ABORT_LOGIN_ON_MISSING_HOMEDIR=1 Exit the login session if the user s home directory does not exist. Default value: ABORT_LOGIN_ON_MISSING_HOMEDIR=0
|
|
- Georgiana Pearson
- 6 years ago
- Views:
Transcription
1 NAME security - security defaults configuration file DESCRIPTION A number of system commands and features are configured based on certain attributes defined in the /etc/default/security configuration file. This file must be world readable and root writable. Each line in the file is treated either as a comment or as configuration information for a given system command or feature. Comments are denoted by a # at the beginning of a line. Noncomment lines are of the form, attribute=value. If any attribute is not defined or is commented out in this file, the default behavior detailed below will apply. The default value of each attribute is defined in the /etc/security.dsc file. Attribute definitions, valid values, and defaults are defined as follows: ABORT_LOGIN_ON_MISSING_HOMEDIR This attribute controls login behavior if a user s home directory does not exist. Note that this is only enforced for non-root users and only applies to the login command or those services that indirectly invoke login such as the telnetd and rlogind commands. ABORT_LOGIN_ON_MISSING_HOMEDIR=0 Login with / as the home directory if the user s home directory does not exist. ABORT_LOGIN_ON_MISSING_HOMEDIR=1 Exit the login session if the user s home directory does not exist. Default value: ABORT_LOGIN_ON_MISSING_HOMEDIR=0 ALLOW_NULL_PASSWORD This attribute determines whether or not users with a null password can login. It does not apply to trusted systems. This attribute is supported only for non-root users managed by pam_unix (described in pam_unix (5)); this typically includes local and NIS users. On a system in standard or shadow mode, it also applies to root if LOGIN_POLICY_STRICT=1. For local users, the system-wide default defined here in /etc/default/security may be overridden by defining a peruser value in /var/adm/userdb (described in userdb(4)). ALLOW_NULL_PASSWORD=0 Users with a null password cannot login. ALLOW_NULL_PASSWORD=1 Users with a null password can login. Default value: ALLOW_NULL_PASSWORD=1 AUDIT_FLAG This attribute controls whether or not users are to be audited. It does not apply to trusted systems. This attribute is supported for users in all name server switch repositories, such as local, NIS and LDAP. This attribute is enforced in the pam_hpsec service module, and requires that the pam_hpsec module be configured in /etc/pam.conf. See pam_hpsec (5). The system-wide default defined here may be overridden by defining a per-user value in /var/adm/userdb (described in userdb(4)). For more information about HP-UX auditing, see audit (5). AUDIT_FLAG=0 Do not audit. AUDIT_FLAG=1 Audit. Default value: AUDIT_FLAG=1 AUTH_MAXTRIES This attribute controls whether an account is locked after too many consecutive authentication failures. It does not apply to trusted systems. This attribute is supported for users in all name server switch repositories, such as local, NIS and LDAP. This attribute is enforced in the pam_hpsec service module, and requires that the pam_hpsec module be configured in /etc/pam.conf. See pam_hpsec (5). Other PAM service modules in your configuration may enforce additional restrictions. The system-wide default defined here may be overridden by defining a per-user value in /var/adm/userdb (described in userdb(4)). HP-UX 11i Version 3: March Hewlett-Packard Company 1
2 When an account has been locked due to too many authentication failures, root can unlock the account by this command: userdbset -d -u username auth_failures AUTH_MAXTRIES=0 Any number of authentication retries is allowed. AUTH_MAXTRIES=N An account is locked after N+1 consecutive authentication failures. N can be any positive integer. Default value: AUTH_MAXTRIES=0 BOOT_AUTH This attribute controls whether authentication is required to boot the system into single user mode. If enabled, the system cannot be booted into single user mode until the password of an authorized user is provided. This attribute does not apply to trusted systems. However, if boot authentication is enabled on a standard system, then when the system is converted to a trusted system, boot authentication will also be enabled as default for the trusted system. BOOT_AUTH=0 Boot authentication is turned OFF. BOOT_AUTH=1 Boot authentication is turned ON. Default value: BOOT_AUTH=0 BOOT_USERS This attribute defines the names of users who are authorized to boot the system into single user mode from the console. Names are separated by a comma (,). It only takes effect when boot authentication is enabled. Refer to the description of the BOOT_AUTH attribute. The BOOT_USERS attribute does not apply to trusted systems. However, when a standard system is converted to a trusted system, this information is translated. For example: BOOT_USERS=mary,jack Other than the root user, user mary or jack can also boot the system into single user mode from the console. Default value: BOOT_USERS=root CRYPT_ALGORITHMS_DEPRECATE This attribute lists the password hash algorithms that must be deprecated when a user s password is changed. This attribute is only valid when the SHA11i3 product is installed. CRYPT_DEFAULT This attribute specifies the default password hash algorithm. It is used when a new user password is created, and either the user did not have a password before or the old password was hashed with a deprecated algorithm (listed in CRYPT_ALGORITHMS_DEPRECATE). The value of CRYPT_DEFAULT should not be present in CRYPT_ALGORITHMS_DEPRECATE. This attribute is only valid when the SHA11i3 product is installed. CRYPT_DEFAULT= unix The default hash algorithm is the traditional DES-based algorithm. Refer to crypt (3C) for more information. CRYPT_DEFAULT=6 The default hash algorithm is method 6, a newer hash algorithm based on SHA-512. For example: CRYPT_ALGORITHMS_DEPRECATE= unix CRYPT_DEFAULT=6 If a user s password is created for the first time, it is hashed using method 6. Or if a user s old password was hashed using unix, the new password is hashed using method 6. Default value: CRYPT_DEFAULT= unix 2 Hewlett-Packard Company 2 HP-UX 11i Version 3: March 2012
