|
Click letter for quick access: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z |
A
abbreviated audit reports
absolute pathname
access control list
access control list
access control list
See ACL
access control list (ACL)
protecting files
accessing the databases
account lock
account management
account template, modifying
accountability
accountability
accounting tools
accounts
accounts
adding
anonymous ftp
creating
creating
disabled
locked
maintaining
modifying
new
passwords
retiring
ACL
ACL
administering
administration
at object creation
base entry
configuring
data package
data package entries
decision process
default
default
default
description
disabling
discretionary access control (DAC)
emacs editor
enabling
entry rules
example of setting for file
example: change_acl.c
external representation
format
getacl command
getacl command
inheritance
inheritance
inheritance
initialization
installation
installing
kernel status
ls command
maintaining
mask entry rule
message queue
object creation rule
overview
overview
permissions
propagation
protecting objects
recovery
replication rule
semaphore
setacl command
setacl command
setting
shared memory
standalone system
status
storage
symbolic link
umask
using
verifying status
viewing
working storage
working storage: example
acl_read()
acl_write()
administrating a trusted operating system
administrative roles
See role responsibilities
administrators, introduction
aliases for audit events
aliases for auditable events
allowdacaccess privilege
allowSendEvents resource
allowSendEvents resource
anonymous ftp account
ANSI C
symbol preemption
antecedent directories
application-specific auditing
applications
adding to the file control database
audit records
disabling auditing in
generating audit records in
modifying process audit attributes of
assigning terminal devices
assigning terminal devices
attributes, file
See file attributes
audcntl routine
audgen command
audgen system call
audgen8 trusted event
audit
accessing the graphic interface
accounting tools
active processes
administration tools
application-specific auditing
audgen command
audit control flag
audit hosts file
audit hub
Audit Manager
audit mask
control flag
auditable events
auditd command
auditd command
auditing remotely
auditmask command
auditmask command
audit_setup command
audit_setup command
audit_tool command
audit_tool command
audit_tool command
audit_tool command
audit_tool command
audit_tool.ultrix command
AUID (audit ID)
CDE interface
changing configuration
choosing events
commands
configuring
configuring
console messages
content of records
control flag
crash recovery
data recovery
data--managing growth of
dependencies among audit events
deselection files for audit reports
/etc/sec/auditd_clients file
events
preselection
site-defined events
state-dependent information
trusted events
events to audit
files
site_events file
filtering data
generating reports
generating reports
getting started
graphic interface
GUI
ID (AUID)
implementation notes
log files
log location
logging tools
login audit mask
setting
login process mask
LUID (login ID)
managing data
masks
messages
network audit hosts file
networked auditing
overflow handling
overview
preselection
preselection
process audit mask
processing audit information
processing audit information
quick start
reconfiguring
record content
reducing audit information
reducing audit information
report deselection files
reports
reports
reports, abbreviated
responding to audit reports
secondary>
secondary>
selecting audit events
selecting events
self-auditing commands
site-defined events
starting
suggested audit events
system audit mask
tools
tracing system calls
trusted events
turning off/on auditing
user audit mask
setting
user process mask
audit events
default events
audit features
audit ID (AUID)
audit ID (AUID)
audit ID (AUID)
Audit Manager graphic interface
audit mask
audit subsystem
anonymous ftp
application records
configuring
default auditable events
default event aliases
fixed-length tokens
pointer-type tokens
setting up
tokens
ULTRIX compatibility
See audit
audit trail
auditable events
auditable events
auditd command
auditd command
auditing for applications
auditmask command
auditmask command
audit_daemon_exit trusted event
audit_log_change trusted event
audit_log_create trusted event
audit_log_overwrite trusted event
audit_reboot trusted event
audit_setup command
secondary>
audit_setup trusted event
audit_start trusted event
audit_stop trusted event
audit_subsystem
event aliases
audit_suspend trusted event
audit_tool command
audit_tool command
audit_tool command
audit_tool.ultrix command
audit_xmit_fail trusted event
AUID (audit ID)
authaudit routines
authck command
authck program
authentication
authentication
authentication
programming concerns
authentication configuration
encryption
log in records
maximum log in attempts
password aging
password change time
password-changing controls
profile migration
terminal break-in
time between log in attempts
time between log ins
vouching
authentication database
authentication database
authentication database
authentication database
conversion
authentication files
authentication profile
authentication profile
authentication profile
authentication profile
authentication profile
authentication profile
authentication profile
authentication program
authentication subsystem
