Index

Click letter for quick access:
[Special Characters] A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Special Characters

.netrc

.rhosts file
        interaction with /etc/hosts.equiv file
        security concerns
        suggested permissions on

.Xdefaults file
        block input with allowSendEvents

/dev/console file

/dev/pts/* file

/dev/tty* file

/etc/auth/system/default file

/etc/auth/system/devassign file

/etc/auth/system/gr_id_map file

/etc/auth/system/pw_id_map file

/etc/auth/system/ttys file

/etc/auth/system/ttys.db file

/etc/group file

/etc/hosts.equiv file
        interaction with .rhosts file
        security concerns

/etc/passwd file
/etc/passwd file
/etc/passwd file
/etc/passwd file

/etc/sec/auditd_clients file
/etc/sec/auditd_clients file

/etc/sec/audit_events file for

/etc/sec/audit_events file

/etc/sec/event_aliases file

/etc/sec/site_events file

/etc/X*.hosts

/sbin/rc[023] files

/tcb/files/auth directory

/tcb/files/auth/r/root file

/usr/spool/uucppublic

/usr/tmp file
        tmp file

Click letter for quick access:
[Special Characters] A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

A

absolute pathname

access control list (ACL)

access control list
        See ACL

accessing the databases

account lock

account management

account template, modifying

accountability
accountability

accounting tools

accounting

accounts
        adding
        anonymous ftp
        creating
        creating
        disabled
        locked
        maintaining
        modifying
        new
        passwords
        retiring

ACL
ACL
ACL
        administering
        administration
        base entry
        configuring
        data package structure
        data package
        decision process
        default
        default
        description
        disabling
        discretionary access control (DAC)
        emacs editor
        enabling
        entry rules
        execute access definition
        exported data
        external representation
        format
        getacl command
        getacl command
        header for data package structure
        imported data
        inheritance
        inheritance
        initialization
        installation
        installing
        kernel status
        library routines
        ls command
        maintaining
        object creation rule
        object creation
        overview
        overview
        owner access definition
        permission bits
        propagation
        protecting objects
        recovery
        replication rule
        search access definition
        setacl command
        setacl command
        setting example
        setting
        standalone system
        status
        storage
        umask
        using
        verifying status
        viewing
        working storage data structure
        working storage
        write access definition

administrative roles
        See role responsibilities

aliases for auditable events
aliases for auditable events

allowSendEvents resource
allowSendEvents resource

anonymous ftp account

ANSI C
        symbol preemption

antecedent directories

API

applications
        adding to the file control database
        audit records
        disabling auditing in
        generating audit records in
        modifying process audit attributes of

assigning terminal devices
assigning terminal devices

attributes, file
        See file attributes

audcntl routine

audgen command
        described
        using to create log entries

audgen system call

AUDGEN8 trusted event

audit daemon
audit daemon

audit events
        default events
        dependencies
        state-dependent

audit features

audit hub

audit ID (AUID)
audit ID (AUID)
audit ID (AUID)

audit log
        default
        failure
        overflow
        remote

audit mask
audit mask

audit subsystem
        /etc/sec/auditd_clients file
        accounting tools
        activating
        active processes
        administration tools
        anonymous ftp
        application records
        audit hub
        auditing remotely
        audit_setup script
        audit_tool command
        choosing events
        configuring
        continuous reporting of
        creating log entries for
        data recovery
        default auditable events
        default event aliases
        default event auditing
        dependencies among audit events
        deselection files
        deselection files
        deselection
        disabling
        dxaudit
        enabling
        events to audit
        example report
        fallback location
        files used for
        filtering data
        fixed-length tokens
        generating reports
        implementation notes
        log file location
        log files
        log overflow
        logging tools
        negative process IDs
        new log
        object selection/deselection
        overview
        pointer-type tokens
        preselection
        processing audit information
        reading audit reports
        reducing audit information
        report location
        reports by AUID
        reports by dxaudit
        reports by events
        reports by process IDs
        reports by time range
        reports by trusted events
        reports
        reports, abbreviated
        selecting audit records
        selecting events
        selection files
        selection
        setting up
        setup
        site event mask
        site-defined events
        status display
        suggested audit events
        system audit mask
        tokens
        tracing system calls
        trusted application audit data
        trusted application responsibility
        trusted events
        turning off
        ULTRIX compatibility
        user audit mask
        using audgen
        using audit_tool interactively