3 DISPLAY_LAST_LOGIN This attribute controls whether a successful login displays the date, time and origin of the last successful login and the last authentication failure. Times are displayed using the system s time zone. See the discussion of time zones in the Notes section. This attribute does not apply to trusted systems. This attribute is supported for users in all name server switch repositories, such as local, NIS and LDAP. This attribute is enforced in the pam_hpsec service module, and requires that the pam_hpsec module be configured in /etc/pam.conf. See pam_hpsec (5). The system-wide default defined here may be overridden by defining a per-user value in /var/adm/userdb (described in userdb(4)). DISPLAY_LAST_LOGIN=0 Information is not displayed. DISPLAY_LAST_LOGIN=1 Information is displayed. Default value: DISPLAY_LAST_LOGIN=1 INACTIVITY_MAXDAYS This attribute controls whether an account is locked if there have been no logins to the account for a specified time interval. It does not apply to trusted systems. This attribute is supported only for non-root users managed by pam_unix (described in pam_unix (5)); this typically includes local and NIS users. On a system in standard or shadow mode, it also applies to root if LOGIN_POLICY_STRICT=1. In most cases this attribute can be enforced only as a system-wide default, however, for local users on a shadow password system, the system-wide default defined here in /etc/default/security may be overridden by defining a per-user value in the inactivity field of /etc/shadow with either one of these commands: useradd -f inactive_maxdays usermod -f inactive_maxdays When an account has been locked due to this feature, root can unlock the account by this command: userdbset -d -u username login_time INACTIVITY_MAXDAYS=0 Inactive accounts are not expired. INACTIVITY_MAXDAYS=N Inactive accounts are expired if there have been no logins to the account for at least N days. N can be any positive integer. Default value: INACTIVITY_MAXDAYS=0 LOGIN_POLICY_STRICT This attribute imposes restrictions on root login and authentication. These are restrictions which already apply to normal users. LOGIN_POLICY_STRICT=0 User root is not subject to login restrictions. LOGIN_POLICY_STRICT=1 Authentication of user root is subject to the following: Enforce ALLOW_NULL_PASSWORD (does not allow root login with a null password). Enforce INACTIVITY_MAXDAYS (does not allow login for a stale root account). The LOGIN_POLICY_STRICT attribute is only valid if the libpam_unix patch PHCO_40838 or later is installed. Default value: LOGIN_POLICY_STRICT=0 LOGIN_TIMES This attribute restricts logins to specific time periods. Login time restrictions are based on the system s time zone. See the discussion of time zones in the Notes section. This attribute does not apply to trusted systems. This attribute is supported for users in all name server switch repositories, such as local, NIS and LDAP. This attribute is enforced in the pam_hpsec service module, and requires that the pam_hpsec module be configured in /etc/pam.conf. See pam_hpsec (5). Other PAM service modules in your configuration may enforce additional restrictions. The system-wide default defined here may be overridden by defining a per-user value in HP-UX 11i Version 3: March Hewlett-Packard Company 3
4 /var/adm/userdb (described in userdb(4)). LOGIN_TIMES=timeperiod An account is locked if the current time is not within the specified time period. The timeperiod consists of any number of day and time ranges separated by colons. A user is allowed to access the system when the login time is within any of the specified ranges. The days are specified by the following abbreviations: Su Mo Tu We Th Fr Sa Wk Any Where Wk is all week days and Any is any day of the week. A time range can be included after the day specification. A time range is a 24-hour time period, specified as hours and minutes separated by a hyphen. Each time must be specified with 4 digits (HHMM-HHMM ). Leading zeros are required. This time range indicates the start and end time for the specified days. The start time must be less than the end time. When no time range is specified, all times within the day(s) are valid. If the current time is within the range of any of the time ranges specified for a user, the user is allowed to access the system. Do not use as a time range to prevent user access. For example, Any:Fr cannot be used to disallow access on Fridays. Instead, SuMo- TuWeThSa should be used. See the EXAMPLES section. Default value: LOGIN_TIMES=Any Can login any day of the week. LONG_PASSWORD This attribute determines whether or not the length of a password can exceed 8 characters. This attribute is valid only when the LongPassword11i3 product is installed and the password hash algorithm is different from the traditional DES-based hash algorithm, see CRYPT_DEFAULT. LONG_PASSWORD=0 Passwords are limited to 8 characters. LONG_PASSWORD=1 Passwords can have more than 8 characters. Default value: LONG_PASSWORD=0 MIN_PASSWORD_LENGTH This attribute controls the minimum length of new passwords. On trusted systems it applies to all users. On standard systems it applies to non-root local users and to NIS users. On systems in standard or shadow mode, it applies to root if PASSWORD_POLICY_STRICT=1. The system-wide default defined here may be overridden by defining per-user values in /var/adm/userdb (described in userdb(4)). MIN_PASSWORD_LENGTH=N New passwords must contain at least N characters. For standard systems, N can be any value from 3 to 8. For trusted systems, N can be any value from 6 to 80. Default value: MIN_PASSWORD_LENGTH=6 NOLOGIN This attribute controls whether non-root login can be disabled by the /etc/nologin file. Note that this attribute only applies to the applications that use session management services provided by pam_hpsec as configured in /etc/pam.conf, or those services that indirectly invoke login such as the telnetd and rlogind commands. Other services may or may not choose to enforce the /etc/nologin file. NOLOGIN=0 Ignore the /etc/nologin file and do not exit if the /etc/nologin file exists. NOLOGIN=1 Display the contents of the /etc/nologin file and exit if the /etc/nologin file exists. Default value: NOLOGIN=0 4 Hewlett-Packard Company 4 HP-UX 11i Version 3: March 2012