authorization list
See terminal authorization list
auth_event trusted event
|
Click letter for quick access: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z |
B
background job
backup procedures
backup procedures
base privileges
in authentication profile
binary compatibility
boot loading software
buffer management
|
Click letter for quick access: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z |
C
C2 features
audit
login control
password control
centralized account management
changing a password
character-mode terminal
child process
inherited file access
signal mask and
chmod command
octal example of
chmodsugid privilege
chown privilege
chown system call
SUID or SGID permissions
close-on-exec flag
cluster
overview
compatibility with ULTRIX auditing
configuration
encryption
log in records
maximum log in attempts
password aging
password change time
password-changing controls
profile migration
terminal break-in
time between log in attempts
time between log ins
vouching
configuring
ACLs
audit
audit
audit
extended passwords
security features
configuring enhanced security
connecting to other systems
console file
console messages
audit
content of audit records
control flag
audit control flag
convauth command
core files
crash recovery
audit data
create_file_securely() library routine
creating accounts
creating accounts
creating groups
creating groups
crypt() support
cu command
example of
|
Click letter for quick access: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z |
D
DAC
execute access definition
inheritance attribute
overview
owner access definition
protecting the TCB
read access definition
search access definition
write access definition
daemon programs
data
storing in a secure location
data files
data loss
database update
databases
accessing
entries
file control
file control
groups
protected password
system defaults
terminal control
update
databases fields
dcp command
DECnet protocol
DECnet protocol
dcp command
dlogin command
dls command
generic guest accounts
DECterm window
if application not using
protecting
See also DECwindows environment
DECwindows
authorizing host access
blocking keyboard and mouse information
controlling application access to
secure keyboard
security
DECwindows ACLs
DECwindows ACLs
contention between system and local
saving changes to
system list in /etc/X*.hosts
DECwindows environment
use of in a secure environment
writing secure programs in
DECwindows secure keyboard
example of
DECwindows session
pausing current
default ACL
default ACL
defaults database
defaults for devices
deleting layered security products
denial of service
dependencies among audit events
deselection files for audit reports
/dev/console file
/dev/pts/* file
/dev/tty* file
device
assignment
assignment
assignment
defaults
installation
device assignment database
device assignment database
device assignment database
device assignment database
devices
disabled accounts
discretionary access control
See DAC
discretionary access control (DAC)
discretionary check
display access
dlogin command
dls command
dxaccounts program
dxaccounts program
dxaccounts program
dxaudit program
dxaudit program
dxdevices program
dxdevices program
|
Click letter for quick access: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z |
E
EACCES errno value
effective group ID
effective user ID
EGID
See effective group ID
emacs editor
encrypted password
encrypted password
encryption configuration
enhanced passwords
enhanced security
entry points
EPERM errno value
EROFS errno value
errno variable
/etc/auth/system/default file
/etc/auth/system/devassign file
/etc/auth/system/ttys file
/etc/auth/system/ttys.db file
/etc/group file
/etc/hosts.equiv file
interaction with .rhosts file
security concerns
/etc/passwd file
/etc/passwd file
/etc/passwd file
/etc/passwd file
/etc/sec/auditd_clients file
/etc/sec/audit_events file
/etc/sec/audit_events file
/etc/sec/event_aliases
/etc/sec/event_aliases file
/etc/sec/site_events file
/etc/X*.hosts
EUID
See effective user ID
evasion time configuration
event aliases
events
aliases for audit events
managing audit events
site-defined audit events
suggested audit events
trusted audit events
events to audit
example
ACL creation
ACL data representation
ACL inheritance
ACL mask recomputation
ACL permission removal
ACL: change_acl.c
execve system call
extended passwords
extended profile configuration
external representation
ACL
|
Click letter for quick access: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z |
F
fcntl system call
close-on-exec flag
features
features
file
protecting
protecting with ACLs
required
file attributes
file control database
description
description
location
reading and writing
file descriptors
file permissions
remote sessions
restrict access to .Xdefaults file
file protection mechanism
file summary
file systems
filtering audit data
fixed-length audit tokens
fork system call
fork system call
ftp command
description of
security risks of anonymous ftp
use of .netrc file with
FTP protocol
fverfy command
|
Click letter for quick access: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z |
G
generating audit reports
generating audit reports
getacl command
getluid system call
getty command
GID
See group ID
graphic interface
for audit subsystem
group database
group ID
effective (EGID)
real (RGID)
groups
creating
creating
