The parenthesized number on an index entry indicates the location of the entry within the book. Entries before the first numbered section in a chapter are identified as Sec. n.0.
|
Click letter for quick access: [Special Characters] A B C D E F G H I J K L M N O P Q R S T U V W X Y Z |
Special Characters
.rhosts file
suggested permissions on (Sec. 3.1.6)
suggested permissions on (Sec. 3.1.6)
|
Click letter for quick access: [Special Characters] A B C D E F G H I J K L M N O P Q R S T U V W X Y Z |
A
abbreviated audit reports (Sec. 10.8.3)
absolute pathname (Sec. 16.4)
access control list (ACL) (Sec. 5.2)
protecting files (Sec. 2.6.5)
access control list (Sec. 11.0)
access control list (Sec. 5.0)
See also ACL
accessing the databases (Sec. 17.1)
account lock (Sec. 18.4)
account management (Sec. 9.5)
account tempates (Sec. 9.1.1.3)
account template, modifying (Sec. 9.2.5)
accountability (Sec. 1.1.3)
accountability (Sec. 1.2)
accounting tools (Sec. 10.14)
accounts (Sec. 9.1)
accounts (Sec. 9.5.4)
adding (Sec. 7.1.1)
anonymous ftp (Sec. 3.1.4)
creating (Sec. 7.6)
creating (Sec. 9.1)
deleting (Sec. 9.2.4)
disabled (Sec. 9.2.2)
locked (Sec. 9.2.2)
maintaining (Sec. 9.1)
modifying (Sec. 9.0)
new (Sec. 9.2.2)
passwords (Sec. 9.2.2)
retiring (Sec. 9.2.3)
ACL (Sec. 11.0)
ACL (Sec. 5.0)
administering (Sec. 11.2)
administration (Sec. 11.0)
archival tools (Sec. 11.6)
base entry (Sec. 21.1)
configuring (Sec. 7.5.2)
decision process (Sec. 5.6)
default (Sec. 21.6)
default (Sec. 5.2)
description (Sec. 6.3.3)
enabling (Sec. 11.3.1)
entry rules (Sec. 21.4.3)
example of setting for file (Sec. 21.5)
external representation (Sec. 21.2.2)
format (Sec. 5.5)
getacl command (Sec. 5.4)
getacl command (Sec. 5.4.3)
inheritance (Sec. 21.6)
inheritance (Sec. 5.7.2)
initialization (Sec. 5.7.2)
installation (Sec. 11.0)
installing (Sec. 11.3)
kernel status (Sec. 11.3.1)
library routines (Sec. 21.3)
ls command (Sec. 5.4.4)
maintaining (Sec. 5.8)
object creation rule (Sec. 21.4.1)
overview (Sec. 11.1)
overview (Sec. 5.2)
propagation (Sec. 21.4.1)
protecting objects (Sec. 5.4)
recovery (Sec. 11.4)
replication rule (Sec. 21.4.2)
setacl command (Sec. 5.4.2)
standalone system (Sec. 11.5)
status (Sec. 5.3)
umask (Sec. 21.4.1)
using (Sec. 5.0)
verifying status (Sec. 11.3.1)
viewing (Sec. 5.4)
working storage (Sec. 21.2.1)
working storage: example (Sec. 21.5)
administrating a trusted operating system (Sec. 6.5)
administrative roles
See role responsibilities
administrators, introduction (Sec. 6.0)
aliases for audit events (Sec. 10.6.1.2)
aliases for auditable events (Sec. B.2)
allowSendEvents resource (Sec. 16.7.2)
anonymous ftp account (Sec. 3.1.4)
ANSI C
symbol preemption (Sec. E.1)
antecedent directories (Sec. 15.4)
application-specific auditing (Sec. 10.5.2)
applications
adding to the file control database (Sec. 12.3)
assigning terminal devices (Sec. 7.7.3)
assigning terminal devices (Sec. 8.1)
attributes, file
See file attributes
audcntl routine (Sec. C.1.2)
audgen command (Sec. 10.1.2.1)
audgen system call (Sec. C.1.1)
audgen() (Sec. 19.1)
specifying audit log (Sec. 19.9)
audgen8 trusted event (Sec. 10.5.1)
audgenl()
example (Sec. 19.1)
example (Sec. 19.7)
example (Sec. 19.8.2)
audit (Sec. 10.1)
audit (Sec. 10.4.2)
audit (Sec. 10.6.1.1)
accessing the graphic interface (Sec. 10.1.2.2)
accounting tools (Sec. 10.14)
active processes (Sec. 10.9.2)
administration tools (Sec. 10.1.2)
advanced configuration (Sec. 10.3)
application-specific auditing (Sec. 10.5.2)
application-specific records (Sec. 19.7)
audcntl flag (Sec. 19.6)
audgen command (Sec. 10.1.2.1)
audit control flag (Sec. 10.6.1.1)
audit hosts file (Sec. 10.7)
audit hub (Sec. 10.7)
audit log dump (Sec. 19.10.2)
Audit Manager (Sec. 10.1.2.2)
audit mask (Sec. 10.6.1.1)
control flag (Sec. 10.6.1.1)
auditable events (Sec. 10.5)
auditconfig command (Sec. 10.1.2.1)
auditconfig command (Sec. 10.2)
auditconfig command (Sec. 10.3)
auditd command (Sec. 10.1.2.1)
auditd command (Sec. 10.4.1)
auditing remotely (Sec. 10.7)
auditmask command (Sec. 10.1.2.1)
auditmask command (Sec. 10.4.2)
auditmask flag (Sec. 19.6)
audit_tool command (Sec. 10.1.2.1)
audit_tool command (Sec. 10.4.3)
audit_tool command (Sec. 10.4.3)
audit_tool command (Sec. 10.9)
audit_tool command (Sec. 10.9)
audit_tool.ultrix command (Sec. 10.1.2.1)
