policy
SEAM Tool Reference
Administering Keytab Files
Administering Keytabs Task Map
How to Add a Service Principal to a Keytab File
How to Remove a Service Principal From a Keytab File
How to Display the Keylist (Principals) in a Keytab File
How to Temporarily Disable Authentication for a Service on a Host
18. Using SEAM (Tasks)
Ticket Management
Password Management
19. SEAM (Reference)
SEAM Files
SEAM Commands
SEAM Daemons
SEAM Terminology
How the Authentication System Works
Gaining Access to a Service Using SEAM
Using the gsscred Table
Part IV Auditing and Device Management
20. BSM (Overview)
What Is Auditing?
How Does Auditing Work?
How Is Auditing Related to Security?
BSM Terminology
Device Allocation
21. Audit Planning
Handling the Audit Trail
Deciding Who and What to Audit
Determining Which Audit Policies to Use
Controlling Auditing Costs
Auditing Efficiently
22. Managing the BSM Service (Tasks)
Managing the BSM Service (Task Map)
Configuring Audit Files (Task Map)
How to Select Audit Flags
How to Change Users' Audit Characteristics
How to Add Audit Classes
How to Change an Audit Event's Class Membership
How to Add Audit Events
Configuring the Auditing Service (Task Map)
How to Create Partitions for Auditing
How to Configure the audit_warn Alias
How to Enable or Disable an Audit Policy
How to Enable Auditing
How to Disable Auditing
Managing Audit Records (Task Map)
How to Display Audit Record Formats
How to Merge Audit Records
How to Display Audit Records
How to Prevent Audit Trail Overflow
Managing Device Allocation (Tasks)
Adding an Allocatable Device (Task Map)
How to Set Up Lock Files for an Allocatable Device
How to Change Which Devices Can Be Allocated
How to Allocate a Device
How to Deallocate a Device
23. BSM Service (Reference)
Audit Commands
Audit Service Files
Audit Administration Profiles
Audit Classes and Their Audit Flags
Audit Policies
Process Audit Characteristics
Audit Trail
Naming Conventions for Audit Files
Audit Record Structure
Audit Token Formats
Device Allocation Reference
A. System Administration Guide: Security Services Updates
Solaris 9 12/02 Updates
Solaris 9 8/03 Updates
Glossary
News Center
About Sun
Contact Sun
Terms of Use
Privacy
Copyright
1994-2009
Sun Microsystems, Inc.
Download this book in PDF (2441 KB)