Managing system security

Maintaining system security
        Understanding system security
                Physical security
                Trusted system concepts
                        Trusted computing base
                        Discretionary access control (DAC)
                        Object reuse
                        Authorizations and privileges
                        Identification and authentication (I&A)
                        Protected subsystems
                Security in a networked environment
                        Network Information Service
                        The graphical environment
                        Network mail
        Administering a trusted system
                Assigning administrative roles and system privileges
                Controlling system access
                        Password restrictions
                        Terminal use restrictions
                        Login restrictions
                Logging out idle users (non-graphical sessions only)
                Restricting root logins to a specific device
                Using auditing on your system
        Protecting the data on your system
                The owner and group attributes
                Discretionary access control (DAC): permission bits
                Discretionary access control (DAC): access control lists
                        The minimal ACL
                        Additional ACL entries
                        How the system generates an ACL
                        Examining an ACL
                        Changing the access control list of a file
                SUID/SGID bits and security
                SUID, SGID, and sticky bit clearing on writes
                The sticky bit and directories
                Data encryption
                Imported data
                        Imported files
                        Imported filesystems
                Terminal escape sequences
        Creating account and login activity reports
                Reporting password status
                Creating an account summary
                Reporting terminal access status
                Reporting user login activity
                Reporting terminal login activity
                Logging unsuccessful login attempts
        Detecting system tampering
                Stolen passwords
                Abuse of system privileges
                Unsupervised physical access to the computer
        Dealing with filesystem and database corruption
                The authentication database files
                Checking the system after a crash
                Using the override terminal
                Automatic database checking and recovery: tcbck(ADM)
                Database consistency checking: authck(ADM) and addxusers(ADM)
                        Creating UNIX system and TCB account database reports
                System file integrity checking: integrity(ADM)
                System file permission repair: fixmog(ADM)
        Understanding how trusted features affect programs
                LUID enforcement
                stopio(S) on devices
                Sticky directories
        Disabling C2 features
        Troubleshooting system security
                Account is disabled -- see Account Administrator
                Account is disabled but console login is allowed Terminal is disabled but root login is allowed
                Authentication database contains an inconsistency
                Can't rewrite terminal control entry for tty Authentication error; see Account Administrator
                Cannot access terminal control database entry
                Cannot obtain database information on this terminal
                Login incorrect
                login: resource Authorization name file could not be allocated due to: cannot open;
                Terminal is disabled -- see Account Administrator
                You do not have authorization to run ...
                Unable to remove files

NSS Overview