AUD_T public tokens (Sec. 19.3.1)
AUD_TP private tokens (Sec. 19.3.2)
AUID (audit ID) (Sec. 10.8)
CDE interface (Sec. 10.1.2.2)
choosing events (Sec. 10.5)
commands (Sec. 10.1.2.1)
configuring (Sec. 10.2)
configuring (Sec. 10.3)
configuring (Sec. 10.4.1)
console messages (Sec. 10.1.1)
content of records (Sec. 10.8)
control flag (Sec. 10.6.1.1)
crash recovery (Sec. 10.10)
creating own log (Sec. 19.9)
data recovery (Sec. 10.10)
data--managing growth of (Sec. 10.6)
dependencies among audit events (Sec. 10.5.3)
deselection files for audit reports (Sec. 10.9.1)
disabling system-call auditing (Sec. 19.5)
/etc/sec/auditd_clients file (Sec. 10.7)
event types (Sec. 19.2)
events (Sec. 10.5)
preselection (Sec. 10.6)
site-defined events (Sec. 10.5.2)
state-dependent information (Sec. 10.5.3)
trusted events (Sec. 10.5.1)
files (Sec. 10.1.1)
site_events file (Sec. 10.5.2)
filtering data (Sec. 10.9.1)
fixed-length tokens (Sec. 19.3.1)
generating reports (Sec. 10.4.3)
generating reports (Sec. 10.9)
getting started (Sec. 10.2)
graphic interface (Sec. 10.1.2.2)
GUI (Sec. 10.1.2.2)
ID (AUID) (Sec. 10.8)
implementation notes (Sec. 10.11)
iovec-type tokens (Sec. 19.3.1)
log files (Sec. 10.1.1)
log location (Sec. 10.4.1)
logging tools (Sec. 10.14)
login audit mask
setting (Sec. 10.6.1.1)
login process mask (Sec. 10.6.1.1)
LUID (login ID) (Sec. 10.8)
managing data (Sec. 10.6)
masks (Sec. 10.6.1.1)
masks (Sec. 19.4)
messages (Sec. 10.1.1)
modifying for process (Sec. 19.6)
network audit hosts file (Sec. 10.7)
networked auditing (Sec. 10.7)
octal dump of audit log (Sec. 19.10.2)
overflow handling (Sec. 10.4.1)
overview (Sec. 10.1)
pointer-type tokens (Sec. 19.3.1)
preselection (Sec. 10.4.2)
preselection (Sec. 10.6)
process audit mask (Sec. 10.6.1.1)
process control flag (Sec. 19.4)
processing audit information (Sec. 10.4.3)
processing audit information (Sec. 10.9)
quick start (Sec. 10.2)
record as series of tuples (Sec. 19.3)
record content (Sec. 10.8)
record generation (Sec. 19.0)
record length (Sec. 19.10.2)
reducing audit information (Sec. 10.4.3)
reducing audit information (Sec. 10.9)
report deselection files (Sec. 10.9.1)
reports (Sec. 10.4.3)
reports (Sec. 10.9)
reports, abbreviated (Sec. 10.8.3)
responding to audit reports (Sec. 10.12)
selecting audit events (Sec. 10.4.2)
selecting events (Sec. 10.5)
self-auditing commands (Sec. 10.5.1)
site-defined events (Sec. 10.5.2)
site-defined events (Sec. 19.8)
starting (Sec. 10.2)
starting (Sec. 10.3)
system audit mask (Sec. 10.6.1.1)
tokens (Sec. 19.3)
tools (Sec. 10.1.2)
tracing system calls (Sec. 10.13)
trusted application (Sec. 19.0)
trusted events (Sec. 10.5.1)
tuples (Sec. 19.3)
turning off/on auditing (Sec. 10.4.1)
user audit mask
setting (Sec. 10.6.1.1)
user process mask (Sec. 10.6.1.1)
audit events
default events (Sec. B.1)
audit features (Sec. 6.3.1)
audit ID (AUID) (Sec. 1.1.3)
audit ID (AUID) (Sec. 1.2)
audit ID (AUID) (Sec. 18.0)
audit log
reading (Sec. 19.10)
reading algorithm (Sec. 19.10.4)
tuple formats (Sec. 19.10.1)
Audit Manager graphic interface (Sec. 10.1.2.2)
audit subsystem (Sec. 1.1.3)
See also audit
anonymous ftp (Sec. 3.1.4)
configuring (Sec. 7.5.1)
default auditable events (Sec. B.1)
default event aliases (Sec. B.2)
setting up (Sec. 7.7.4)
ULTRIX compatibility (Sec. C.3)
audit trail (Sec. 1.1.3)
auditable events (Sec. 10.5)
auditable events (Sec. B.1)
auditconfig command (Sec. 10.1.2.1)
auditconfig command (Sec. 10.2)
auditconfig command (Sec. 10.3)
auditconfig trusted event (Sec. 10.5.1)
auditd command (Sec. 10.1.2.1)
auditd command (Sec. 10.4.1)
auditing for applications (Sec. 10.5.2)
auditing in a cluster (Sec. G.4)
auditmask command (Sec. 10.1.2.1)
auditmask command (Sec. 10.4.2)
audit_daemon_exit trusted event (Sec. 10.5.1)
audit_log_change trusted event (Sec. 10.5.1)
audit_log_create trusted event (Sec. 10.5.1)
audit_log_overwrite trusted event (Sec. 10.5.1)
audit_reboot trusted event (Sec. 10.5.1)
audit_start trusted event (Sec. 10.5.1)
audit_stop trusted event (Sec. 10.5.1)
audit_subsystem
event aliases (Sec. 10.6.1.2)
audit_suspend trusted event (Sec. 10.5.1)
audit_tool command (Sec. 10.1.2.1)
audit_tool command (Sec. 10.4.3)
audit_tool command (Sec. 10.9)
audit_tool.ultrix command (Sec. 10.1.2.1)
audit_xmit_fail trusted event (Sec. 10.5.1)
AUD_MAXEVENT_LEN (Sec. 19.8)
