Index

. (dot)

path variable entry

Numbers and Symbols

* (asterisk)

device_allocate file

wildcard character in ASET

\ (backslash)

device_allocate file

ending in device_maps file

# (pound sign)

device_allocate file

device_maps file

? (question mark)

in ASET tune files

+ audit flag prefix

^+ audit flag prefix

^- audit flag prefix

3des-cbc encryption algorithm

ssh_config file

3des encryption algorithm

sshd_config file

~/.gkadmin file

description

$HOME/.ssh/known_hosts file

description

~/.k5login file

description

A

absolute mode

changing file permissions

description

setting special permissions

access

getting to server

with SEAM

obtaining for a specific service

restricting for KDC servers

root access

displaying attempts on console

monitoring su command use

restricting

security

ACLs

file access restriction

firewall setup

monitoring system usage

network control

path variable setting

physical site security

reporting problems

root access restrictions

root login tracking

setuid programs

sharing files

system logins

access control list

See ACL

Access Control Lists (ACLs)

See ACL

ACL

adding entries

changing entries

checking entries

commands

default entries for directories

deleting entries

description

directory entries

displaying entries

format of entries

kadm5.acl file

setting entries

valid file entries

acl token

format

ad audit flag

Add Administrative Role wizard

description

Add Right dialog box

description

Add User wizard

description

adding

administration principals (SEAM)

allocatable devices (BSM)

custom roles (RBAC)

PAM module

rights profiles (RBAC)

roles (RBAC)

service principal to keytab file (SEAM)

the first role (RBAC)

the first user (RBAC)

admin_server section

krb5.conf file

administering

BSM

audit class

audit classes

audit event

audit files

audit flags

audit records

audit trail overflow prevention

auditreduce command

cost control

description

efficiency

kernel events

process preselection mask

reducing storage-space requirements

user-level events

SEAM

keytabs

policies

principals

Secure Shell

administrative audit class

aes128-cbc encryption algorithm

ssh_config file

agent daemon

Secure Shell

aliases file (ASET)

description

example

format

specification

all

audit class

audit flag

caution for using

described

in user audit fields

All rights profile

description

allhard string

audit_warn script

allocate command

authorizations required

how the allocate mechanism works

options

using

allocate error state

AllowGroups keyword

sshd_config file

AllowTCPForwarding keyword

sshd_config file

AllowUsers keyword

sshd_config file

allsoft string

audit_warn script

always-audit flags

description

process preselection mask

analysis

praudit command

ap audit flag

application audit class

arbitrary token

format

item size field

print format field

Archive tape drive clean script

arg token

arge audit policy

description

exec_env token and

argv audit policy

description

exec_args token and

ASET

description

environment variables

error messages

NFS servers and

aset command

initiating ASET sessions

-p option

running ASET interactively

running ASET periodically

stop running ASET periodically

aset.restore command

description

ASETDIR variable (ASET)

working directory specification

asetenv file

description

modifying

running ASET periodically

ASETSECLEVEL variable (ASET)

setting security levels

Assign Administrative Role dialog box

description

Assign Rights to Role dialog box

description

asterisk (*)

device_allocate file

wildcard character

at command

authorizations required

atq command

authorizations required

attr token

audio_clean script

audio devices

device-clean scripts

AUDIO_DRAIN ioctl system call

AUDIO_SETINFO ioctl system call

AUDIOGETREG ioctl system call

AUDIOSETREG ioctl system call

- audit flag prefix

audit characteristics

overview

process preselection mask

audit class

description

audit classes

auditconfig command options

description

flags and definitions

mapping events

audit command

-n option

preselection mask for existing processes (-s option)

rereading audit files (-s option)

resetting directory pointer (-s option)