5 OVERRIDE_SYSDEF_PWAGE This attribute applies to shadow mode only. During a password change it determines if password aging attributes max days, min days and warn days (described in shadow(4)) are inherited from the /etc/default/security values when no password aging is specified in the shadow file. This attribute is applicable to local users. The system-wide default value defined for this attribute in /etc/default/security may be overridden by defining a per-user value in /var/adm/userdb (described in Userdb(4)). OVERRIDE_SYSDEF_PWAGE=0 The password aging attributes defined in /etc/default/security are inheritable when a password is changed. OVERRIDE_SYSDEF_PWAGE=1 The default password aging values in /etc/default/security are ignored. Password aging attributes are read exclusively from the /etc/shadow file during a password change. Default value: OVERRIDE_SYSDEF_PWAGE=0 NUMBER_OF_LOGINS_ALLOWED This attribute controls the number of simultaneous logins allowed per user. Note that this is only enforced for non-root users and only applies to the applications that use session management services provided by pam_hpsec as configured in /etc/pam.conf, or those services that indirectly invoke login, such as the telnetd and rlogind commands. The system-wide default defined here may be overridden by defining a per-user value in /var/adm/userdb (described in userdb(4)). NUMBER_OF_LOGINS_ALLOWED=0 Any number of logins are allowed per user. NUMBER_OF_LOGINS_ALLOWED=N N number of logins are allowed per user. Default value: NUMBER_OF_LOGINS_ALLOWED=0 PASSWORD_HISTORY_DEPTH This attribute controls the password history depth. A new password is checked against passwords stored in the user s password history. This prevents the user from re-using a recently used password. This attribute applies to local, non-root users. On a system in standard or shadow mode, it also applies to root if PASSWORD_POLICY_STRICT=1. For a trusted system, the maximum password history depth is 10 and the minimum is 1. For a standard system, the maximum password history depth is 24 and the minimum is 1. The system-wide default defined here may be overridden by defining a per-user value in /var/adm/userdb (described in userdb(4)). PASSWORD_HISTORY_DEPTH=N A new password is checked against the N most recently used passwords, including the current password. For example, a password history depth of 2 prevents a user from alternating between two passwords. Default value: PASSWORD_HISTORY_DEPTH=1 Cannot re-use the current password. PASSWORD_MIN_type_CHARS Attributes of this form are used to require new passwords to have a minimum number of characters of particular types (upper case, lower case, digits or special characters). This can be helpful in enforcing site security policies about selecting passwords that are not easy to guess. This attribute applies to local, non-root users. On a system in standard or shadow mode, it also applies to root if PASSWORD_POLICY_STRICT=1. The system-wide default defined here may be overridden by defining a per-user value in /var/adm/userdb (described in userdb(4)). HP-UX 11i Version 3: March Hewlett-Packard Company 5
6 PASSWORD_MIN_UPPER_CASE_CHARS=N Specifies that a minimum of N upper-case characters are required in a password when changed. PASSWORD_MIN_LOWER_CASE_CHARS=N Specifies that a minimum of N lower-case characters are required in a password when changed. PASSWORD_MIN_DIGIT_CHARS=N Specifies that a minimum of N digit characters are required in a password when changed. PASSWORD_MIN_SPECIAL_CHARS=N Specifies that a minimum of N special characters are required in a password when changed. Default value: The default for each of these attributes is zero. PASSWORD_MAXDAYS This attribute controls the default maximum number of days that passwords are valid. This value, if specified, is used by the authentication subsystem during the password change process in the case where aging restrictions do not already exist for the given user. The value takes effect after the password change. This attribute applies only to local users and does not apply to trusted systems. The passwd -x option can be used to override this value for a specific user. PASSWORD_MAXDAYS=N A new password is valid for up to N days, after which the password must be changed. N can be an integer from -1 to 441. Default value: PASSWORD_MAXDAYS=-1 password aging is turned off. PASSWORD_MINDAYS This attribute controls the default minimum number of days before a password can be changed. This value is used by the authentication subsystem during the password change process in the case where aging restrictions do not already exist for the user. The value is stored persistently and takes effect after the password change. This attribute applies only to local users and does not apply to trusted systems. The passwd -n option can be used to override this value for a specific user. PASSWORD_MINDAYS=N A new password cannot be changed until at least N days since it was last changed. N can be an integer from 0 to 441. Default value: PASSWORD_MINDAYS=0 PASSWORD_POLICY_STRICT This attribute imposes restrictions when root is changing passwords. These restrictions already apply to normal users. PASSWORD_POLICY_STRICT=0 User root is not subject to restrictions when changing passwords. PASSWORD_POLICY_STRICT=1 When user root changes a password, restrictions are imposed as follows. The next two restrictions apply to root only when changing root s own password. They do not apply when root is changing the password of a normal user. Prompt and require root to input the old password. Enforce minimal difference between old and new password. All of the remaining restrictions apply to root changing any password, either root s own password or the password for a different user. Enforce PASSWORD_MINDAYS. Enforce configurable minimal password length, MIN_PASSWORD_LENGTH. Enforce configurable password quality as defined by the attributes PASSWORD_MIN_UPPER_CASE_CHARS, PASSWORD_MIN_LOWER_CASE_CHARS, PASSWORD_MIN_DIGIT_CHARS, PASSWORD_MIN_SPECIAL_CHARS. Enforce the hardwired minimal password quality (at least 2 alpha and 1 nonalpha characters). Enforce PASSWORD_HISTORY_DEPTH. 6 Hewlett-Packard Company 6 HP-UX 11i Version 3: March 2012
