System Administration Guide: Security Services

S

-s

audit command

praudit command

-S option of st_clean script

sac service name

PAM

sample module

description

saving

failed login attempts

scheduling ASET execution (PERIODIC_SCHEDULE)

scope

description

scp command

authentication steps

description

using

script

securing

testing for authorizations

SCSI devices

st_clean script

SEAM

administering

Administration Tool

and Kerberos V5

commands

components of

configuration decisions

configuring KDC servers

daemons

files

gaining access to server

online help

overview

overview of authentication

password management

planning for

reference

terminology

using

SEAM Administration Tool

and limited administration privileges

and list privileges

and X Window system

command-line equivalents

context-sensitive help

creating a new principal

creating new policy

default values

deleting a principal

deleting policies

displaying sublist of principals

duplicating a principal

files modified by

Filter Pattern field

gkadmin command

gkadmin command vs. kadmin

.gkadmin file

help (print)

Help button

Help Contents

how affected by privileges

kadmin command vs. gkadmin

modifying a principal

modifying policies

online help

panel descriptions

privileges

setting up principal defaults

starting

table of panels

viewing a principal's attributes

viewing list of policies

viewing list of principals

viewing policy attributes

vs. kadmin command

searching

files with setuid permissions

secondary audit directory

secret key

changing

database

decrypting

generating

secure access

secure NIS+, adding a user

Secure RPC

implementation of

Secure RPC authentication

Secure Shell

administering

authentication

authentication steps

configuring

configuring clients

connecting outside firewall

from command line

from configuration file

copying files

creating keys

description

forwarding mail

important files

local port forwarding

logging in

naming identity files

port forwarding

protocol versions

public key

remote port forwarding

transferring files

typical session

user task map

using without password

securing legacy applications

description

securing scripts

description

security

auditing and

DH authentication

AUTH_DH client-server session

KERB authentication

security mode

setting up environment with multiple

security service

in SEAM

integrity

privacy

seq audit policy

description

seq token and

seq policy

seq token and

seq token

format

seq policy and

server authentication parameters

sshd_config file

ServerKeyBits keyword

sshd_config file

servers

and realms

AUTH_DH client-server session

configuring for Secure Shell

definition in SEAM

gaining access with SEAM

obtaining credential for

service

definition in SEAM

disabling on a host

obtaining access for specific service

service key

definition in SEAM

service names

PAM

service principal

adding to keytab file

description

planning for names

removing from keytab file

session ID

session key

definition in SEAM

SEAM authentication and

-setclass option

auditconfig command

-setcond option

auditconfig command

setenv command

ASET security level specification

ASET working directory specification

setfacl command

adding ACL entries

deleting ACL entries

description

examples

modifying ACL entries

setting ACL entries

syntax

setgid permissions

absolute mode

description

symbolic mode

-setpmask option of auditconfig comman

auditconfig command

-setpolicy option

auditconfig command

-setsmask option

auditconfig command

setting IDs on commands

description

task description

setting up principal defaults

setuid permissions

absolute mode

description

finding files with permissions set

security risks

symbolic mode

setuid programs

-setumask option

auditconfig command

sftp command

authentication steps

description

using

sh command

dial-up passwords

privileged version

share command

restricting root access

sharing files (network security)