audit trail

auditable events

auditd command

auditd_clients file

auditi subsystem
        reports by process IDs

auditmask

audit_daemon_exit trusted event

audit_log_change trusted event

audit_log_create trusted event

audit_log_overwrite trusted event

audit_reboot trusted event

audit_setup trusted event
audit_setup trusted event

audit_start trusted event

audit_stop trusted event

audit_tool command
audit_tool command

audit_tool.ultrix command
audit_tool.ultrix command

audit_xmit_fail trusted event

AUID
        See audit ID

authaudit routines

authck command

authck program

authentication configuration
        encryption
        log in records
        maximum log in attempts
        password aging
        password change time
        password-changing controls
        profile migration
        terminal break-in
        time between log in attempts
        time between log ins
        vouching

authentication database
authentication database
authentication database
authentication database
        conversion

authentication files

authentication profile
authentication profile
authentication profile
authentication profile
authentication profile
authentication profile
authentication profile

authentication program

authentication subsystem

authentication
authentication

authorization list
        See terminal authorization list

auth_event

Click letter for quick access:
[Special Characters] A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

B

background job

backup procedures
backup procedures

base entry ACL

binary compatibility

binary databases

boot loading software

buffer management

Click letter for quick access:
[Special Characters] A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

C

C2 features
        audit
        login control
        password control

centralized account management

changing a password

character-mode terminal

child process
        inherited file access
        signal mask and

chmod command
        octal example of

chown system call
        SUID or SGID permissions

close-on-exec flag

compatibility with ULTRIX auditing

configuration
        encryption
        log in records
        maximum log in attempts
        password aging
        password change time
        password-changing controls
        profile migration
        terminal break-in
        time between log in attempts
        time between log ins
        vouching

configuring enhanced security

configuring
        ACLs
        audit
        extended passwords
        security features

console file

console messages

convauth command

core files

create_file_securely() library routine

creating accounts
creating accounts

creating groups
creating groups

crypt() support

cu command
        example of

Click letter for quick access:
[Special Characters] A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

D

DAC
        inheritance attribute
        overview
        protecting the TCB

daemon programs

data files

data loss

data package ACL representation example

data package
        ACL

data structure
        opaque

data
        storing in a secure location

database update

databases
        entries

databases fields

databases
        accessing
        file control
        file control
        groups
        protected password
        system defaults
        terminal control
        update

dcp command

DECnet protocol
        dcp command
        dlogin command
        dls command
        generic guest accounts

DECterm window
        See also DECwindows environment
        if application not using
        protecting

DECwindows ACLs
DECwindows ACLs
        contention between system and local
        saving changes to
        system list in /etc/X*.hosts

DECwindows environment
        use of in a secure environment
        writing secure programs in

DECwindows secure keyboard
        example of

DECwindows session
        pausing current

DECwindows
        authorizing host access
        blocking keyboard and mouse information
        controlling application access to
        secure keyboard

default ACL

default event auditing

defaults database

defaults for devices

deleting layered security products

denial of service

dependencies among audit events

deselection files
deselection files

device assignment database
device assignment database
device assignment database
device assignment database

device
        assignment
        assignment
        assignment
        defaults
        installation

disabled accounts

discretionary access control
        See DAC

discretionary check

display access

dlogin command

dls command

dxaccounts program
dxaccounts program

dxaudit program
dxaudit program

dxdevices program

Click letter for quick access:
[Special Characters] A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

E

EACCES errno value

effective group ID

effective user ID

EGID
        See effective group ID

emacs editor

encrypted password
encrypted password

encryption configuration

enhanced passwords

entry points

EPERM errno value

EROFS errno value

errno variable

EUID
        See effective user ID

evasion time configuration

event aliases
event aliases

events to audit
events to audit

execute access
        ACL definition

execve system call

exported data
        ACLs

extended passwords

extended profile configuration

external representation
        ACL

Click letter for quick access:
[Special Characters] A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

F

fcntl system call
        close-on-exec flag

file attributes

file control database
        description
        description
        location
        reading and writing

file descriptors

file permissions
        remote sessions
        restrict access to .Xdefaults file

file protection mechanism

file summary

file systems

file
        deselection files
        deselection for audit
        protecting with ACLs
        protecting
        required
        selection for audit

filtering audit data

fixed-length audit tokens

fork system call
fork system call

ftp command
        description of
        security risks of anonymous ftp
        use of .netrc file with

FTP protocol

fverfy command

Click letter for quick access:
[Special Characters] A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