AUD_T public audit tokens (Sec. 19.3.1)
AUD_TP private audit tokens (Sec. 19.3.2)
AUID (audit ID) (Sec. 10.8)
authaudit routines (Sec. C.1.3)
authck command (Sec. 12.0)
authck program (Sec. 12.2)
authentication (Sec. 18.0)
authentication (Sec. 6.3.2)
authentication (Sec. 9.1)
programming concerns (Sec. 18.0)
authentication configuration (Sec. 7.5.4)
encryption (Sec. 7.5.4.12)
failed login records (Sec. 7.5.4.9)
log in records (Sec. 7.5.4.7)
maximum log in attempts (Sec. 7.5.4.4)
password aging (Sec. 7.5.4.1)
password change time (Sec. 7.5.4.2)
password-changing controls (Sec. 7.5.4.3)
profile migration (Sec. 7.5.4.10)
successful login records (Sec. 7.5.4.8)
terminal breakin (Sec. 7.5.4.5)
time between log in attempts (Sec. 7.5.4.5)
time between log ins (Sec. 7.5.4.6)
vouching (Sec. 7.5.4.11)
authentication database (Sec. 12.0)
authentication database (Sec. 12.1)
authentication database (Sec. 17.0)
authentication database (Sec. 9.1)
conversion (Sec. 7.1.2)
authentication files (Sec. C.2)
authentication in a cluster (Sec. G.3)
authentication profile (Sec. 1.2)
authentication profile (Sec. 14.2.1)
authentication profile (Sec. 17.6)
authentication profile (Sec. 18.0)
authentication profile (Sec. 2.1.1)
authentication profile (Sec. 6.5.1.1)
authentication profile (Sec. 6.5.2.1)
authentication program (Sec. 18.1)
authentication subsystem (Sec. 9.1)
authorization list
See terminal authorization list
auth_event trusted event (Sec. 10.5.1)
A_PROCMASK_SET macro (Sec. 19.6)
|
Click letter for quick access: [Special Characters] A B C D E F G H I J K L M N O P Q R S T U V W X Y Z |
B
background job (Sec. 2.6.2)
backup procedures (Sec. 14.0)
backup procedures (Sec. 7.8)
Berkeley database (Sec. 6.3.5)
binary compatibility (Sec. 6.1)
boot loading software (Sec. 14.2.12)
buffer management (Sec. 17.2.2.1)
|
Click letter for quick access: [Special Characters] A B C D E F G H I J K L M N O P Q R S T U V W X Y Z |
C
C2 features
audit (Sec. 1.1.3)
login control (Sec. 1.1.1)
password control (Sec. 1.1.2)
CDE
authorizing host access (Sec. 4.2)
secure keyboard (Sec. 4.4)
security (Sec. 4.0)
CDE session
pausing current (Sec. 4.5)
screen lock (Sec. 4.5)
centralized account management (Sec. 9.5)
changing a password (Sec. 2.2)
changing permissions (Sec. 5.1)
character-mode terminal (Sec. 2.0)
chgrp
command (Sec. 5.1)
child process
inherited file access (Sec. 16.6)
signal mask and (Sec. 16.5)
chmod command (Sec. 5.1)
chmod command (Sec. 5.1)
octal example of (Sec. 3.1.6)
chown system call
SUID or SGID permissions (Sec. 16.1)
close-on-exec flag (Sec. 16.6)
cluster
overview (Sec. 6.6)
clusters
auditing (Sec. G.4)
authetication (Sec. G.3)
distributed logins (Sec. G.2.4)
NIS (Sec. G.2.4)
restrictions (Sec. G.5)
terminal logging (Sec. G.5.2)
upgrades (Sec. G.5.1)
commands
chgrp (Sec. 5.1)
chmod (Sec. 5.1)
compatibility with ULTRIX auditing (Sec. C.3)
configuration
encryption (Sec. 7.5.4.12)
failed login records (Sec. 7.5.4.9)
log in records (Sec. 7.5.4.7)
maximum log in attempts (Sec. 7.5.4.4)
password aging (Sec. 7.5.4.1)
password change time (Sec. 7.5.4.2)
password-changing controls (Sec. 7.5.4.3)
profile migration (Sec. 7.5.4.10)
succesful login records (Sec. 7.5.4.8)
terminal breakin (Sec. 7.5.4.5)
time between log in attempts (Sec. 7.5.4.5)
time between log ins (Sec. 7.5.4.6)
vouching (Sec. 7.5.4.11)
configuring
ACLs (Sec. 7.5.2)
audit (Sec. 10.2)
audit (Sec. 10.3)
audit (Sec. 10.4.1)
audit (Sec. 7.5.1)
enhanced passwords (Sec. 7.5.3)
security features (Sec. 7.5)
configuring enhanced security (Sec. 6.4.1)
connecting to other systems (Sec. 3.0)
console file (Sec. 14.2.8)
console messages
audit (Sec. 10.1.1)
content of audit records (Sec. 10.8)
control flag
audit control flag (Sec. 10.6.1.1)
convauth command (Sec. 7.1.2)
core files (Sec. 16.5)
crash recovery
audit data (Sec. 10.10)
create_file_securely() library routine (Sec. 17.4)
creating accounts (Sec. 7.6)
creating accounts (Sec. 9.1)
creating groups (Sec. 7.6)
creating groups (Sec. 9.2.1)
crypt() support (Sec. 7.5.4.12)
cu command (Sec. 3.3.2)
example of (Sec. 3.3.2)
|
Click letter for quick access: [Special Characters] A B C D E F G H I J K L M N O P Q R S T U V W X Y Z |
D
DAC
protecting the TCB (Sec. 15.5)
daemon programs (Sec. 18.3)
data
storing in a secure location (Sec. 16.3)
data files (Sec. 15.4)
