![[Contents]](TOC.GIF)
![[Help]](HELP.GIF)
Click letter for quick access:
.rhosts file
.Xdefaults file
/etc/auth/system/devassign file
/etc/auth/system/gr_id_map file
/etc/auth/system/pw_id_map file
/etc/hosts.equiv file
/etc/passwd file
/etc/sec/auditd_clients file
/etc/sec/audit_events file for
/usr/tmp file
Click letter for quick access:
access control list
accounts
ACL
administrative roles
aliases for auditable events
allowSendEvents resource
ANSI C
applications
assigning terminal devices
attributes, file
audgen command
audit events
audit ID (AUID)
audit log
audit subsystem
auditi subsystem
audit_daemon_exit trusted event
audit_log_change trusted event
audit_log_create trusted event
audit_log_overwrite trusted event
audit_setup trusted event
audit_tool command
audit_tool.ultrix command
AUID
authentication configuration
authentication database
authentication profile
authorization list
auth_event
Click letter for quick access:
backup procedures
buffer management
Click letter for quick access:
C2 features
centralized account management
child process
chmod command
chown system call
compatibility with ULTRIX auditing
configuration
configuring
create_file_securely() library routine
creating accounts
creating groups
cu command
Click letter for quick access:
DAC
data package ACL representation example
data package
data structure
data
databases
databases
DECnet protocol
DECterm window
DECwindows ACLs
DECwindows environment
DECwindows secure keyboard
DECwindows session
DECwindows
deleting layered security products
dependencies among audit events
deselection files
device assignment database
device
discretionary access control
dxaccounts program
dxaudit program
dxdevices program
Click letter for quick access:
EGID
encrypted password
EUID
events to audit
execute access
exported data
extended profile configuration
external representation
Click letter for quick access:
fcntl system call
file control database
file permissions
file
fork system call
ftp command
fverfy command
Click letter for quick access:
GID
group ID
groups
gr_id_map file
Click letter for quick access:
header files
Click letter for quick access:
identification and authentication
imported data
Information Systems Security Officer
inheritance
installing layered security products
integrating security mechanisms
integrity
interoperating with ULTRIX auditing
interprocess communication
ISSO
Click letter for quick access:
keyboard
Click letter for quick access:
LAT protocol
libraries
libsecurity library
Local Area Transport
log files
log in
logging in
login
logout tips
Click letter for quick access:
mask
matrix.conf file
migration issues
modem
modifying the account template
mouse
Click letter for quick access:
network security concerns
network
NIS
null password
Click letter for quick access:
opaque data structure
owner access
Click letter for quick access:
password protection
password
PATH variable
permission bits
physical security
profile migration configuration
protected password database
protected subsystem pseudogroup
pw_id_map file
Click letter for quick access:
read access
remote file transfer
remote login
remote systems
reports
responsibilities
role responsibilities
rsh command
Click letter for quick access:
search access
security administrator
security breach
Security Integration Architecture (SIA)
Security Integration Architecture
set group ID on execution
set user ID on execution
set_auth_parameters() library routine
SGID
shadowed passwords
shell script
shell variable
shell
SIA
signal
SIGQUIT signal
SIGTRAP signal
standalone system
sticky bit
su command
SUID
symbolic link
system administrator
system call
system defaults database
system startup
Click letter for quick access:
TCB
temporary files
terminal break-in configuration
terminal control database
terminal devices, assigning
terminal file descriptors
terminal session
tftp command
tmp file
traditional file protection mechanism
trusted computing base
tty* file
Click letter for quick access:
ULTRIX authentication files
ULTRIX interoperability issues
umask system call
umask
UNIX-to-UNIX Copy Program
unlink system call
user ID
user input
uux command
Click letter for quick access:
vouching
Click letter for quick access:
working storage
workstation
write access
writing database entries
Click letter for quick access:
XReparentWindow() routineIndex
[Special Characters]
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
ZSpecial Characters
interaction with /etc/hosts.equiv file
security concerns
suggested permissions on
block input with allowSendEvents
interaction with .rhosts file
security concerns
/etc/passwd file
/etc/passwd file
/etc/passwd file
/etc/sec/auditd_clients file
tmp file
[Special Characters]
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
ZA
See ACL
adding
anonymous ftp
creating
creating
disabled
locked
maintaining
modifying
new
passwords
retiring
ACL
ACL
administering
administration
base entry
configuring
data package structure
data package
decision process
default
default
description
disabling
discretionary access control (DAC)
emacs editor
enabling
entry rules
execute access definition
exported data
external representation
format
getacl command
getacl command
header for data package structure
imported data
inheritance
inheritance
initialization
installation
