Index

Numbers and Symbols

* (asterisk)

device_allocate file, (), ()

wildcard character in ASET, ()

\ (backslash)

device_allocate file, ()

ending in device_maps file, ()

. (dot), path variable entry, ()

= (equal sign), file permissions symbol, ()

- (minus sign)

audit flag prefix, ()

file permissions symbol, ()

+ (plus sign)

audit flag prefix, ()

file permissions symbol, ()

# (pound sign)

device_allocate file, ()

device_maps file, ()

? (question mark), in ASET tune files, ()

^+ audit flag prefix, ()

^- audit flag prefix, ()

~/.gkadmin file, description, ()

~/.k5login file, description, ()

$HOME/.ssh/known_hosts file

description, (), ()

3des-cbc encryption algorithm, ssh_config file, ()

3des encryption algorithm, sshd_config file, ()

A

aa audit flag, ()

absolute mode

changing file permissions, (), ()

description, ()

setting special permissions, ()

access

getting to server

with SEAM, ()

obtaining for a specific service, ()

restricting for KDC servers, ()

root access

displaying attempts on console, ()

monitoring su command use, (), ()

restricting, (), ()

security

ACLs, (), (), ()

controlling system usage, ()

file access restriction, ()

firewall setup, (), ()

login access restrictions, (), ()

login control, ()

monitoring system usage, ()

network control, ()

path variable setting, ()

physical security, ()

reporting problems, ()

root login tracking, ()

setuid programs, ()

sharing files, ()

system logins, ()

access control list

See ACL

Access Control Lists (ACLs), See ACL

ACL

adding entries, ()

changing entries, ()

checking entries, ()

commands, ()

default entries for directories, (), ()

deleting entries, (), ()

description, (), ()

directory entries, (), ()

displaying entries, (), ()

format of entries, ()

kadm5.acl file, (), (), ()

setting entries, ()

valid file entries, ()

acl token, format, ()

ad audit flag, ()

Add Administrative Role wizard

description, (), ()

Add Right dialog box, description, ()

Add User wizard, description, ()

adding

administration principals (SEAM), ()

allocatable devices (BSM), ()

custom roles (RBAC), ()

PAM module, ()

password encryption module, ()

rights profiles (RBAC), ()

roles (RBAC), (), ()

service principal to keytab file (SEAM), ()

the first role (RBAC), ()

the first user (RBAC), ()

admin_server section, krb5.conf file, ()

administering

auditing

audit class, ()

audit classes, ()

audit event, ()

audit files, ()

audit flags, (), ()

audit records, ()

audit trail overflow prevention, ()

auditreduce command, ()

cost control, ()

description, ()

efficiency, ()

kernel events, ()

process preselection mask, ()

reducing storage-space requirements, ()

user-level events, ()

SEAM

keytabs, ()

policies, ()

principals, ()

Secure Shell, ()

administrative (old) audit class, ()

administrative audit class, ()

aes128-cbc encryption algorithm, ssh_config file, ()

agent daemon, Secure Shell, ()

algorithms

configuration, ()

password encryption, ()

aliases file (ASET)

description, ()

example, ()

format, ()

specification, ()

all

audit class, ()

audit flag

caution for using, ()

described, ()

in user audit fields, ()

All rights profile

description, (), ()

allhard string, audit_warn script, ()

allocate command

authorizations required, ()

how the allocate mechanism works, ()

options, ()

using, ()

allocate error state, (), ()

AllowGroups keyword, sshd_config file, ()

AllowTCPForwarding keyword, sshd_config file, ()

AllowUsers keyword, sshd_config file, ()

allsoft string, audit_warn script, ()

always-audit flags

description, (), ()

process preselection mask, ()

am audit flag, ()

analysis

praudit command, (), ()

ap audit flag, ()

application audit class, ()

arbitrary token

format, ()

item size field, ()

print format field, ()

Archive tape drive clean script, ()

arg token, ()

arge audit policy

description, ()

exec_env token and, ()

argv audit policy

description, ()

exec_args token and, ()

as audit flag, ()

ASET

description, ()

environment variables, ()

error messages, ()

NFS servers and, ()

aset command

initiating ASET sessions, ()

-p option, ()

running ASET interactively, ()

running ASET periodically, ()

stop running ASET periodically, ()

aset.restore command, description, ()

ASETDIR variable (ASET), working directory specification, ()

asetenv file

description, ()

modifying, ()

running ASET periodically, ()

ASETSECLEVEL variable (ASET), setting security levels, ()

Assign Administrative Role dialog box, description, ()

Assign Rights to Role dialog box, description, ()

asterisk (*)

device_allocate file, (), ()

wildcard character, ()

at command, authorizations required, ()

atq command, authorizations required, ()

attr token, ()

audio_clean script, ()

audio devices, device-clean scripts, ()

AUDIO_DRAIN ioctl system call, ()

AUDIO_SETINFO ioctl system call, ()

AUDIOGETREG ioctl system call, ()