data loss (Sec. 14.0)
database update (Sec. 17.2.2.5)
databases (Sec. 6.3.5)
accessing (Sec. 17.1)
enhanced password (Sec. 14.2.1)
entries (Sec. 17.2)
file control (Sec. 12.3)
groups (Sec. 14.2.6)
system defaults (Sec. 17.2)
terminal control (Sec. 17.2.1)
update (Sec. 17.2.2)
databases fields (Sec. 17.2)
dcp command (Sec. 3.4)
DECnet protocol (Sec. 3.0)
DECnet protocol (Sec. 3.4)
dcp command (Sec. 3.4)
dlogin command (Sec. 3.4)
dls command (Sec. 3.4)
generic guest accounts (Sec. 3.4)
default ACL (Sec. 21.6)
defaults database (Sec. 6.5.2.2)
defaults for devices (Sec. 8.1)
deleting layered security products (Sec. 13.6)
deleting user accounts (Sec. 9.2.4)
denial of service (Sec. 6.2)
dependencies among audit events (Sec. 10.5.3)
deselection files for audit reports (Sec. 10.9.1)
/dev/console file (Sec. 14.2.8)
/dev/pts/* file (Sec. 14.2.9)
/dev/tty* file (Sec. 14.2.9)
device
assignment (Sec. 6.5.1.1)
assignment (Sec. 7.7.3)
assignment (Sec. 8.1)
defaults (Sec. 8.1)
installation (Sec. 8.1)
device assignment database (Sec. 12.1)
device assignment database (Sec. 17.3)
device assignment database (Sec. 6.5.2.5)
device assignment database (Sec. 8.2)
devices (Sec. 8.1)
differences between file and directory permissions (Sec. 5.1)
directories
permissions (Sec. 5.1)
disabled accounts (Sec. 9.2.2)
display access (Sec. 4.1)
distributed logins in a cluster (Sec. G.2.4)
dlogin command (Sec. 3.4)
dls command (Sec. 3.4)
DOP (Sec. H.0)
dtterm window
protecting (Sec. 4.4)
dxaccounts program (Sec. 6.4)
dxaccounts program (Sec. 6.4)
dxaudit program (Sec. 6.4)
dxaudit program (Sec. 6.4)
dxdevices program (Sec. 6.4)
dxdevices program (Sec. 6.4)
|
Click letter for quick access: [Special Characters] A B C D E F G H I J K L M N O P Q R S T U V W X Y Z |
E
EACCES errno value (Sec. 16.2)
effective group ID (Sec. 2.1.1)
effective user ID (Sec. 2.1.1)
EGID
See effective group ID
encrypted password (Sec. 14.2.1)
encrypted password (Sec. 17.6)
encryption configuration (Sec. 7.5.4.12)
enhanced password database (Sec. 12.1)
enhanced password database (Sec. 14.2.1)
enhanced password database (Sec. 17.6)
enhanced password database (Sec. 18.0)
enhanced password database (Sec. 18.4)
enhanced password database (Sec. 6.5.2.1)
enhanced passwords (Sec. 7.5.3)
enhanced passwords (Sec. 9.5.4)
enhanced profile configuration (Sec. 7.5.4)
enhanced security
entry points (Sec. E.1)
EPERM errno value (Sec. 16.2)
EROFS errno value (Sec. 16.2)
errno variable (Sec. 16.2)
/etc/auth/system/default file (Sec. 14.2.3)
/etc/auth/system/devassign file (Sec. 14.2.4)
/etc/auth/system/ttys file (Sec. 17.7)
/etc/auth/system/ttys.db file (Sec. 14.2.2)
/etc/group file (Sec. 14.2.6)
/etc/hosts.equiv file
interaction with .rhosts file (Sec. 3.1.3)
security concerns (Sec. 3.1.2)
/etc/passwd file (Sec. 12.2)
/etc/passwd file (Sec. 14.2.5)
/etc/passwd file (Sec. 17.6)
/etc/passwd file (Sec. 18.4)
/etc/sec/auditd_clients file (Sec. 10.7)
/etc/sec/audit_events file (Sec. B.1)
/etc/sec/event_aliases (Sec. 10.6.1.2)
/etc/sec/event_aliases file (Sec. B.2)
/etc/sec/site_events file (Sec. 10.5.2)
/etc/sec/site_events file (Sec. 19.8)
/etc/sysconfigtab
setting audit-site-events (Sec. 19.8)
EUID
See effective user ID
evasion time configuration (Sec. 7.5.4.5)
event
audit (Sec. 19.2)
event aliases (Sec. B.2)
events
aliases for audit events (Sec. 10.6.1.2)
managing audit events (Sec. 10.6)
site-defined audit events (Sec. 10.5.2)
trusted audit events (Sec. 10.5.1)
events to audit (Sec. B.1)
example
ACL creation (Sec. 21.5)
ACL inheritance (Sec. 21.6)
ACL permission removal (Sec. 21.6)
application-specific audit record (Sec. 19.7)
audgenl() (Sec. 19.1)
audit tuple parsing macros (Sec. 19.10.4)
audit: iovec-type record (Sec. 19.3.1)
auditmask (Sec. 19.6)
site-defined audit event (Sec. 19.8.2)
execute permission (Sec. 5.1)
execve system call (Sec. 16.5)
extended passwords
See enhanced passwords
external representation
ACL (Sec. 21.2.2)
|
Click letter for quick access: [Special Characters] A B C D E F G H I J K L M N O P Q R S T U V W X Y Z |
F
fcntl system call
close-on-exec flag (Sec. 16.6)
features (Sec. 1.1)
features (Sec. 6.3.1)
file
protecting (Sec. 16.3)
required (Sec. 14.2)
file attributes (Sec. 14.3)
file control database (Sec. 12.3)
description (Sec. 17.4)
description (Sec. 6.5.2.4)
location (Sec. 12.1)
