Index Index for
Section 8
Index Alphabetical
listing for S
Index Bottom of
page		 

secconfig(8)


NAME

  secconfig, secsetup - Security features setup graphical interface (Enhanced
  Security)


SYNOPSIS

  /usr/sbin/sysman secconfig

  NOTE:	 The secsetup utility has been replaced by the secconfig graphical
  interface.


DESCRIPTION

  The secconfig utility is a graphical interface used to select the level of
  system security needed.  It can convert from Base to enhanced security
  mode, and configure base and enhanced security features.  If you are using
  secconfig to enable Enhanced security, you must first have loaded the
  enhanced security subsets.

  You can run secconfig while the system is in multiuser mode.	However, if
  you change the security level, the change is not completed until you reboot
  the system.

  For both base and enhanced security, the secconfig utility allows you to
  enable segment sharing, to enable access control lists (ACLs), and to
  restrict the setting of the execute bit to root only.

  For enhanced security, the secconfig utility additionally allows you to
  configure security support from simple shadow passwords all the way to a
  strict C2 level of security.	Shadow password support is an easy method for
  system administrators, who do not wish to use all of the extended security
  features, to move each user's password out of /etc/passwd and into the
  extended user profile database (auth.db.  You can use the Custom mode if
  you wish to select additional security features, such as breakin detection
  and evasion, automatic database trimming, and password controls.

  When converting from base to enhanced security, secconfig updates the
  system default database (/etc/auth/system/default) and uses the convuser
  utility to migrate user accounts.

  While it is possible to convert user accounts from enhanced back to base,
  the default encryption algorithms and supported password lengths differ
  between base and enhanced security, and thus user account conversions do
  not succeed without a password change.

  NOTE: Because of the page table sharing mechanism used for shared
  libraries, the normal file system permissions are not adequate to protect
  against unauthorized reading.	 The secconfig interface allows you to
  disable segment sharing.  The change in segment sharing takes effect at the
  next reboot.



FILES

  /etc/auth/system/default
  /etc/passwd
  /tcb/files/auth.db


RELATED INFORMATION

  acl(4), authcap(4), default(4), convuser(8),
  Security

Index Index for
Section 8
Index Alphabetical
listing for S
Index Top of
page