7 The PASSWORD_POLICY_STRICT attribute is only valid if the libpam_unix patch PHCO_40838 or later is installed. Default value: PASSWORD_POLICY_STRICT=0 PASSWORD_WARNDAYS This attribute controls the default number of days before password expiration that a user is to be warned that the password must be changed. This value, if specified, is used by the authentication subsystem during the password change process in the case where aging restrictions do not already exist for the given user. The value takes effect after the password change. This attribute applies only to local users on shadow password systems. The passwd -w option can be used to override this value for a specific user. PASSWORD_WARNDAYS=N Users are warned N days before their password expires. N can be an integer from 0 to 441. Default value: PASSWORD_WARNDAYS=0 (no warning) SU_DEFAULT_PATH This attribute defines a new default PATH environment value to be set when su to a non-superuser account is done. Refer to su(1). SU_DEFAULT_PATH=new_PATH The PATH environment variable is set to new_path when the su command is invoked. The path value is not validated. This attribute does not apply to a superuser account, and is applicable only when the - option is not used with the su command. Default value: If this attribute is not defined or if it is commented out, PATH is not changed. SU_KEEP_ENV_VARS This attribute forces su to propagate certain unsafe environment variables to its child process despite the security risk of doing so. Refer to su(1). By default, su does not export the environment variables HOME, ENV, IFS, SHLIB_PATH or LD_* because they could be maliciously misused. Any combination of these can be specified in this entry, with a comma separating the variables. Currently, no other environment variables may be specified in this way. This may change in future HP-UX releases as security needs require. SU_KEEP_ENV_VARS=var1,var2,...,varN Default value: If this attribute is not defined or if it is commented out, these environment variables will not be propagated by the su command. SU_ROOT_GROUP This attribute defines the root group name for the su command. Refer to su(1). SU_ROOT_GROUP=group_name The root group name is set to the specified symbolic group name. The su command enforces the restriction that a non-superuser must be a member of the specified root group to be allowed to su to root. This does not alter password checking. Default value: If this attribute is not defined or if it is commented out, there is no default value. In this case, a non superuser is allowed to su to root without being bound by root group restrictions. UMASK This attribute controls umask() of all sessions initiated via pam_hpsec. This attribute is supported for users in all name server switch repositories, such as local, NIS and LDAP. This attribute is enforced in the pam_hpsec service module, and requires that the pam_hpsec module be configured in /etc/pam.conf. See pam_hpsec (5). It accepts values from 0 to 0777 as an unsigned octal integer (must have a leading zero to denote octal). The system-wide default defined here may be overridden by defining a per-user value in /var/adm/userdb (described in userdb(4)). UMASK=default_umask HP-UX 11i Version 3: March Hewlett-Packard Company 7
8 The current umask is set or restricted further with the value of default_umask. For trusted systems, the umask is also restricted so as not to exceed SEC_DEFAULT_MODE defined in /usr/include/hpsecurity.h. Default value: UMASK=0 Notes Use the functions defined in secdef (3) to read the values of the attributes defined in this file. The usage, possible values and default value of each of the attributes described in this manpage is defined in the /etc/security.dsc file. The behavior of some attributes is affected by the time zone. For these attributes the time zone is determined by the first line of the form TZ=timezone in the file /etc/timezone. If the time zone is not specified in this file, it is obtained from the file /etc/default/tz, as described in tzset (3C). EXAMPLES The following are examples of LOGIN_TIMES usage. SaSu:Wk The user can login to the system all day on weekends and after 6:00 pm on week days. MoWeFr :TuThSu The user can login to the system on Monday, Wednesday and Friday from 10:00 am to 2:00 pm and on Tuesday, Thursday, and Sunday from 8:00 am to 5:00 pm. Any The user can login to the system every day from 4:00 am until 1:00 pm. Any No day or time restrictions. This is the default. Mo :Tu The user can login to the system any time between Monday after 6:00 pm until Tuesday at 3:00 am. Mo :Mo The user can only login to the system on Mondays between midnight and 3:00 am or after 6:00 pm on Mondays. WARNINGS HP-UX 11i Version 3 is the last release to support trusted systems functionality. AUTHOR The security file was developed by HP. FILES /etc/default/security /etc/security.dsc /var/adm/userdb security defaults configuration file security attributes description file user database SEE ALSO login(1), passwd(1), su(1), init(1m), userstat(1m), secdef(3), pam.conf(4), userdb(4), pam_hpsec(5), pam_unix(5). 8 Hewlett-Packard Company 8 HP-UX 11i Version 3: March 2012
ABORT_LOGIN_ON_MISSING_HOMEDIR=1 Exit the login session if the user s home directory does not exist. Default value: ABORT_LOGIN_ON_MISSING_HOMEDIR=0
NAME security - security defaults configuration file DESCRIPTION A number of system commands and features are configured based on certain attributes defined in the /etc/default/security configuration file.