file descriptors (Sec. 16.6)
file permissions
remote sessions (Sec. 3.1.6)
file summary (Sec. A.0)
file systems (Sec. 6.5.1.2)
files
protecting (Sec. 5.1)
filtering audit data (Sec. 10.9.1)
fork system call (Sec. 16.5)
fork system call (Sec. 18.1)
ftp command (Sec. 3.1.4)
description of (Sec. 3.1.4)
security risks of anonymous ftp (Sec. 3.1.4)
use of .netrc file with (Sec. 3.1.4)
FTP protocol (Sec. 3.0)
fverfy command (Sec. 14.3)
|
Click letter for quick access: [Special Characters] A B C D E F G H I J K L M N O P Q R S T U V W X Y Z |
G
generating audit reports (Sec. 10.4.3)
generating audit reports (Sec. 10.9)
getacl command (Sec. 5.4)
getluid system call (Sec. 18.1)
getty command (Sec. 2.6.2)
GID
See group ID
graphic interface
for audit subsystem (Sec. 10.1.2.2)
group database (Sec. 14.2.6)
group ID
effective (EGID) (Sec. 2.1.1)
real (RGID) (Sec. 2.1.1)
groups
creating (Sec. 7.6)
creating (Sec. 9.2.1)
database file (Sec. 14.2.6)
supplementary (Sec. 2.1.1)
|
Click letter for quick access: [Special Characters] A B C D E F G H I J K L M N O P Q R S T U V W X Y Z |
H
hardware privilege (Sec. 6.2)
header files (Sec. 15.1)
|
Click letter for quick access: [Special Characters] A B C D E F G H I J K L M N O P Q R S T U V W X Y Z |
I
I and A (Sec. 1.2)
I and A (Sec. 18.0)
I and A (Sec. 6.3.2)
identification (Sec. 18.0)
identification and authentication
See I and A
Information Systems Security Officer
ISSO (Sec. 6.5.1.1)
installation (Sec. 7.1)
installing enhanced security (Sec. 6.4.1)
installing layered security products (Sec. 13.4)
integrating security mechanisms (Sec. 20.11)
integrity (Sec. 12.0)
integrity (Sec. 6.2)
integrity (Sec. 6.2)
integrity (Sec. 6.5.1.1)
integrity (Sec. 6.5.2.4)
integrity features (Sec. 6.3.4)
interoperating with ULTRIX auditing (Sec. C.3)
interprocess communication
security consideration (Sec. 16.3)
introduction for administrators (Sec. 6.0)
introduction for users (Sec. 1.0)
iovec
audit record using (Sec. 19.3.1)
ISSO (Sec. 6.5.1.1)
tasks (Sec. 7.7)
|
Click letter for quick access: [Special Characters] A B C D E F G H I J K L M N O P Q R S T U V W X Y Z |
K
keyboard
securing (Sec. 16.7.1)
securing in CDE environment (Sec. 4.4)
keyboard input (Sec. 4.4)
|
Click letter for quick access: [Special Characters] A B C D E F G H I J K L M N O P Q R S T U V W X Y Z |
L
LAT protocol (Sec. 3.0)
description of (Sec. 3.2)
LAT groups (Sec. 3.2)
libaud library (Sec. 15.1)
libraries
as part of the TCB (Sec. 15.4)
security relevent (Sec. 15.1)
library routines (Sec. 15.3)
library routines for ACLs (Sec. 21.3)
libsecurity library (Sec. 15.1)
Local Area Transport (LAT) (Sec. 3.2)
Local Area Transport
See LAT protocol
lock file (Sec. 14.1)
locked accounts (Sec. 9.2.2)
log files (Sec. 10.1.1)
log files (Sec. 10.14)
designating (Sec. 10.4.1)
log in
maximum tries configuration (Sec. 7.5.4.4)
log in records configuration (Sec. 7.5.4.7)
logging in (Sec. 2.1)
to remote systems with rlogin (Sec. 3.1.1)
logging tools (Sec. 10.14)
login (Sec. 2.1)
audit mask (Sec. 10.6.1.1)
audit mask, setting (Sec. 10.6.1.1)
enhancements (Sec. 1.1.1)
invalidating terminal file descriptors (Sec. 2.6.2)
login ID (LUID) (Sec. 10.8)
problems (Sec. 2.6.6)
setting password during (Sec. 2.2)
shell (Sec. 2.1.1)
trusted event (Sec. 10.5.1)
user ID (AUID) (Sec. 2.1.1)
login command (Sec. 2.6.2)
login records configuration (Sec. 7.5.4.8)
login records configuration (Sec. 7.5.4.9)
login timouts (Sec. 8.2)
login tips (Sec. 2.5)
login user ID (Sec. 2.3)
logout tips (Sec. 2.5)
logout trusted event (Sec. 10.5.1)
LUID (login ID) (Sec. 10.8)
|
Click letter for quick access: [Special Characters] A B C D E F G H I J K L M N O P Q R S T U V W X Y Z |
M
macro
audit tuple parsing (Sec. 19.10.4)
maintaining accounts (Sec. 9.1)
matrix.conf file (Sec. 13.3)
matrix.conf file (Sec. 20.16)
mechanism-dependent interface (Sec. 20.17)
migration issues
audcntl routine (Sec. C.1.2)
audgen system call (Sec. C.1.1)
authaudit routines (Sec. C.1.3)
BIND/Hesiod authentication files (Sec. C.2)
MLS+ (Sec. C.1.3)
NIS (Sec. 9.5.4)
password databases (Sec. C.1.5)
secauthmigrate script (Sec. C.2)
secure attention key (SAK) (Sec. C.1.7)
trusted path (Sec. C.1.6)
ULTRIX (Sec. C.0)
ULTRIX authentication files (Sec. C.2)
MIN_SITE_EVENT (Sec. 19.8)
modem
with tip and cu commands (Sec. 3.3.2)