AUDIOSETREG ioctl system call, ()

audit administration audit class, ()

audit characteristics

overview, ()

process preselection mask, ()

audit class

description, (), ()

audit classes

description, ()

flags and definitions, ()

mapping events, ()

audit command

description, ()

-n option, ()

preselection mask for existing processes (-s option), ()

rereading audit files (-s option), ()

resetting directory pointer (-s option), ()

Audit Control, rights profile, ()

audit_control file

audit daemon rereading after editing, ()

audit_user file modification, ()

dir: line

described, ()

examples, ()

examples, ()

flags: line

described, ()

prefixes in, ()

process preselection mask, ()

minfree: line

audit_warn condition, ()

described, ()

naflags: line, ()

overview, (), (), ()

prefixes in flags line, ()

problem with contents, ()

audit daemon

audit_startup file, ()

audit trail creation, (), ()

audit_warn script

conditions invoking, (), ()

described, (), ()

execution of, ()

functions, ()

order audit files are opened, ()

rereading the audit_control file, ()

audit_data file, ()

audit directory, description, ()

audit event

audit_event file, (), ()

description, (), (), ()

kernel event, ()

mapping to classes, ()

user-level events, ()

audit_event file, (), ()

audit files

auditreduce command, (), ()

combining, (), (), ()

copying messages to single file, ()

displaying in entirety, ()

file token, ()

minimum free space for file systems, ()

names, ()

form, ()

still-active files, ()

time stamps, ()

nonactive files marked not_terminated, ()

order for opening, ()

printing, ()

reducing, (), (), ()

reducing storage-space requirements, (), ()

switching to new file, ()

time stamps, ()

audit flags, ()

audit_control file line, ()

audit_user file, (), ()

definitions, ()

description, ()

effect on public objects, ()

exceptions to machine-wide settings, ()

machine-wide, (), (), ()

overview, (), ()

prefixes, ()

process preselection mask, ()

syntax, (), ()

audit ID

mechanism, ()

overview, ()

audit messages, copying to single file, ()

audit policies

defaults, ()

description, ()

effects of, ()

audit policy, public, ()

audit records

audit directories full, (), (), ()

converting to readable format, (), (), (), ()

description, ()

displaying the format, ()

events that generate, ()

format or structure, ()

formatting example, (), ()

overview, ()

reducing audit files, ()

Audit Review, rights profile, ()

audit session ID, ()

audit_startup file, ()

audit threshold, ()

audit tokens

audit record format, ()

description, (), ()

format, ()

table of, ()

audit trail

analysis

praudit command, (), ()

analysis costs, ()

creating

audit daemon's role, (), (), ()

audit_data file, ()

overview, ()

description, ()

events included, ()

merging all files, (), ()

monitoring in real time, ()

no public objects, ()

overflow prevention, ()

overview, ()

audit_user file

exception to machine-wide audit flags, ()

prefixes for flags, ()

process preselection mask, ()

user audit fields, (), ()

audit_warn script, ()

audit daemon execution of, ()

conditions invoking, (), ()

description, ()

strings, (), ()

auditconfig command

audit flags as arguments, (), ()

description, ()

prefixes for flags, ()

auditd daemon

audit_startup file, ()

audit trail creation, (), (), (), ()

audit_warn script

conditions invoking, (), ()

described, ()

execution of, ()

functions, ()

order audit files are opened, ()

rereading the audit_control file, ()

auditing, rights profiles, ()

auditreduce command, (), ()

-c option, ()

cleaning not_terminated files, ()

-d option, ()

description, (), ()

examples, ()

-O option, ()

options, ()

time stamp use, ()

trailer tokens, and, ()

without options, (), ()

auditsvc() system call, audit_warn script and, ()

AUE_... names, description, ()

auth_attr database

description, (), ()

RBAC relationships, ()

AUTH_DH authentication, ()

AUTH_DH client-server session, (), ()

additional transaction, ()

client authenticates server, ()

contacting the server, (), ()

decrypting the conversation key, ()

generating public and secret keys, ()

generating the conversation key, ()

running keylogin, ()

storing information on the server, (), ()

verifier returned to client, ()

authentication

configuring cross-realm, ()

description, ()

DH, (), ()

network security, (), ()

overview of Kerberos, ()

root for NFS, ()

SEAM and, ()

Secure Shell

description, ()

hosts, ()

methods, ()

steps, ()

users, ()

terminology, ()

types, ()

authentication parameters, ssh_config file, ()

authenticator

in SEAM, (), ()

authorization

database

See auth_attr database

delegating, ()

description, (), (), (), ()

granularity, ()

naming convention, ()

network security, (), ()

SEAM and, ()

types, ()

authorized_keys file, description, ()

auths command, description, ()

authtok_check module, description, ()

authtok_get module, description, ()

authtok_store module, description, ()

Automated Security Enhancement Tool, See ASET

automatically enabling auditing, ()

automating principal creation, ()