database file
supplementary
|
Click letter for quick access: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z |
H
hardware privilege
header files
|
Click letter for quick access: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z |
I
I and A
I and A
I and A
identification
identification and authentication
See I and A
Information Systems Security Officer
ISSO
installation
installing enhanced security
installing layered security products
integrating security mechanisms
integrity
integrity
integrity
integrity
integrity
integrity features
interoperating with ULTRIX auditing
interprocess communication
security consideration
introduction for administrators
introduction for users
ISSO
tasks
|
Click letter for quick access: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z |
K
kernel authorizations
in authentication profile
keyboard
securing
securing in DECwindows environment
keyboard input
|
Click letter for quick access: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z |
L
LAT protocol
description of
LAT groups
libaud library
libraries
as part of the TCB
security relevent
library routines
libsecurity library
Local Area Transport
See LAT protocol
Local Area Transport (LAT)
local host, workstation as
lock file
locked accounts
log files
log files
designating
log in
maximum tries configuration
log in records configuration
logging in
to remote systems with rlogin
logging tools
login
audit mask
audit mask, setting
enhancements
invalidating terminal file descriptors
login ID (LUID)
problems
setting password during
shell
trusted event
user ID (AUID)
login command
login timouts
login tips
login user ID
logout tips
logout trusted event
LUID (login ID)
|
Click letter for quick access: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z |
M
maintaining accounts
matrix.conf file
matrix.conf file
mechanism-dependent interface
migration issues
audcntl routine
audgen system call
authaudit routines
BIND/Hesiod authentication files
MLS+
NIS
password databases
secauthmigrate script
secure attention key (SAK)
trusted path
ULTRIX
ULTRIX authentication files
modem
with tip and cu commands
with UUCP utility
modifying database entries
modifying the account template
modifying user accounts
mouse
securing
|
Click letter for quick access: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z |
N
naming routines
need-to-know access
.netrc
network
audit hub
auditing across a network
network protocols
network security concerns
anonymous ftp
DECnet generic guest accounts
/etc/hosts.equiv file
file permissions
.rhosts file
tip and cu commands
UUCP commands
workstation display access
NIS
account management
automated procedures
backing out
client setup
databases
large databases
master server setup
migration
overrides
overrides
password database
slave server setup
user account database
null password
|
Click letter for quick access: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z |
O
object
ACL at creation
object code
open file descriptor
operational features
operator responsibilities
overflow handling
audit
owner privilege
|
Click letter for quick access: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z |
P
passwd file
password
aging
aging configuration
change time configuration
choosing
coding example
configuration
controls configuration
database
enhancements
expiration
expiration of
expiration time
extended
maximum tries configuration
new accounts
protected database
random character
random letter
random pronounceable
setting and changing
system-generated
threats
tips
password databases
password parameters
password protection
DECwindows secure keyboard mode
passwords
passwords
PATH variable
defining
null entry in
secure shell scripts
pathname
absolute
relative
pausing DECwindows sessions
permanent file
physical device
physical security
in DECwindows environment
pointer-type audit tokens
preselection of audit events
preselection of audit events
secondary>
private audit tokens
private tokens
privilege
allowdacaccess
chmodsugid
chown
owner
process audit mask
process priority
profile migration configuration
programming in the trusted environment
protected password database
protected password database
protected password database
protected password database
protected password database
protected password database
protected subsystem pseudogroup
protected subsystems
protecting files
access control list (ACL)
protecting removable media
prpasswd file
pseudo tty
pts/* file
public audit tokens
public tokens
|
Click letter for quick access: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z |
R
rcp command
rc[023] files
read-only file systems
recovering
audit data
recovering ACLs
reducing audit data
reducing audit data
relative pathname
remote auditing
remote commands
remote file transfer
with UUCP utility
remote login
suggestions for tip and cu commands
using dlogin command
using rlogin command
using tip and cu commands
remote systems
in .rhosts file
in /etc/hosts.equiv file
reports
audit reports
audit reports
required files
responding to audit reports
responsibilities
ISSO
operator
system administrator
user
retired account
retiring user accounts
.rhosts file
interaction with /etc/hosts.equiv file
security concerns
suggested permissions on
rlogin command
role programs
role responsibilities
ISSO
operator
system administration
system administrator
root authentication profile