with UUCP utility (Sec. 3.3)
modifying database entries (Sec. 17.2.2.5)
modifying the account template (Sec. 9.2.5)
modifying user accounts (Sec. 9.1)
mouse
securing (Sec. 16.7.2)
|
Click letter for quick access: [Special Characters] A B C D E F G H I J K L M N O P Q R S T U V W X Y Z |
N
naming routines (Sec. E.2)
need-to-know access (Sec. 6.2)
.netrc (Sec. 3.1.4)
network
audit hub (Sec. 10.7)
auditing across a network (Sec. 10.7)
network protocols (Sec. 3.0)
network security concerns (Sec. 4.2)
.rhosts file (Sec. 3.1.3)
anonymous ftp (Sec. 3.1.4)
DECnet generic guest accounts (Sec. 3.4)
/etc/hosts.equiv file (Sec. 3.1.2)
file permissions (Sec. 3.1.6)
tip and cu commands (Sec. 3.3.2)
UUCP commands (Sec. 3.3)
workstation display access (Sec. 4.2)
NIS
account management (Sec. 9.5)
automated procedures (Sec. 9.5.1.2)
backing out (Sec. 9.5.5)
client setup (Sec. 9.5.3)
large databases (Sec. 9.5.1.2)
master server setup (Sec. 9.5.1)
migration (Sec. 9.5.4)
overrides (Sec. 9.1.2.1)
overrides (Sec. 9.1.2.2)
slave server setup (Sec. 9.5.2)
user account database (Sec. 9.1.2.1)
null password (Sec. 18.4)
|
Click letter for quick access: [Special Characters] A B C D E F G H I J K L M N O P Q R S T U V W X Y Z |
O
object code (Sec. 15.4)
open file descriptor (Sec. 16.6)
operational features (Sec. 6.2)
operator responsibilities (Sec. 6.5.1.3)
overflow handling
audit (Sec. 10.4.1)
|
Click letter for quick access: [Special Characters] A B C D E F G H I J K L M N O P Q R S T U V W X Y Z |
P
passwd file (Sec. 14.2.5)
password (Sec. 18.6)
aging (Sec. 2.2.3)
aging configuration (Sec. 7.5.4.1)
change time configuration (Sec. 7.5.4.2)
choosing (Sec. 2.2)
coding example (Sec. D.0)
configuration (Sec. 7.5.4)
controls configuration (Sec. 7.5.4.3)
database (Sec. 14.2.5)
enhanced (Sec. 7.5.3)
enhanced database (Sec. 6.5.2.1)
enhancements (Sec. 1.1.2)
expiration (Sec. 2.1)
expiration of (Sec. 2.2.3)
expiration time (Sec. 2.6.1)
maximum tries configuration (Sec. 7.5.4.4)
new accounts (Sec. 9.2.2)
random character (Sec. 2.2.1)
random letter (Sec. 2.2.1)
random pronounceable (Sec. 2.2.1)
setting and changing (Sec. 2.2)
system-generated (Sec. 2.2.2)
threats (Sec. 3.1.2)
tips (Sec. 2.4)
password databases (Sec. C.1.5)
passwords (Sec. 18.0)
passwords (Sec. 2.2)
PATH variable
defining (Sec. 16.4)
null entry in (Sec. 16.4)
secure shell scripts (Sec. 16.8)
pathname
absolute (Sec. 16.4)
relative (Sec. 16.4)
pausing CDE sessions (Sec. 4.5)
permanent file (Sec. 16.3)
permissions
changing (Sec. 5.1)
directory (Sec. 5.1)
physical device (Sec. 6.5.2.5)
physical security
in CDE environment (Sec. 4.6)
preselection of audit events (Sec. 10.4.2)
preselection of audit events (Sec. 10.6)
private audit tokens (Sec. 19.3.2)
privileges (Sec. H.0)
process
audit control flag (Sec. 19.4)
process audit mask (Sec. 10.6.1.1)
process priority (Sec. 17.6)
profile migration configuration (Sec. 7.5.4.10)
programming in the trusted environment (Sec. 15.0)
protected passwords
See enhanced passwords
protected subsystem pseudogroup (Sec. 17.2.2)
protected subsystems (Sec. 6.5.2)
protecting files (Sec. 5.1)
access control list (ACL) (Sec. 2.6.5)
protecting removable media (Sec. 4.6)
prpasswd file (Sec. 9.5.4)
pseudo tty (Sec. 14.2.9)
pts/* file (Sec. 14.2.9)
|
Click letter for quick access: [Special Characters] A B C D E F G H I J K L M N O P Q R S T U V W X Y Z |
R
rcp command (Sec. 3.1.1)
rc[023] files (Sec. 14.2.7)
read permission (Sec. 5.1)
read-only file systems (Sec. 15.5)
recovering
audit data (Sec. 10.10)
recovering ACLs (Sec. 11.4)
reducing audit data (Sec. 10.4.3)
reducing audit data (Sec. 10.9)
relative pathname (Sec. 16.4)
remote auditing (Sec. 10.7)
remote commands (Sec. 3.1.1)
remote file transfer
with UUCP utility (Sec. 3.3)
remote login
suggestions for tip and cu commands (Sec. 3.3.2)
using dlogin command (Sec. 3.4)
using rlogin command (Sec. 3.1.1)
using tip and cu commands (Sec. 3.3.2)
remote systems
in .rhosts file (Sec. 3.1.3)
in /etc/hosts.equiv file (Sec. 3.1.2)
reports
audit reports (Sec. 10.4.3)
audit reports (Sec. 10.9)
required files (Sec. 14.2)
responding to audit reports (Sec. 10.12)
responsibilities
ISSO (Sec. 6.5.1.1)
operator (Sec. 6.5.1.3)
system administrator (Sec. 6.5.1.2)
user (Sec. 1.3)
retiring user accounts (Sec. 9.2.3)
.rhosts file
interaction with /etc/hosts.equiv file (Sec. 3.1.3)