G

getacl command

getluid system call

getty command

GID
        See group ID

group database

group ID
        effective (EGID)
        map file
        real (RGID)

groups
        creating
        creating
        database file
        supplementary

gr_id_map file
gr_id_map file

Click letter for quick access:
[Special Characters] A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

H

hardware privilege

header files

Click letter for quick access:
[Special Characters] A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

I

I and A
I and A
I and A

identification and authentication
        See I and A

imported data
        ACLs

Information Systems Security Officer
        ISSO

inheritance
        ACL

installation

installed subsets

installing enhanced security

installing layered security products

integrating security mechanisms

integrity features

integrity
integrity
integrity
integrity
integrity

interoperating with ULTRIX auditing

interprocess communication
        security consideration

invalid maps

ISSO
        tasks

Click letter for quick access:
[Special Characters] A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

K

keyboard
        securing in DECwindows environment
        securing

Click letter for quick access:
[Special Characters] A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

L

LAT protocol
        description of
        LAT groups

libaud library

libraries
        as part of the TCB
        security relevent

library routines

libsecurity library
libsecurity library

Local Area Transport
        See LAT protocol

local host, workstation as

lock file

locked accounts

log files
        audit
        audit
        creating entries in

log in records configuration

log in
        maximum tries configuration

logging in
        to remote systems with rlogin

logging tools

login command

login timouts

login tips

LOGIN trusted event

login user ID

login
        enhancements
        invalidating terminal file descriptors
        problems
        setting password during
        shell
        user ID (AUID)

logout tips

Click letter for quick access:
[Special Characters] A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

M

maintaining accounts

mapping database

mask
        system audit mask
        user audit mask

matrix.conf file
matrix.conf file

mechanism-dependent interface

migration issues
        audcntl routine
        audgen system call
        authaudit routines
        BIND/Hesiod authentication files
        MLS+
        NIS
        password databases
        secauthmigrate script
        secure attention key (SAK)
        trusted path
        ULTRIX authentication files
        ULTRIX

modem
        with tip and cu commands
        with UUCP utility

modifying database entries

modifying the account template

modifying user accounts

mouse
        securing

Click letter for quick access:
[Special Characters] A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

N

naming routines

need-to-know access

network protocols

network security concerns
        .rhosts file
        /etc/hosts.equiv file
        anonymous ftp
        DECnet generic guest accounts
        file permissions
        tip and cu commands
        UUCP commands
        workstation display access

network
        audit hub
        auditing across a network

new routines

NIS
        account management
        automated procedures
        backing out
        client setup
        databases
        large databases
        master server setup
        migration
        overrides
        overrides
        password database
        slave server setup
        user account database

null password

Click letter for quick access:
[Special Characters] A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

O

object code

object creation
        ACL
        ACL

obsolete interfaces

obsolete structures

opaque data structure
        ACL

open file descriptor

operational features

operator responsibilities

owner access
        ACL definition

Click letter for quick access:
[Special Characters] A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

P

passwd file

password databases

password parameters

password protection
        DECwindows secure keyboard mode

password
        aging configuration
        aging
        change time configuration
        choosing
        coding example
        configuration
        controls configuration
        database
        enhancements
        expiration of
        expiration time
        expiration
        extended
        ID map file
        maximum tries configuration
        new accounts
        protected database
        random character
        random letter
        random pronounceable
        setting and changing
        system-generated
        threats
        tips

PATH variable
        defining
        null entry in
        secure shell scripts

pathname
        absolute
        relative

permanent file

permission bits
        ACL

physical device

physical security
        in DECwindows environment

pointer-type audit tokens

private audit tokens

private tokens

process priority

profile migration configuration

protected password database
protected password database
protected password database
protected password database
protected password database
protected password database

protected subsystem pseudogroup

protected subsystems

protecting removable media

prpasswd file

pseudo tty

pts/* file

public audit tokens

public tokens

pw_id_map file
pw_id_map file

Click letter for quick access:
[Special Characters] A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

R

rcp command

rc[023] files

read access
        ACL definition
        ACL definition

read-only file systems

recovering ACLs

relative pathname

remote audit log

remote auditing

remote file transfer
        with UUCP utility

remote login
        suggestions for tip and cu commands
        using dlogin command
        using rlogin command
        using tip and cu commands

remote systems
        in .rhosts file
        in /etc/hosts.equiv file

replication of ACLs

reports
        See audit subsystem
        audit

required files

responsibilities
        ISSO
        operator
        system administrator
        user

retired account

retiring user accounts

rlogin command

role programs

role responsibilities
        ISSO
        operator
        system administration
        system administrator

root authentication profile

root user

rsh command

Click letter for quick access:
[Special Characters] A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

