Two-Minute Drill
Monitoring System Access
| q | The command to find users who do not have passwords is: logins -p. |
| q | A user can be denied login by using the passwd command with the -l option. |
| q | Each failed login attempt is recorded in the /var/adm/loginlog file. |
| q | If you want each failed login attempt to be recorded into the loginlog file, set the parameter SYSLOG_FAILED_LOGINS=0 in the /etc/def/login file. |
| q | All non-root user logins can be disabled by creating the file /etc/nologin. |
Performing System Security
| q | The system lists all the uses of the su command into the following file:
/var/adm/sulog |
| q | In order to enable the logging of the superuser access attempts, you need to uncomment the following line in the /etc/def/su file:
SULOG=/var/adm/sulog |
| q | In order to prevent superuser access remotely, uncomment the following line in the /etc/default/login file:
CONSOLE=/dev/console |
Controlling System Security
| q | In order to prevent some users from having ftp access to your system, create the following file, enter their login names into the file, and save the file:
/etc/ftpd/ftpuaers |
| q | In order to prevent a specific user from a specific host from having ftp access to your system, use the /etc/ftpd/ftphosts file, instead. |
| q | The Solaris system supports a number of shells by default. If you want to be selective in shell support, enter the names of the shells in the /etc/shell file; only those shells would be supported. |
| q | The users listed in the $HOME/.rhosts file can log in to the system remotely without using the password. |
| q | The configuration file for the sshd daemon is: /etc/ssh/sshd_config. |
Restricting Access to Data
| q | The permissions on a file can be listed with the command: ls -l. |
| q | The chmod command is used to change the permissions on files. |
| q | The relationship between the symbolic and octal permissions is r = 4, w = 2, x = 1; and you calculate the octal number for overall permission by adding the correspond number. For example, the octal permission for read, write, and no execute is 4 + 2 = 6. |
| q | You can use the command chown to change both the owner and the group of the file; and you can use the chgrp command to change the group of the file. |
| q | The chmod command can also be used to set the setuid, setgid, and sticky bit permissions. |
| q | The setuid and setgid options pose a security threat, but sticky bit improves security. |
EAN: N/A
Pages: 168
- Structures, Processes and Relational Mechanisms for IT Governance
- An Emerging Strategy for E-Business IT Governance
- A View on Knowledge Management: Utilizing a Balanced Scorecard Methodology for Analyzing Knowledge Metrics
- Technical Issues Related to IT Governance Tactics: Product Metrics, Measurements and Process Control
- Governing Information Technology Through COBIT