security concerns (Sec. 3.1.3)
rlogin command (Sec. 3.1.1)
role responsibilities (Sec. 6.0)
ISSO (Sec. 6.5.1.1)
operator (Sec. 6.5.1.3)
system administration (Sec. 6.5.1)
system administrator (Sec. 6.5.1.2)
root authentication profile (Sec. 14.2.1)
root user (Sec. 2.3)
rsh command (Sec. 3.1.1)
|
Click letter for quick access: [Special Characters] A B C D E F G H I J K L M N O P Q R S T U V W X Y Z |
S
/sbin/rc[023] files (Sec. 14.2.7)
screen lock in CDE sessions (Sec. 4.5)
secauthmigrate script (Sec. C.2)
secconfig command (Sec. 7.4)
secure attention key (SAK) (Sec. C.1.7)
secure devices (Sec. 8.1)
secure keyboard (Sec. 4.4)
Secure Keyboard menu item (Sec. 16.7.1)
security
authentication programming concerns (Sec. 18.0)
security breach
possible program responses to (Sec. 16.2)
Security Integration Architecture
See SIA
Security Integration Architecture (SIA) (Sec. 13.0)
Security Integration Architecture (SIA) (Sec. 20.0)
security policy (Sec. 6.2)
security policy (Sec. F.2)
security requirements (Sec. 8.1)
security sensitive commands (Sec. 20.1)
segment sharing (Sec. 7.2)
segments (Sec. 16.3)
selecting audit events (Sec. 10.4.2)
semaphores (Sec. 16.3)
set group ID on execution
See SGID
set user ID on execution
See SUID
setluid system call (Sec. 18.1)
setting
file permissions (Sec. 5.1)
setting up a trusted system (Sec. 7.0)
setting up enhanced security (Sec. 7.5)
set_auth_parameters() library routine (Sec. 18.2)
SGID
set group ID on execution (Sec. 2.6.4)
set group ID programs (Sec. 16.1)
shadowed passwords
See enhanced passwords
shared libraries (Sec. 7.2)
shell
defining variables (Sec. 16.4)
path variable syntax (Sec. 16.4)
rsh command invokes remote (Sec. 3.1.1)
shell process (Sec. 2.3)
shell script (Sec. 15.4)
security consideration (Sec. 16.8)
shell variable
specific shell variables (Sec. 16.4)
SIA
accessing secure information (Sec. 20.14)
administering (Sec. 13.0)
audit logging (Sec. 20.10)
callbacks (Sec. 20.7)
changing a user shell (Sec. 20.13.3)
changing finger information (Sec. 20.13.2)
changing secure information (Sec. 20.13)
coding example (Sec. D.0)
debugging (Sec. 20.10)
deleting layered security product (Sec. 13.6)
group info, accessing (Sec. 20.14.2)
header files (Sec. 20.5)
initialization (Sec. 20.3)
installing layered security product (Sec. 13.4)
installing layered security product (Sec. 13.5)
integrating mechanisms (Sec. 20.11)
interface routines (Sec. 20.1)
layering (Sec. 20.2)
login process (Sec. 20.12.6.1)
logs (Sec. 20.10)
maintaining state (Sec. 20.8)
matrix.conf file (Sec. 13.3)
matrix.conf file (Sec. 20.16)
mechanism-dependent interface (Sec. 20.17)
packaging layered products (Sec. 20.16)
parameter collection (Sec. 20.15)
parameter collection (Sec. 20.7)
password, accessing (Sec. 20.14.1)
passwords, changing (Sec. 20.13.1)
programming (Sec. 20.0)
return values (Sec. 20.12)
return values (Sec. 20.9)
rlogind process (Sec. 20.12.6.3)
rshd process (Sec. 20.12.6.2)
security sensitive commands (Sec. 20.1)
session authentication (Sec. 20.12.2)
session establishment (Sec. 20.12.3)
session initialization (Sec. 20.12.1)
session launch (Sec. 20.12.4)
session processing (Sec. 20.12)
session release (Sec. 20.12.5)
SIAENTITY structure (Sec. 20.6)
siainit command (Sec. 20.3)
sialog file (Sec. 20.10)
vouching (Sec. 20.11)
signal
secure response to (Sec. 16.5)
signal routine (Sec. 16.5)
SIGQUIT signal
security consideration (Sec. 16.5)
SIGTRAP signal
security consideration (Sec. 16.5)
single-user mode (Sec. 14.2.1)
site-defined audit events (Sec. 10.5.2)
site-defined audit events (Sec. 19.8)
site_events file (Sec. 19.8)
standalone system
ACLs (Sec. 11.5)
starting the audit subsystem (Sec. 10.2)
starting the audit subsystem (Sec. 10.3)
startup script (Sec. 18.1)
state-dependent audit events (Sec. 10.5.3)
sticky bit (Sec. 15.5)
setting (Sec. 2.6.3)
using to secure temporary files (Sec. 16.3)
UUCP directory (Sec. 3.3.1)
sticky directory (Sec. 2.6.3)
strong symbols (Sec. E.2)
su command (Sec. 2.3)
subset installation (Sec. 7.1)
SUID
set user ID on execution (Sec. 2.6.4)
set user ID programs (Sec. 16.1)
superuser authority (Sec. 5.1)
supplementary groups (Sec. 2.1.1)
symbol preemption (Sec. E.1)
system administrator
See also role responsibilities
remote file transfer concerns (Sec. 3.1.4)
tasks (Sec. 7.6)