installing
kernel status
library routines
ls command
maintaining
object creation rule
object creation
overview
overview
owner access definition
permission bits
propagation
protecting objects
recovery
replication rule
search access definition
setacl command
setacl command
setting example
setting
standalone system
status
storage
umask
using
verifying status
viewing
working storage data structure
working storage
write access definition
See role responsibilities
aliases for auditable events
allowSendEvents resource
symbol preemption
adding to the file control database
audit records
disabling auditing in
generating audit records in
modifying process audit attributes of
assigning terminal devices
See file attributes
described
using to create log entries
default events
dependencies
state-dependent
audit ID (AUID)
audit ID (AUID)
default
failure
overflow
remote
/etc/sec/auditd_clients file
accounting tools
activating
active processes
administration tools
anonymous ftp
application records
audit hub
auditing remotely
audit_setup script
audit_tool command
choosing events
configuring
continuous reporting of
creating log entries for
data recovery
default auditable events
default event aliases
default event auditing
dependencies among audit events
deselection files
deselection files
deselection
disabling
dxaudit
enabling
events to audit
example report
fallback location
files used for
filtering data
fixed-length tokens
generating reports
implementation notes
log file location
log files
log overflow
logging tools
negative process IDs
new log
object selection/deselection
overview
pointer-type tokens
preselection
processing audit information
reading audit reports
reducing audit information
report location
reports by AUID
reports by dxaudit
reports by events
reports by process IDs
reports by time range
reports by trusted events
reports
reports, abbreviated
selecting audit records
selecting events
selection files
selection
setting up
setup
site event mask
site-defined events
status display
suggested audit events
system audit mask
tokens
tracing system calls
trusted application audit data
trusted application responsibility
trusted events
turning off
ULTRIX compatibility
user audit mask
using audgen
using audit_tool interactively
reports by process IDs
audit_setup trusted event
audit_tool command
audit_tool.ultrix command
See audit ID
encryption
log in records
maximum log in attempts
password aging
password change time
password-changing controls
profile migration
terminal break-in
time between log in attempts
time between log ins
vouching
authentication database
authentication database
authentication database
conversion
authentication profile
authentication profile
authentication profile
authentication profile
authentication profile
authentication profile
See terminal authorization list
[Special Characters]
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
ZB
backup procedures
[Special Characters]
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
ZC
audit
login control
password control
inherited file access
signal mask and
octal example of
SUID or SGID permissions
encryption
log in records
maximum log in attempts
password aging
password change time
password-changing controls
profile migration
terminal break-in
time between log in attempts
time between log ins
vouching
ACLs
audit
extended passwords
security features
creating accounts
creating groups
example of
[Special Characters]
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
ZD
inheritance attribute
overview
protecting the TCB
ACL
opaque
storing in a secure location
entries
accessing
file control
file control
groups
protected password
system defaults
terminal control
update
dcp command
dlogin command
dls command
generic guest accounts
See also DECwindows environment
if application not using
protecting
DECwindows ACLs
contention between system and local
saving changes to
system list in /etc/X*.hosts
use of in a secure environment
writing secure programs in
example of
pausing current
authorizing host access
blocking keyboard and mouse information
controlling application access to
secure keyboard
deselection files
device assignment database
device assignment database
device assignment database
assignment
assignment
assignment
defaults
installation
See DAC
dxaccounts program
dxaudit program
[Special Characters]
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
ZE
See effective group ID
encrypted password
See effective user ID
events to audit
ACL definition
ACLs
ACL
[Special Characters]
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
ZF
close-on-exec flag
description
description
location
reading and writing
remote sessions
restrict access to .Xdefaults file
deselection files
deselection for audit
protecting with ACLs
protecting
required
selection for audit
fork system call
description of
security risks of anonymous ftp
use of .netrc file with
[Special Characters]
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
ZG
See group ID
effective (EGID)
map file
real (RGID)
creating
creating
database file
supplementary
gr_id_map file
[Special Characters]
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
ZH
[Special Characters]
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
ZI
See I and A
ACLs
ISSO
ACL
integrity
integrity
integrity