More informationInformation System Audit Engr. Abdul-Rahman Mahmood MS, PMP, MCP, QMR(ISO9001:2000)
Information System Audit Engr. Abdul-Rahman Mahmood MS, PMP, MCP, QMR(ISO9001:2000) armahmood786@yahoo.com alphasecure@gmail.com alphapeeler.sf.net/pubkeys/pkey.htm http://alphapeeler.sourceforge.net pk.linkedin.com/in/armahmood
More informationPasswords CSC 193 WAKE FOREST. U N I V E R S I T Y Department of Computer Science. Spring 2014
Passwords CSC 193 WAKE FOREST U N I V E R S I T Y Department of Computer Science Spring 2014 Unix Passwords In Unix, users are identified by user names Authenticated by passwords Therefore to login as
More informationHP-UX PAM RADIUS A Release Notes
HP-UX PAM RADIUS A.01.00 Release Notes HP-UX 11i v2, HP-UX 11i v3 HP Part Number: 5992-3382 Published: March 2008 Edition: 1.0 Copyright 2008 Hewlett-Packard Development Company, L.P. Confidential computer
More informationChapter 5: User Management. Chapter 5 User Management
Chapter 5: User Management Chapter 5 User Management Last revised: 20/6/2004 Chapter 5 Outline In this chapter we will learn Where user and group account information is stored How to manage user accounts
More informationOperating Systems Lab 1 (Users, Groups, and Security)
Operating Systems Lab 1 (Users, Groups, and Security) Overview This chapter covers the most common commands related to users, groups, and security. It will also discuss topics like account creation/deletion,
More informationHP-UX Security I. Ideal candidate for this course Experienced system and network administrators responsible for securing and monitoring HP-UX systems
Course Data Sheet HP-UX Security I Course description This course teaches you about the most common HP-UX system security vulnerabilities, and introduces a variety of tools and techniques that can be used
More informationConfiguring Message Notification
Last Updated: July 21, 2007 This chapter describes the procedures f implementing the Cisco Unity Express message notification feature and includes the following sections: Overview of Message Notification,
More informationPreposition Configuration Mode Commands
Chapter 3 Preposition Configuration Mode Commands To create and modify preposition directives on a WAAS device for prepositioning files for WAFS, use the accelerator cifs preposition global configuration
More informationFDX-2025TS User guide
TS User guide 2 1. TABLE OF CONTENTS 2. General... 4 3. Start page... 4 4. Logon... 5 5. Points... 6 3.1 Point status... 6 3.2 Point dialog... 7 3.2.1 Manual command... 7 3.2.2 Trend table... 8 3.2.3 Trend
More informationScheduling. Scheduling Tasks At Creation Time CHAPTER
CHAPTER 13 This chapter explains the scheduling choices available when creating tasks and when scheduling tasks that have already been created. Tasks At Creation Time The tasks that have the scheduling
More informationCisco HSI Backup and Restore Procedures
CHAPTER 6 The Cisco HSI provides a script for backing up configuration data. The script enables a system administrator to perform manual backups, schedule and administer automatic backups, and view a history
More informationUNIX/Linux Auditing. Baccam Consulting, LLC Training Events
UNIX/Linux Auditing Baccam Consulting, LLC tanya@securityaudits.org Training Events www.securityaudits.org/events.html ***CISSP Course being offered April 25-April 29, 2016 Copyright 2005-2016, Baccam
More informationBasic Security for HP-UX System Administrators
Basic Security for HP-UX System Administrators Bill Hassell Director of IT Systems and Methods, Inc. Major Security Areas Physical System Setup Logins Modems Patches IntraNetworks The Internet 2 Why is
More informationLinux Systems Security. Access Control and Authentication NETS1028 Fall 2016
Linux Systems Security Access Control and Authentication NETS1028 Fall 2016 Access Control Authenticating users is the act of trying to verify that a user is who they claim to be We generally rely on the
More informationLastPass Enterprise Recommended Policies Guide
LastPass Enterprise Recommended Policies Guide This document will help guide you through common scenarios and selecting policies to enable on your LastPass Enterprise account. We will not cover all policies
More informationQUESTION: 1 An RSA SecurID tokencode is unique for each successful authentication because
1 RSA - 050-v71-CASECURID02 RSA SecurID Certified Administrator 7.1 Exam QUESTION: 1 An RSA SecurID tokencode is unique for each successful authentication because A. a token periodically calculates a new
More informationCallPilot Programming Record
Part o. P0941757 02.1 CallPilot Programming Record 2 P0941757 02.1 About the CallPilot Programming Record 3 Use this guide to record how you program your CallPilot Mini, CallPilot 150 or Business Communications
More information32 GroupWise 6.5 Administration Guide
I System Chapter 1, GroupWise System Administration, on page 33 Chapter 2, ConsoleOne Administration Tool, on page 35 Chapter 3, GroupWise View, on page 37 Chapter 4, System Operations, on page 43 Chapter
More informationConfiguring the Hostname, Domain Name, Passwords, and Other Basic Settings
CHAPTER 5 Configuring the Hostname, Domain Name, Passwords, and Other Basic Settings This chapter describes how to configure basic settings on your ASA 1000V that are typically required for a functioning
More informationPart No. P CallPilot. Programming Record
Part o. P0941757 04 CallPilot Programming Record 2 P0941757 04 About the CallPilot Programming Record 3 Use this guide to record how you program your CallPilot Mini, CallPilot 150 or Business Communications
More informationGETTING STARTED WITH SINGAPORE STUDENT LEARNING SPACE Instructions for Students
ANNEX A(v28 March 18) GETTING STARTED WITH SINGAPORE STUDENT LEARNING SPACE Instructions for Students SYSTEM REQUIREMENTS 1. The Singapore Student Learning Space (SLS) is accessible through the internet
More informationISDS Security Enhancements Instructions
[ ISDS Security Enhancements Instructions Overview Introduction As networks become more complex, the requirements for data security become more important. It is no longer feasible to consider the ISDS
More informationOS Security. Authentication. Radboud University Nijmegen, The Netherlands. Winter 2014/2015
OS Security Authentication Radboud University Nijmegen, The Netherlands Winter 2014/2015 What does an OS do? Definition An operating system (OS) is a computer program that manages access of processes (programs)
More informationSpecops Password Policy