system audit mask (Sec. 10.6.1.1)
system call
common return value (Sec. 16.2)
security consideration for a failed call (Sec. 16.2)
system console (Sec. 14.2.2)
system console (Sec. 14.2.8)
system defaults database
description (Sec. 17.5)
description (Sec. 6.5.2.2)
undefined fields (Sec. 17.2)
updating (Sec. 8.2)
system startup (Sec. 14.0)
|
Click letter for quick access: [Special Characters] A B C D E F G H I J K L M N O P Q R S T U V W X Y Z |
T
TCB (Sec. 15.4)
TCB (Sec. 6.2)
defining a trusted system (Sec. 6.2)
executable file (Sec. 15.4)
hardware privilege (Sec. 6.2)
indirect programs (Sec. 15.4)
kernel (Sec. 6.2)
security configuration (Sec. 15.1)
trusted program (Sec. 15.4)
trusted system directories (Sec. 15.2)
/tcb/files/auth/r/root file (Sec. 14.2.1)
TCP/IP protocol (Sec. 3.0)
templates for user accounts (Sec. 9.1.1.3)
temporary files (Sec. 16.3)
temporary files (Sec. 17.4)
terminal authorization list (Sec. 2.1.2)
terminal breakin configuration (Sec. 7.5.4.5)
terminal character-mode (Sec. 2.0)
terminal control database (Sec. 12.1)
terminal control database (Sec. 17.2.1)
terminal control database (Sec. 17.7)
terminal control database (Sec. 6.5.2.3)
terminal control database (Sec. 8.2)
terminal devices, assigning (Sec. 7.7.3)
terminal devices, assigning (Sec. 8.1)
terminal file descriptors
invalidating (Sec. 2.6.2)
terminal logging (Sec. G.5.2)
terminal session
security suggestions (Sec. 3.3.2)
tftp command (Sec. 3.1.5)
description of (Sec. 3.1.5)
TFTP protocol (Sec. 3.0)
time delay (Sec. 17.7)
tip command (Sec. 3.3.2)
tmp file
security consideration (Sec. 16.4)
token
audit fixed-length (Sec. 19.3.1)
audit iovec-type (Sec. 19.3.1)
audit pointer-type (Sec. 19.3.1)
audit private (Sec. 19.3.2)
audit public (Sec. 19.3.1)
tools for auditing (Sec. 10.1.2)
tracing system calls (Sec. 10.13)
traditional file protection mechanism
group (Sec. 5.5)
owner (Sec. 5.5)
permission bits (Sec. 5.5)
traditional logging (Sec. 10.14)
traditional security (Sec. 1.1)
trojan horse program (Sec. 3.3.2)
troubleshooting (Sec. 14.0)
trusted computing base
See also TCB
trusted computing base (Sec. 6.0)
trusted events (Sec. 10.5.1)
trusted path (Sec. C.1.6)
trusted program (Sec. 15.4)
trusted programming techniques (Sec. 16.0)
trusted Tru64 UNIX
tty* file (Sec. 14.2.9)
tuple
common to audit logs (Sec. 19.10.1)
detailed description (Sec. 19.10.3)
parsing audit (Sec. 19.10.4)
|
Click letter for quick access: [Special Characters] A B C D E F G H I J K L M N O P Q R S T U V W X Y Z |
U
ULTRIX audit compatibility (Sec. C.3)
ULTRIX authentication files (Sec. C.2)
ULTRIX authentication files (Sec. C.2)
ULTRIX interoperability issues (Sec. C.3)
ULTRIX migration issues (Sec. C.0)
umask
ACL (Sec. 21.4.1)
umask system call
using to secure temporary files (Sec. 16.3)
undefined field (Sec. 17.2)
UNIX-to-UNIX Copy Program
See UUCP
unlink system call
protecting file access (Sec. 16.3)
update installation (Sec. 7.1.2)
user audit mask (Sec. 10.6.1.1)
setting (Sec. 10.6.1.1)
user ID (Sec. 2.1.1)
effective (EUID) (Sec. 2.1.1)
real (RUID) (Sec. 2.1.1)
user input
security consideration (Sec. 16.7.1)
users, introduction (Sec. 1.0)
/usr/spool/uucppublic (Sec. 3.3.1)
/usr/tmp file
tmp file (Sec. 16.4)
uucp command (Sec. 3.3.1)
UUCP utility (Sec. 3.3)
uux command (Sec. 3.3.3)
|
Click letter for quick access: [Special Characters] A B C D E F G H I J K L M N O P Q R S T U V W X Y Z |
V
vouching (Sec. 20.11)
vouching configuration (Sec. 7.5.4.11)
|
Click letter for quick access: [Special Characters] A B C D E F G H I J K L M N O P Q R S T U V W X Y Z |
W
weak symbols (Sec. E.2)
windowing environment (Sec. 4.0)
working storage
ACL (Sec. 21.2.1)
workstation
See also CDE
physical security (Sec. 4.6)
protecting removable media (Sec. 4.6)
workstation environment (Sec. 4.0)
workstation physical security (Sec. 4.6)
write permission (Sec. 5.1)
writing database entries (Sec. 17.2.2.5)
|
Click letter for quick access: [Special Characters] A B C D E F G H I J K L M N O P Q R S T U V W X Y Z |
X
X displays (Sec. 8.2)
X environment
use of in a secure environment (Sec. 16.7.1)
writing secure programs in (Sec. 16.7)
X window
See also X environment
XGrabKeyboard() routine (Sec. 16.7.1)
XReparentWindow() routine
using in a secure environment (Sec. 16.7.3)
XSendEvent() routine (Sec. 16.7.2)