integrity
security consideration
tasks
[Special Characters]
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
ZK
securing in DECwindows environment
securing
[Special Characters]
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
ZL
description of
LAT groups
as part of the TCB
security relevent
libsecurity library
See LAT protocol
audit
audit
creating entries in
maximum tries configuration
to remote systems with rlogin
enhancements
invalidating terminal file descriptors
problems
setting password during
shell
user ID (AUID)
[Special Characters]
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
ZM
system audit mask
user audit mask
matrix.conf file
audcntl routine
audgen system call
authaudit routines
BIND/Hesiod authentication files
MLS+
NIS
password databases
secauthmigrate script
secure attention key (SAK)
trusted path
ULTRIX authentication files
ULTRIX
with tip and cu commands
with UUCP utility
securing
[Special Characters]
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
ZN
.rhosts file
/etc/hosts.equiv file
anonymous ftp
DECnet generic guest accounts
file permissions
tip and cu commands
UUCP commands
workstation display access
audit hub
auditing across a network
account management
automated procedures
backing out
client setup
databases
large databases
master server setup
migration
overrides
overrides
password database
slave server setup
user account database
[Special Characters]
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
ZO
ACL
ACL definition
[Special Characters]
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
ZP
DECwindows secure keyboard mode
aging configuration
aging
change time configuration
choosing
coding example
configuration
controls configuration
database
enhancements
expiration of
expiration time
expiration
extended
ID map file
maximum tries configuration
new accounts
protected database
random character
random letter
random pronounceable
setting and changing
system-generated
threats
tips
defining
null entry in
secure shell scripts
ACL
in DECwindows environment
protected password database
protected password database
protected password database
protected password database
protected password database
pw_id_map file
[Special Characters]
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
ZR
ACL definition
ACL definition
with UUCP utility
suggestions for tip and cu commands
using dlogin command
using rlogin command
using tip and cu commands
in .rhosts file
in /etc/hosts.equiv file
See audit subsystem
audit
ISSO
operator
system administrator
user
ISSO
operator
system administration
system administrator
[Special Characters]
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
ZS
ACL definition
DECwindows ACLs
possible program responses to
Security Integration Architecture (SIA)
See SIA
See SGID
See SUID
set group ID on execution
set group ID programs
shadowed passwords
shadowed passwords
security consideration
specific shell variables
defining variables
path variable syntax
rsh command invokes remote
accessing secure information
administering
audit logging
callbacks
changing a user shell
changing finger information
changing secure information
coding example
debugging
deleting layered security product
group info, accessing
header files
initialization
installing layered security product
installing layered security product
integrating mechanisms
interface routines
layering
login process
logs
maintaining state
matrix.conf file
matrix.conf file
mechanism-dependent interface
packaging layered products
parameter collection
parameter collection
password, accessing
passwords, changing
programming
return values
return values
rlogind process
rshd process
security sensitive commands
session authentication
session establishment
session initialization
session launch
session processing
session release
SIAENTITY structure
siainit command
sialog file
vouching
secure response to
security consideration
security consideration
ACLs
setting
using to secure temporary files
UUCP directory
set secure keyboard
set user ID on execution
set user ID programs
ACL
remote file transfer concerns
See also role responsibilities
tasks
common return value
security consideration for a failed call
description
description
undefined fields
updating
[Special Characters]
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
ZT
TCB
defining a trusted system
executable file
hardware privilege
indirect programs
kernel
security configuration
trusted program
trusted system directories
temporary files
terminal control database
terminal control database
terminal control database
terminal control database
terminal devices, assigning
invalidating
security suggestions
description of
security consideration
group
owner
permission bits
See TCB
[Special Characters]
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
ZU
ULTRIX authentication files
using to secure temporary files
ACL
See UUCP
protecting file access
effective (EUID)
real (RUID)
security consideration
[Special Characters]
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
ZV
[Special Characters]
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
ZW
ACL
See also DECwindows
physical security
protecting removable media
ACL definition
[Special Characters]
A
B
C
D
E
F
G
H
I
J
K
L
M
N
O
P
Q
R
S
T
U
V
W
X
Y
ZX
using in a secure environment