q | The command to find users who do not have passwords is: logins -p. |
q | A user can be denied login by using the passwd command with the -l option. |
q | Each failed login attempt is recorded in the /var/adm/loginlog file. |
q | If you want each failed login attempt to be recorded into the loginlog file, set the parameter SYSLOG_FAILED_LOGINS=0 in the /etc/def/login file. |
q | All non-root user logins can be disabled by creating the file /etc/nologin. |
q | The system lists all the uses of the su command into the following file:
/var/adm/sulog |
q | In order to enable the logging of the superuser access attempts, you need to uncomment the following line in the /etc/def/su file:
SULOG=/var/adm/sulog |
q | In order to prevent superuser access remotely, uncomment the following line in the /etc/default/login file:
CONSOLE=/dev/console |
q | In order to prevent some users from having ftp access to your system, create the following file, enter their login names into the file, and save the file:
/etc/ftpd/ftpuaers |
q | In order to prevent a specific user from a specific host from having ftp access to your system, use the /etc/ftpd/ftphosts file, instead. |
q | The Solaris system supports a number of shells by default. If you want to be selective in shell support, enter the names of the shells in the /etc/shell file; only those shells would be supported. |
q | The users listed in the $HOME/.rhosts file can log in to the system remotely without using the password. |
q | The configuration file for the sshd daemon is: /etc/ssh/sshd_config. |
q | The permissions on a file can be listed with the command: ls -l. |
q | The chmod command is used to change the permissions on files. |
q | The relationship between the symbolic and octal permissions is r = 4, w = 2, x = 1; and you calculate the octal number for overall permission by adding the correspond number. For example, the octal permission for read, write, and no execute is 4 + 2 = 6. |
q | You can use the command chown to change both the owner and the group of the file; and you can use the chgrp command to change the group of the file. |
q | The chmod command can also be used to set the setuid, setgid, and sticky bit permissions. |
q | The setuid and setgid options pose a security threat, but sticky bit improves security. |