Specops Software. All right reserved. For more information about Specops Password Policy and other Specops products, visit www.specopssoft.com Copyright and Trademarks Specops Password Policy is a trademark
More informationUser accounts and authorization
User accounts and authorization Authentication vs authorization Authentication: proving the identity of someone Authorization: allowing a user to access certain resources 1 Government authorization documents
More informationCIT 470: Advanced Network and System Administration. Topics. Namespaces. Accounts and Namespaces. 1. Namespaces 2. Policies
CIT 470: Advanced Network and System Administration Accounts and Namespaces CIT 470: Advanced Network and System Administration Slide #1 Topics 1. Namespaces 2. Policies 1. selection 2. lifetime 3. scope
More informationMessage Networking 5.2 Administration print guide
Page 1 of 421 Administration print guide This print guide is a collection of system topics provided in an easy-to-print format for your convenience. Please note that the links shown in this document do
More informationIBM Security Identity Manager Version Administration Topics
IBM Security Identity Manager Version 6.0.0.5 Administration Topics IBM Security Identity Manager Version 6.0.0.5 Administration Topics ii IBM Security Identity Manager Version 6.0.0.5: Administration
More informationManaging Users and Configuring Role-Based Access Control
Managing s and Configuring Role-Based Access Control This section describes how to manage users in Prime Central, including defining users and passwords and configuring role-based access control (RBAC).
More informationProcesses are subjects.
Identification and Authentication Access Control Other security related things: Devices, mounting filesystems Search path Race conditions NOTE: filenames may differ between OS/distributions Principals
More informationUser & Group Administration
User & Group Administration David Morgan Users useradd/userdel /home/ /etc/passwd is the user database /etc/shadow has passwords (relocated from passwd) /etc/group whoami su / sudo / SUID process
More informationPass4sure CASECURID01.70 Questions
Pass4sure.050-80-CASECURID01.70 Questions Number: 050-80-CASECURID01 Passing Score: 800 Time Limit: 120 min File Version: 4.8 http://www.gratisexam.com/ 050-80-CASECURID01 RSA SecurID Certified Administrator
More information2. Perform the following steps to reset password using Password Reset Link Method:
PASSWORD RESET 1. If you have forgotten your password, you can reset it via the following methods: a) password reset using password reset link, b) password reset using security questions, or c) call the
More informationKerberos-enabled applications. Core services for UNIX shell programs and applications. Kerberos environment. Centrify DirectControl Service Library
Understanding Centrify DirectControl Agents The Centrify DirectControl Agent makes a UNIX, Linux, or Mac OS X computer look and behave like a Windows client computer to Active Directory. The Centrify DirectControl
More informationHP-UX Security H3541S
HPE course number Course length Delivery mode View schedule, local pricing, and register View related courses H3541S 5 days ILT, VILT View now View now HP-UX Security H3541S Concerned about system security?
More informationPayflow Implementer's Guide FAQs
Payflow Implementer's Guide FAQs FS-PF-FAQ-UG-201702--R016.00 Fairsail 2017. All rights reserved. This document contains information proprietary to Fairsail and may not be reproduced, disclosed, or used
More informationVeritas NetBackup Appliance Security Guide
Veritas NetBackup Appliance Security Guide Release 2.7.2 NetBackup 52xx and 5330 Veritas NetBackup Appliance Security Guide Documentation version: 2.7.2 Legal Notice Copyright 2016 Veritas Technologies
More information10 userdel: deleting a user account 9. 1 Context Tune the user environment and system environment variables [3]
1. Context 1.111.1 2 8 Deleting a group 8 1.111.1 Manage users and group accounts and related system files Weight 4 Outline Contents Linux Professional Institute Certification 102 Nick Urbanik
More informationNuts and Bolts of Enhanced Security Management for Tru64 UNIX
Nuts and Bolts of Enhanced Security Management for Tru64 UNIX Martin Moore Team Leader, Tru64 UNIX Support Hewlett-Packard 2004 Hewlett-Packard Development Company, L.P. The information contained herein
More informationRequesting Time Off: Employee Navigation Salaried Non-Exempt
Requesting Time Off: Employee Navigation Salaried Non-Exempt Logging on Log in using your Clemson Primary* Username and Password. URL: https://clemson.kronos.net (*To determine your Primary Username, go
More informationSA-027WQ. Manual. 7-Day Timer. Lighting Systems Access Controls Security Systems Environmental Controls. Automate the following:
SA-027WQ 7-Day Timer Manual Automate the following: Lighting Systems Access Controls Security Systems Environmental Controls 12~24 VAC/VDC Program up to 60 flexible events Holiday function (up to 99 days)
More informationRev A. DNCS System Release 5.0 Security Configuration Guide
4034689 Rev A DNCS System Release 5.0 Security Configuration Guide Please Read Important Please read this entire guide. If this guide provides installation or operation instructions, give particular attention
More informationSUDO(8) System Manager s Manual SUDO(8)
NAME sudo, sudoedit - execute a command as another user SYNOPSIS sudo -h -K -k -V sudo -v [-AknS] [-a type] [-g group] [-h host] [-p prompt] [-u user] sudo -l [-AknS] [-a type] [-g group] [-h host] [-p
More informationPerform the following steps to reset password using Password Reset Link Method:
PASSWORD RESET If you have forgotten your password, you can reset it via the following methods: a) password reset using password reset link, b) password reset using security questions, or c) call the SLS
More informationCallPilot Programming Record. BCM 4.0 CallPilot
CallPilot Programming Record BCM 4.0 CallPilot Document Status:Standard Document Version: 02 Part Code: 0027404 Date: June 2006 Copyright 2006 ortel etworks, All Rights Reserved The information in this
More informationLab Authentication, Authorization, and Accounting
Objectives Given a scenario, select the appropriate authentication, authorization, or access control Install and configure security controls when performing account management, based on best practices
More informationQ) Q) What is Linux and why is it so popular? Answer - Linux is an operating system that uses UNIX like Operating system...
