Index Index for Section 8
Index Alphabetical listing for S 

secsetup(8)


NAME

  secsetup - Security features setup script (Enhanced Security)


SYNOPSIS

  /usr/sbin/secsetup


DESCRIPTION

  The secsetup command is an interactive facility that allows you to toggle
  security features on your system.  You must first have loaded the enhanced
  security subset onto your system before running the command.

  The secsetup command allows you to configure your system either for
  security auditing, enhanced login, or any combination of those features.
  You can run secsetup while the system is in multiuser mode (however, you
  must reboot to cause the security level to change).

  Because of the page table sharing mechanism used for shared libraries, the
  normal file system permissions are not adequate to protect against
  unauthorized reading.	 The secsetup command will ask users if they wish to
  disable segment sharing. Only the text part of the library, not the data
  segment, is shared in this way.  If the user enters a '?' at the prompt
  secsetup displays information about the choices.  If the segment sharing is
  already disabled, secsetup states that segment sharing is already disabled.
  The change in segment sharing takes effect at the next reboot.

  Depending on the security features chosen, when secsetup completes you may
  need to replace your system's kernel and reboot the system.

  NOTE:	 After secsetup is run, passwords that were originally entered with
  more than 8 characters will match a string with ONLY the first 8
  characters.

  The audit_setup(8) reference page describes how to set up audit.


EXAMPLES

  The following is an example of how security can be setup using secsetup:

  # /usr/sbin/secsetup
  Enter security level(BASE ENHANCED ?)[ENHANCED]: <RETURN>
  ENHANCED security will take effect on the next reboot.
  Do you wish to run the audit setup utility (yes no ?)[yes]: no
  Do you wish to disable segment sharing(yes no ?)[no]: yes
  Segment sharing has been disabled.

  Updating configuration file to prevent segmentation...
  Configuration file '/sys/conf/ALLERGY' updated.
  Would you like to have a kernel built now (y/[n]):  y
  Running 'doconfig -c ALLERGY'....
  *** KERNEL CONFIGURATION AND BUILD PROCEDURE ***

  Saving /sys/conf/ALLERGY as /sys/conf/ALLERGY.bck

  Do you want to edit the configuration file? (y/n) [n]: n


  *** PERFORMING KERNEL BUILD ***
	  Working....Mon Aug 23 15:02:48 EDT 1993
	  Working....Mon Aug 23 15:04:48 EDT 1993
	  Working....Mon Aug 23 15:06:50 EDT 1993
	  Working....Mon Aug 23 15:08:50 EDT 1993

  The new kernel is /sys/ALLERGY/vmunix.
  Configuration complete. You may move /sys/ALLERGY/vmunix
  into place and reboot. The ENHANCED security level will
  take effect on the next system reboot.
  Press return to continue: <RETURN>
  #


FILES

  /etc/sec/audit_events
  /etc/auth
  /etc/passwd
  /etc/svc.conf


RELATED INFORMATION

  authcap(4), svc.conf(4), auditmask(8), audit_setup(8)
  Security