shell

privileged versions

shell commands

/etc/d_passwd file entries

shell programs

ASET security level specification

ASET working directory specification

short praudit output format

shosts.equiv file

description

.shosts file

description

signal received during auditing shutdown

single-sign-on system

SEAM and

size

reducing audit files

auditreduce command

auditreduce command

reducing storage-space requirements for audit files

slave_datatrans file

description

slave KDCs

adding names to cron job

configuring

definition

master KDC and

or master

planning for

swapping with master KDC

smartcard module

description

smattrpop command

description

SMC

See Solaris Management Console

smexec command

description

smmultiuser command

description

smprofile command

description

smrole command

description

smuser command

description

socket token

soft limit

audit_warn condition

minfree: line description

soft string with audit_warn script

Solaris Management Console

role assumption

running the user tools

sr_clean script

description

ssh-add command

description

example

ssh-agent command

description

from command line

in scripts

ssh command

authentication steps

description

-L option

-o option

permitting access

port forwarding

-R option

using

ssh_config file

client authentication parameters

configuring Secure Shell

connection parameters

host-specific parameters

keywords

See specific keyword

known host file parameters

ssh_host_key file

description

ssh_host_key.pub file

description

ssh-keygen command

description

using

ssh_known_hosts file

configuring Secure Shell

description

ssh service name

PAM

sshd command

configuring for forwarding

description

session controls

sshd_config file

description

forwarding parameters

ports parameters

server connection parameters

session control parameters

sshd.pid file

description

sshrc file

description

st_clean script

description

st_clean script for tape drives

stacking

in PAM

standard cleanup

starting

ASET

initiating sessions from shell

running interactively

KDC daemon

stash file

creating

definition

sticky bit permissions

absolute mode

description

symbolic mode

stopping

dial-up logins temporarily

storage

audit records and

storage costs

BSM and

storage overflow prevention

audit trail

StrictHostKeyChecking keyword

ssh_config file

StrictModes keyword

sshd_config file

su command

displaying use on console

in role assumption

monitoring use

su file

monitoring su command

su service name

PAM

subject token

format

Subsystem keyword

sshd_config file

success

audit flag prefix

turning off audit flags for

sufficient control flag

PAM

sulog file

superuser

eliminating superuser in RBAC

model versus RBAC

suser

security policy

swapping master and slave KDCs

symbolic links

file permissions

latest directory (ASET)