Q) Q) What is Linux and why is it so popular? Answer - Linux is an operating system that uses UNIX like Operating system... Q) Q) What is the difference between home directory and working directory? Answer
More informationSecuring Linux Systems Before Deployment
Securing Linux Systems Before Deployment Richard Williams Senior Support Services Specialist Symark Why secure Linux systems? Your Linux enterprise installation is growing Assets on Linux systems are becoming
More informationAvaya Communications Process Manager Release 2.2 Web Portal Help for Administrative Users
Avaya Communications Process Manager Release 2.2 Web Portal Help for Administrative Users Document No. 04-601163 August 2008 Issue 10 2008 Avaya Inc. All Rights Reserved. Notice While reasonable efforts
More informationHP XP P9000 Remote Web Console Messages
HP XP P9000 Remote eb Console Messages Abstract This document lists the error codes and error messages for HP XP P9000 Remote eb Console for HP XP P9000 disk arrays, and provides recommended action for
More informationOS Security. Authentication. Radboud University Nijmegen, The Netherlands. Winter 2014/2015
OS Security Authentication Radboud University Nijmegen, The Netherlands Winter 2014/2015 What does an OS do? Definition An operating system (OS) is a computer program that manages access of processes (programs)
More informationZENworks 2017 Audit Management Reference. December 2016
ZENworks 2017 Audit Management Reference December 2016 Legal Notice For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions, U.S. Government rights,
More informationHow To Reset Local Group Policy Objects To Default Settings Windows 7
How To Reset Local Group Policy Objects To Default Settings Windows 7 more information. Group policy unable to apply firewall change on Windows 7 cilent - blocked Try to reset GPO settings to default values
More informationInterface Reference. McAfee Application Control Windows Interface Reference Guide. Add Installer page. (McAfee epolicy Orchestrator)
McAfee Application Control 8.1.0 - Windows Interface Reference Guide (McAfee epolicy Orchestrator) Interface Reference Add Installer page Add an existing installer to the McAfee epo repository. Table 1
More informationMANAGING THE NONUNIFORM BEHAVIOUR OF TERMINALS AND KEYBOARDS. : WHEN THINGS GO WRONG
MANAGING THE NONUNIFORM BEHAVIOUR OF TERMINALS AND KEYBOARDS. : WHEN THINGS GO WRONG Terminals and keyboards have no uniform behavioral pattern. Terminal settings directly impact the keyboard operation.
More informationHP-UX Containers (SRP) A Administrator s Guide
HP-UX Containers (SRP) A.03.01 Administrator s Guide HP-UX 11iv3 Table of contents Preface... 5 Intended audience... 5 Typographic conventions... 5 Related information... 6 Publishing history... 6 HP encourages
More informationRedhat Basic. Need. Your. What. Operation G U I D E. Technical Hand Note template version
Redhat Basic Operation G U I D E What Need Your www.next-asia.com Readhat Basic Operation Guide, Prepared by Nazmul Khan Page 1 of 43 Redhat Basic Operation Guide RedHat Installation Guide... 2 Installation...
More informationHow to Secure SSH with Google Two-Factor Authentication
How to Secure SSH with Google Two-Factor Authentication WELL, SINCE IT IS QUITE COMPLEX TO SET UP, WE VE DECIDED TO DEDICATE A WHOLE BLOG TO THAT PARTICULAR STEP! A few weeks ago we took a look at how
More informationUser Guide. Admin Guide. r
User Guide Admin Guide r 03.08.16 1 Welcome to Keeper! We re excited you have chosen to work with us. Let s get started by walking through how you can tell your employees about Keeper, then we ll walk
More informationUnderstanding Door Configuration
CHAPTER 5 This chapter describes the concepts used to configure doors and templates. A door configuration is a collection of devices, such as locks and readers, connected to a Cisco Physical Access Gateway
More informationOperating System Security. 0Handouts: Quizzes ProsoftTraining All Rights Reserved. Version 3.07
0Handouts: Lesson 1 Quiz 1. What is the working definition of authentication? a. The ability for a person or system to prove identity. b. Protection of data on a system or host from unauthorized access.