S

search access
        ACL definition

secauthmigrate script

secsetup command

secure attention key (SAK)

Secure Keyboard menu item

secure keyboard

security administrator
        DECwindows ACLs

security breach
        possible program responses to

Security Integration Architecture (SIA)
Security Integration Architecture (SIA)

Security Integration Architecture
        See SIA

security policy

security requirements

security sensitive commands

segment sharing

segments

selection files

semaphores

session priority

set group ID on execution
        See SGID

set user ID on execution
        See SUID

setacl command

setluid system call

setting up enhanced security

set_auth_parameters() library routine

SGID
        set group ID on execution
        set group ID programs

shadowed passwords
shadowed passwords
shadowed passwords

shared libraries,

shell process

shell script
        security consideration

shell variable
        specific shell variables

shell
        defining variables
        path variable syntax
        rsh command invokes remote

SIA
        accessing secure information
        administering
        audit logging
        callbacks
        changing a user shell
        changing finger information
        changing secure information
        coding example
        debugging
        deleting layered security product
        group info, accessing
        header files
        initialization
        installing layered security product
        installing layered security product
        integrating mechanisms
        interface routines
        layering
        login process
        logs
        maintaining state
        matrix.conf file
        matrix.conf file
        mechanism-dependent interface
        packaging layered products
        parameter collection
        parameter collection
        password, accessing
        passwords, changing
        programming
        return values
        return values
        rlogind process
        rshd process
        security sensitive commands
        session authentication
        session establishment
        session initialization
        session launch
        session processing
        session release
        SIAENTITY structure
        siainit command
        sialog file
        vouching

signal routine

signal
        secure response to

SIGQUIT signal
        security consideration

SIGTRAP signal
        security consideration

single-user mode

site event mask

site-defined audit events

site_events file

standalone system
        ACLs

startup script

state-dependent audit events

sticky bit
        setting
        using to secure temporary files
        UUCP directory

sticky directory

strong symbols

su command
        set secure keyboard

subset installation

subsets, security

SUID
        set user ID on execution
        set user ID programs

supplementary groups

symbol preemption

symbolic link
        ACL

system administrator
        remote file transfer concerns
        See also role responsibilities
        tasks

system audit mask

system call
        common return value
        security consideration for a failed call

system console
system console

system defaults database
        description
        description
        undefined fields
        updating

system startup

Click letter for quick access:
[Special Characters] A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

T

TCB
TCB
        defining a trusted system
        executable file
        hardware privilege
        indirect programs
        kernel
        security configuration
        trusted program
        trusted system directories

TCP/IP protocol

temporary files
temporary files

terminal authorization list

terminal break-in configuration

terminal character-mode

terminal control database
terminal control database
terminal control database
terminal control database
terminal control database

terminal devices, assigning
terminal devices, assigning

terminal file descriptors
        invalidating

terminal session
        security suggestions

tftp command
        description of

TFTP protocol

time delay

tip command

tmp file
        security consideration

tokens

tools for auditing

tracing system calls

traditional file protection mechanism
        group
        owner
        permission bits

traditional logging,log files

traditional security

trojan horse program

troubleshooting

trusted computing base
        See TCB

trusted event
        AUDGEN8
        LOGIN

trusted path

trusted program auditing

trusted program

tty* file

Click letter for quick access:
[Special Characters] A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

U

ULTRIX audit compatibility

ULTRIX authentication files
ULTRIX authentication files

ULTRIX interoperability issues

ULTRIX migration issues

umask system call
        using to secure temporary files

umask
        ACL

undefined field

UNIX-to-UNIX Copy Program
        See UUCP

unlink system call
        protecting file access

update installation

user audit mask

user ID
        effective (EUID)
        real (RUID)

user input
        security consideration

uucp command

UUCP utility

uux command

Click letter for quick access:
[Special Characters] A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

V

vouching configuration

vouching

Click letter for quick access:
[Special Characters] A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

W

weak symbols

windowing environment

working storage
        ACL

workstation environment

workstation
        See also DECwindows
        physical security
        protecting removable media

write access
        ACL definition

writing database entries

Click letter for quick access:
[Special Characters] A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

X

X displays

xauth program

XGrabKeyboard() routine

XIsso program
XIsso program

XReparentWindow() routine
        using in a secure environment

XSendEvent() routine

XSysAdmin program