symbolic mode

changing file permissions

description

synchronizing clocks

sysconf.rpt file

description

SyslogFacility keyword

sshd_config file

System Administrator

rights profile

role

system calls

arg token

auditsvc() fails

event numbers

exec_args token

exec_env token

ioctl

return token

system security

dial-up passwords

disabling dial-up logins temporarily

/etc/d_passwd file

/etc/dialups file

displaying

user's login status

users with no passwords

introduction

overview

passwords

restricted shell

restricting root login to console

root access restrictions

saving failed login attempts

special logins

su command monitoring

System V IPC

ipc audit class

ipc_perm token

ipc token


	S `-s` `audit` command , `praudit` command , `-S` option of st_clean script , `sac` service name PAM , `sample` module description , saving failed login attempts , , scheduling ASET execution (`PERIODIC_SCHEDULE`) , , , , , scope description , `scp` command authentication steps , description , using , script securing , testing for authorizations , SCSI devices st_clean script , SEAM administering , Administration Tool , and Kerberos V5 , , commands , components of , configuration decisions , configuring KDC servers , daemons , files , gaining access to server , online help , overview , overview of authentication , password management , planning for , reference , terminology , using , SEAM Administration Tool , and limited administration privileges , and list privileges , and X Window system , command-line equivalents , context-sensitive help , creating a new principal , creating new policy , , default values , deleting a principal , deleting policies , displaying sublist of principals , duplicating a principal , files modified by , Filter Pattern field , `gkadmin` command , `gkadmin` command vs. `kadmin` , , `.gkadmin` file , help (print) , Help button , Help Contents , how affected by privileges , `kadmin` command vs. `gkadmin` , , login window , modifying a principal , modifying policies , online help , panel descriptions , privileges , setting up principal defaults , starting , table of panels , viewing a principal's attributes , viewing list of policies , viewing list of principals , viewing policy attributes , vs. `kadmin` command , searching files with `setuid` permissions , , secondary audit directory , secret key changing , database , decrypting , generating , secure access , secure NIS+, adding a user , Secure RPC , implementation of , Secure RPC authentication , Secure Shell administering , authentication , authentication steps , configuring , configuring clients , connecting outside firewall from command line , from configuration file , copying files , creating keys , description , forwarding mail , important files , local port forwarding , , logging in , naming identity files , port forwarding , protocol versions , public key , remote port forwarding , transferring files , typical session , user task map , using without password , securing legacy applications description , securing scripts description , security auditing and , DH authentication AUTH_DH client-server session , , KERB authentication , security mode setting up environment with multiple , security service in SEAM , integrity , privacy , `seq` audit policy description , `seq` token and , `seq` policy `seq` token and , `seq` token format , `seq` policy and , server authentication parameters `sshd_config` file , `ServerKeyBits` keyword `sshd_config` file , servers and realms , AUTH_DH client-server session , , configuring for Secure Shell , definition in SEAM , gaining access with SEAM , obtaining credential for , service definition in SEAM , disabling on a host , obtaining access for specific service , service key , definition in SEAM , service names PAM , service principal adding to keytab file , , description , planning for names , removing from keytab file , session ID , session key definition in SEAM , SEAM authentication and , `-setclass` option `auditconfig` command , `-setcond` option `auditconfig` command , `setenv` command ASET security level specification , ASET working directory specification , `setfacl` command adding ACL entries , deleting ACL entries , description , examples , , modifying ACL entries , setting ACL entries , , syntax , `setgid` permissions absolute mode , , description , , symbolic mode , `-setpmask` option of `auditconfig` comman `auditconfig` command , `-setpolicy` option `auditconfig` command , `-setsmask` option `auditconfig` command , setting IDs on commands description , task description , setting up principal defaults , `setuid` permissions absolute mode , , description , finding files with permissions set , , security risks , symbolic mode , `setuid` programs , `-setumask` option `auditconfig` command , `sftp` command authentication steps , description , using , `sh` command , dial-up passwords , privileged version , `share` command restricting `root` access , sharing files (network security) , shell privileged versions , shell commands `/etc/d_passwd` file entries , , shell programs ASET security level specification , ASET working directory specification , short praudit output format , `shosts.equiv` file description , `.shosts` file description , signal received during auditing shutdown , single-sign-on system SEAM and , size reducing audit files , `auditreduce` command , auditreduce command , reducing storage-space requirements for audit files , `slave_datatrans` file , description , slave KDCs adding names to cron job , configuring , definition , master KDC and , or master , planning for , swapping with master KDC , `smartcard` module description , `smattrpop` command description , SMC See Solaris Management Console `smexec` command description , `smmultiuser` command description , `smprofile` command description , `smrole` command description , `smuser` command description , `socket` token , soft limit `audit_warn` condition , `minfree:` line description , soft string with `audit_warn` script , Solaris Management Console role assumption , running the user tools , `sr_clean` script description , `ssh-add` command description , example , , `ssh-agent` command description , from command line , in scripts , `ssh` command authentication steps , description , `-L` option , `-o` option , permitting access , port forwarding , `-R` option , using , `ssh_config` file client authentication parameters , configuring Secure Shell , connection parameters , host-specific parameters , keywords See specific keyword known host file parameters , `ssh_host_key` file description , `ssh_host_key.pub` file description , `ssh-keygen` command description , using , `ssh_known_hosts` file configuring Secure Shell , description , `ssh` service name PAM , `sshd` command configuring for forwarding , description , session controls , `sshd_config` file description , forwarding parameters , ports parameters , server connection parameters , session control parameters , `sshd.pid` file description , `sshrc` file description , `st_clean` script description , st_clean script for tape drives , stacking in PAM , standard cleanup , starting ASET initiating sessions from shell , running interactively , KDC daemon , stash file creating , definition , sticky bit permissions absolute mode , , description , symbolic mode , stopping dial-up logins temporarily , storage audit records and , storage costs BSM and , storage overflow prevention audit trail , `StrictHostKeyChecking` keyword `ssh_config` file , `StrictModes` keyword `sshd_config` file , `su` command displaying use on console , , in role assumption , monitoring use , , , `su` file monitoring `su` command , `su` service name PAM , `subject` token format , `Subsystem` keyword `sshd_config` file , success audit flag prefix , , turning off audit flags for , `sufficient` control flag PAM , `sulog` file , , , superuser eliminating superuser in RBAC , model versus RBAC , `suser` security policy , swapping master and slave KDCs , symbolic links file permissions , latest directory (ASET) , symbolic mode changing file permissions , , , description , synchronizing clocks , , , `sysconf.rpt` file description , , `SyslogFacility` keyword `sshd_config` file , System Administrator rights profile , , , role , system calls `arg` token , `auditsvc()` fails , `auditsvc()` fails , close , event numbers , `exec_args` token , `exec_env` token , ioctl , , `return` token , system security dial-up passwords , , disabling dial-up logins temporarily , `/etc/d_passwd` file , , , `/etc/dialups` file , displaying user's login status , , users with no passwords , introduction , login access restrictions , , overview , passwords , restricted shell , , restricting `root` login to console , , `root` access restrictions , , , saving failed login attempts , , special logins , , `su` command monitoring , , , System V IPC ipc audit class , `ipc_perm` token , `ipc` token , ,