User Security

Team-Fly    

Solaris™ Operating Environment Boot Camp
By David Rhodes, Dominic Butler
Table of Contents
Appendix B.  Security Checklist


  • Ensure that all users are allocated a password.

  • Users should never share their passwords.

  • You can set passwords to expire after a predefined time to improve password security.

  • It is good practice to check regularly /etc/passwd for users with their UID set to 0.

  • Regularly check for invalid users.

  • It is good practice to disable direct root logins by configuring the /etc/default/login file. This will force users with access to root to use the su command, thus leaving an audit trail.

  • Check the /var/adm/sulog regularly for users attempting to gain access to the root account.

  • Provide users with a nonwriteable .profile if you want to try and enforce a default environment.

  • For users that only use a specific application, specify this instead of the shell in their password entries.

  • Ensure that user accounts are closed (if not deleted) when somebody leaves the company or changes job.

  • If you wish to temporarily prevent users from logging in, create the file /etc/nologin.


    Team-Fly    
    Top
     



    Solaris Operating Environment Boot Camp
    Solaris Operating Environment Boot Camp
    ISBN: 0130342874
    EAN: 2147483647
    Year: 2002
    Pages: 301

    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net