audit_control file

audit daemon rereading after editing

audit_user file modification

dir: line

described

examples

flags: line

described

prefixes in

process preselection mask

minfree: line

audit_warn condition

described

naflags: line

overview

prefixes in flags line

problem with contents

audit daemon

audit_startup file

audit trail creation

audit_warn script

conditions invoking

described

execution of

enabling auditing

functions

order audit files are opened

rereading the audit_control file

audit_data file

audit directory

description

audit event

audit_event file

description

kernel event

mapping to classes

user-level events

audit_event file

audit events

kernel events

auditconfig command options

auditconfig command options

user-level events

auditconfig command options

audit files

auditreduce command

combining

copying messages to single file

displaying in entirety

file token

minimum free space for file systems

names

form

still-active files

nonactive files marked not_terminated

order for opening

printing

reducing

reducing storage-space requirements

switching to new file

time stamps

audit flags

audit_control file line

audit_user file

auditconfig command options

definitions

description

machine-wide

overview

prefixes

process preselection mask

syntax

audit ID

overview

audit messages

copying to single file

audit policies

auditconfig options

default

description

list of

audit records

audit directories full

converting to readable format

description

events that generate

format or structure

overview

reducing audit files

audit session ID

audit_startup file

audit threshold

audit tokens

audit record format

description

format

table of

audit trail

analysis

praudit command

analysis costs

creating

audit daemon's role

audit_data file

overview

description

events included

merging all files

monitoring in real time

overflow prevention

overview

audit_user file

prefixes for flags

process preselection mask

user audit fields

audit_warn script

audit daemon execution of

conditions invoking

description

strings

auditconfig command

audit flags as arguments

options

prefixes for flags

auditd daemon

audit_startup file

audit trail creation

audit_warn script

conditions invoking

described

execution of

enabling auditing

functions

order audit files are opened

rereading the audit_control file

auditreduce command

-c option

cleaning not_terminated files

-d option

description

examples

-O option

options

time stamp use

without options

auditsvc() system call

audit_warn script and

trailer token and

AUE_... names

description

auth_attr database

description

RBAC relationships

AUTH_DH authentication

AUTH_DH client-server session

additional transaction

client authenticates server

contacting the server

decrypting the conversation key

generating public and secret keys

generating the conversation key

running keylogin

storing information on the server

verifier returned to client

authentication

configuring cross-realm

description

network security

overview of Kerberos

root for NFS

SEAM and

Secure Shell

description

hosts

methods

steps

users

terminology

types

authentication parameters

ssh_config file

authenticator

in SEAM

authorization

database

See auth_attr database

delegating

description

granularity

naming convention

network security

SEAM and

types

authorized_keys file

description

auths command

description

authtok_check module

description

authtok_get module

description

authtok_store module

description

Automated Security Enhancement Tool

See ASET

automatically enabling auditing

automating principal creation


	Index `.` (dot) path variable entry , Numbers and Symbols * (asterisk) `device_allocate` file , , wildcard character in ASET , \ (backslash) `device_allocate` file , ending in `device_maps` file , # (pound sign) `device_allocate` file , `device_maps` file , ? (question mark) in ASET tune files , + audit flag prefix , , ^+ audit flag prefix , , ^- audit flag prefix , , `3des-cbc` encryption algorithm `ssh_config` file , `3des` encryption algorithm `sshd_config` file , `~/.gkadmin` file description , `$HOME/.ssh/known_hosts` file description , , `~/.k5login` file description , A absolute mode changing file permissions , , description , setting special permissions , access getting to server with SEAM , obtaining for a specific service , restricting for KDC servers , `root` access displaying attempts on console , , monitoring `su` command use , , , restricting , , , security ACLs , , , file access restriction , firewall setup , , login access restrictions , , login control , monitoring system usage , network control , path variable setting , physical site security , reporting problems , `root` access restrictions , `root` login tracking , `setuid` programs , sharing files , system logins , , access control list See ACL Access Control Lists (ACLs) See ACL ACL adding entries , changing entries , checking entries , commands , default entries for directories , , deleting entries , , description , , directory entries , , displaying entries , , format of entries , `kadm5.acl` file , , , , setting entries , , valid file entries , `acl` token format , `ad` audit flag , Add Administrative Role wizard description , , Add Right dialog box description , Add User wizard description , adding administration principals (SEAM) , allocatable devices (BSM) , custom roles (RBAC) , PAM module , rights profiles (RBAC) , roles (RBAC) , , service principal to keytab file (SEAM) , the first role (RBAC) , the first user (RBAC) , `admin_server` section `krb5.conf` file , administering BSM audit class , audit classes , audit event , audit files , audit flags , , audit records , audit trail overflow prevention , `auditreduce` command , cost control , description , efficiency , kernel events , process preselection mask , reducing storage-space requirements , user-level events , SEAM keytabs , policies , principals , Secure Shell , `administrative` audit class , `aes128-cbc` encryption algorithm `ssh_config` file , agent daemon Secure Shell , aliases file (ASET) description , example , format , specification , `all` audit class , audit flag caution for using , described , in user audit fields , All rights profile description , , `allhard` string `audit_warn` script , `allocate` command authorizations required , how the allocate mechanism works , options , using , allocate error state , , `AllowGroups` keyword `sshd_config` file , `AllowTCPForwarding` keyword `sshd_config` file , `AllowUsers` keyword `sshd_config` file , `allsoft` string `audit_warn` script , always-audit flags description , , process preselection mask , analysis `praudit` command , , `ap` audit flag , `application` audit class , `arbitrary` token format , item size field , print format field , Archive tape drive clean script , `arg` token , `arge` audit policy description , `exec_env` token and , `argv` audit policy description , `exec_args` token and , ASET description , environment variables , error messages , NFS servers and , `aset` command initiating ASET sessions , `-p` option , running ASET interactively , running ASET periodically , stop running ASET periodically , `aset.restore` command description , `ASETDIR` variable (ASET) working directory specification , `asetenv` file description , modifying , running ASET periodically , `ASETSECLEVEL` variable (ASET) setting security levels , Assign Administrative Role dialog box description , Assign Rights to Role dialog box description , asterisk () `device_allocate` file , , wildcard character , `at` command authorizations required , `atq` command authorizations required , `attr` token , audio_clean script , audio devices device-clean scripts , AUDIO_DRAIN ioctl system call , AUDIO_SETINFO ioctl system call , AUDIOGETREG ioctl system call , AUDIOSETREG ioctl system call , - audit flag prefix , , audit characteristics overview , process preselection mask , audit class description , , audit classes `auditconfig` command options , description , flags and definitions , , mapping events , `audit` command `-n` option , preselection mask for existing processes (`-s` option) , rereading audit files (`-s` option) , resetting directory pointer (`-s` option) , `audit_control` file audit daemon rereading after editing , `audit_user` file modification , `dir:` line described , examples , examples , `flags:` line described , prefixes in , , process preselection mask , `minfree:` line `audit_warn` condition , described , `naflags:` line , overview , , , prefixes in flags line , , problem with contents , audit daemon `audit_startup` file , audit trail creation , , `audit_warn` script conditions invoking , , described , , execution of , enabling auditing , functions , order audit files are opened , rereading the `audit_control` file , `audit_data` file , audit directory description , audit event `audit_event` file , , description , , , kernel event , mapping to classes , user-level events , `audit_event` file , , audit events kernel events `auditconfig` command options , auditconfig command options , user-level events `auditconfig` command options , audit files `auditreduce` command , , combining , , , copying messages to single file , displaying in entirety , `file` token , minimum free space for file systems , names , , , , , , , form , still-active files , nonactive files marked not_terminated , order for opening , printing , reducing , , , reducing storage-space requirements , , switching to new file , time stamps , audit flags , `audit_control` file line , audit_user file , , `auditconfig` command options , definitions , , description , machine-wide , , , overview , , prefixes , , process preselection mask , syntax , , audit ID , overview , audit messages copying to single file , audit policies `auditconfig` options , default , description , list of , audit records audit directories full , , , , converting to readable format , , , , description , events that generate , format or structure , overview , reducing audit files , audit session ID , `audit_startup` file , audit threshold , audit tokens audit record format , description , , format , table of , audit trail analysis `praudit` command , , analysis costs , creating audit daemon's role , , , `audit_data` file , overview , description , events included , merging all files , , monitoring in real time , overflow prevention , overview , `audit_user` file prefixes for flags , , process preselection mask , user audit fields , , `audit_warn` script , audit daemon execution of , conditions invoking , , description , strings , , `auditconfig` command audit flags as arguments , , options , , prefixes for flags , , `auditd` daemon `audit_startup` file , audit trail creation , , , , `audit_warn` script conditions invoking , , described , execution of , enabling auditing , functions , order audit files are opened , rereading the audit_control file , `auditreduce` command , , `-c` option , cleaning not_terminated files , `-d` option , description , , examples , `-O` option , options , time stamp use , without options , , `auditsvc()` system call `audit_warn` script and , `trailer` token and , `AUE_...` names description , `auth_attr` database description , , RBAC relationships , AUTH_DH authentication , AUTH_DH client-server session , , additional transaction , client authenticates server , contacting the server , , decrypting the conversation key , generating public and secret keys , generating the conversation key , running `keylogin` , storing information on the server , , verifier returned to client , authentication configuring cross-realm , description , DH , , network security , , overview of Kerberos , `root` for NFS , SEAM and , Secure Shell description , hosts , methods , steps , users , terminology , types , authentication parameters `ssh_config` file , authenticator in SEAM , , authorization database See* `auth_attr` database delegating , description , , , , granularity , naming convention , network security , , SEAM and , types , `authorized_keys` file description , `auths` command description , `authtok_check` module description , `authtok_get` module description , `authtok_store` module description , Automated Security Enhancement Tool See ASET automatically enabling auditing , automating principal creation ,