root user
rsh command
|
Click letter for quick access: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z |
S
/sbin/rc[023] files
secauthmigrate script
secsetup command
secure attention key (SAK)
secure devices
secure keyboard
Secure Keyboard menu item
security
authentication programming concerns
security administrator
DECwindows ACLs
security breach
possible program responses to
Security Integration Architecture
See SIA
Security Integration Architecture (SIA)
Security Integration Architecture (SIA)
security policy
security policy
security requirements
security sensitive commands
segment sharing
segments
selecting audit events
semaphores
session priority
set group ID on execution
See SGID
set user ID on execution
See SUID
setacl command
setluid system call
setting up a trusted system
setting up enhanced security
set_auth_parameters() library routine
SGID
set group ID on execution
set group ID programs
shadowed passwords
shadowed passwords
shadowed passwords
shared libraries,
shared memory
object for ACLs
shell
defining variables
path variable syntax
rsh command invokes remote
shell process
shell script
security consideration
shell variable
specific shell variables
SIA
accessing secure information
administering
audit logging
callbacks
changing a user shell
changing finger information
changing secure information
coding example
debugging
deleting layered security product
group info, accessing
header files
initialization
installing layered security product
installing layered security product
integrating mechanisms
interface routines
layering
login process
logs
maintaining state
matrix.conf file
matrix.conf file
mechanism-dependent interface
packaging layered products
parameter collection
parameter collection
password, accessing
passwords, changing
programming
return values
return values
rlogind process
rshd process
security sensitive commands
session authentication
session establishment
session initialization
session launch
session processing
session release
SIAENTITY structure
siainit command
sialog file
vouching
signal
secure response to
signal routine
SIGQUIT signal
security consideration
SIGTRAP signal
security consideration
single-user mode
site-defined audit events
standalone system
ACLs
starting the audit subsystem
startup script
state-dependent audit events
sticky bit
setting
using to secure temporary files
UUCP directory
sticky directory
strong symbols
su command
set secure keyboard
subset installation
suggested audit events
SUID
set user ID on execution
set user ID programs
supplementary groups
symbol preemption
system administrator
remote file transfer concerns
tasks
See also role responsibilities
system audit mask
system call
common return value
security consideration for a failed call
system console
system console
system defaults database
description
description
undefined fields
updating
system startup
System V IPC
as object for ACLs
|
Click letter for quick access: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z |
T
TCB
TCB
defining a trusted system
executable file
hardware privilege
indirect programs
kernel
security configuration
trusted program
trusted system directories
/tcb/files/auth/r/root file
TCP/IP protocol
temporary files
temporary files
terminal authorization list
terminal break-in configuration
terminal character-mode
terminal control database
terminal control database
terminal control database
terminal control database
terminal control database
terminal devices
terminal devices, assigning
terminal file descriptors
invalidating
terminal session
security suggestions
tftp command
description of
TFTP protocol
time delay
tip command
tmp file
security consideration
tokens
tools for auditing
tracing system calls
traditional file protection mechanism
group
owner
permission bits
traditional logging
traditional security
trojan horse program
troubleshooting
trusted computing base
See TCB
trusted events
trusted path
trusted program
trusted program auditing
trusted program auditing
trusted programming techniques
trusted Tru64 UNIX
tty* file
|
Click letter for quick access: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z |
U
ULTRIX audit compatibility
ULTRIX authentication files
ULTRIX authentication files
ULTRIX interoperability issues
ULTRIX migration issues
umask
ACL
umask system call
using to secure temporary files
undefined field
UNIX-to-UNIX Copy Program
See UUCP
unlink system call
protecting file access
update installation
user audit mask
setting
user ID
effective (EUID)
real (RUID)
user input
security consideration
users, introduction
/usr/spool/uucppublic
/usr/tmp file
tmp file
uucp command
UUCP utility
uux command
|
Click letter for quick access: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z |
V
vouching
vouching configuration
|
Click letter for quick access: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z |
W
weak symbols
windowing environment
working storage
ACL
workstation
physical security
protecting removable media
See also DECwindows
workstation environment
workstation physical security
writing database entries
|
Click letter for quick access: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z |
X
X displays
xauth program
.Xdefaults file
block input with allowSendEvents
XGrabKeyboard() routine
XIsso program
XReparentWindow() routine
using in a secure environment
XSendEvent() routine
XSysAdmin program