More informationWhy secure the OS? Operating System Security. Privilege levels in 80X86 processors. The basis of protection: Seperation. Privilege levels - A problem
Why secure the OS? Operating System Security Works directly on the hardware but can be adapted during runtime Data and process are directly visible Application security can be circumvented from lower layers
More informationPart No. P CallPilot. Programming Record
Part o. P0941757 01.1 CallPilot Programming Record 2 P0941757 01.1 About the CallPilot Programming Record 3 Use this guide to record how you program your CallPilot 100/150 or Business Communications Manager
More informationContents Using the Primavera Cloud Service Administrator's Guide... 9 Web Browser Setup Tasks... 10
Cloud Service Administrator's Guide 15 R2 March 2016 Contents Using the Primavera Cloud Service Administrator's Guide... 9 Web Browser Setup Tasks... 10 Configuring Settings for Microsoft Internet Explorer...
More informationVisit us on the World-Wide Web at Programming Guide. Controller Boards
Visit us on the World-Wide Web at www.chamberlain.com PRO Systems Programming Guide Controller Boards -106 & -107 PROKey PROCard TABLE OF CONTENTS INTRODUCTION About the PRO System................................3
More informationConfiguration Manager
CHAPTER 7 This chapter describes how to perform routine Cisco VXC Manager configuration management tasks using the Administrator Console. It provides information on managing the configuration settings
More informationPearson Edexcel Award
Pearson Edexcel Award January 2018 Examination Timetable FINAL For more information on Edexcel qualifications please visit http://qualifications.pearson.com Pearson Edexcel Award January 2018 Examination
More informationUsers and Groups. his chapter is devoted to the Users and Groups module, which allows you to create and manage UNIX user accounts and UNIX groups.
cameron.book Page 19 Monday, June 30, 2003 8:51 AM C H A P T E R 4 Users and Groups T his chapter is devoted to the Users and Groups module, which allows you to create and manage UNIX user accounts and
More informationModifying IPM Components
CHAPTER 4 This chapter provides information on modifying IPM components. IPM components include collectors, source routers, target devices, and operations. Information is provided on viewing, updating,
More informationCredential Policy CHAPTER
CHAPTER 21 Cisco Unified Communications Manager authenticates user login credentials before allowing system access. To help secure user accounts, you can specify settings for failed logon attempts, lockout
More informationREV SCHEDULER (iseries)
Powerful Scheduling made easy Run scheduled jobs in an unattended environment throughout your Enterprise to increase: Throughput, Accuracy, Efficiency. Base Model is native on all platforms Run REV SCHEDULER
More informationCiphermail Webmail Messenger Administration Guide
CIPHERMAIL EMAIL ENCRYPTION Ciphermail Webmail Messenger Administration Guide October 27, 2017, Rev: 8630 Copyright 2013-2017, ciphermail.com. CONTENTS CONTENTS Contents 1 Introduction 4 2 Admin login
More informationOptional Labs. 0Handouts: 2002 ProsoftTraining All Rights Reserved. Version 3.07
0Handouts: Optional Lab 1-1: Understanding the /etc/securetty file In this lab, you will examine a PAM component, the /etc/securetty file. 1. Boot into Linux as root. Open a Telnet client and attempt to
More informationCA Process Automation
CA Process Automation User Interface Reference Release 04.3.00 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation
More informationRSA Exam 050-v71-CASECURID02 RSA SecurID Certified Administrator 7.1 Exam Version: 6.0 [ Total Questions: 140 ]
s@lm@n RSA Exam 050-v71-CASECURID02 RSA SecurID Certified Administrator 7.1 Exam Version: 6.0 [ Total Questions: 140 ] Question No : 1 An RSA SecurID tokencode is unique for each successful authentication
More informationANNEX A GETTING STARTED WITH SINGAPORE STUDENT LEARNING SPACE Instructions for Students
ANNEX A GETTING STARTED WITH SINGAPORE STUDENT LEARNING SPACE Instructions for Students SYSTEM REQUIREMENTS 1. The Singapore Student Learning Space (SLS) is accessible through the internet browsers on
More informationSetting Up the Sensor
CHAPTER 4 This chapter provides information for setting up the sensor. This chapter contains the following sections: Understanding Initialization, page 4-1 Configuring Network Settings, page 4-1 Configuring
More informationPearson Edexcel Award
Pearson Edexcel Award May June 2018 Examination Timetable FINAL For more information on Edexcel qualifications please visit http://qualifications.pearson.com v3 Pearson Edexcel Award 2018 Examination View
More informationCSE 265: System and Network Administration
CSE 265: System and Network Administration User accounts The /etc/passwd file The /etc/shadow file Root powers Ownership of files and processes The superuser The /etc/group file Adding users Removing users
More informationFull file at
Chapter 2 Solutions Answers to the Chapter 2 Review Questions 1. The Melissa virus was transported by. c. e-mail 2. Which of the following are used for updates in Windows XP Professional? (Choose all that
More informationMicrosoft Unified Access Gateway 2010
RSA SecurID Ready Implementation Guide Partner Information Last Modified: March 26, 2013 Product Information Partner Name Web Site Product Name Version & Platform Product Description Microsoft www.microsoft.com
More informationElixir Domain Configuration and Administration
Elixir Domain Configuration and Administration Release 4.0.0 Elixir Technology Pte Ltd Elixir Domain Configuration and Administration: Release 4.0.0 Elixir Technology Pte Ltd Published 2015 Copyright 2015
More informationBasic Device Management
This chapter contains the following sections: About, page 1 Licensing Requirements for, page 2 Default Settings for Basic Device Parameters, page 3 Changing the Device Hostname, page 3 Configuring the
More informationOracle Communications Session Delivery Manager
Oracle Communications Session Delivery Manager Administration Guide Release 7.3 Formerly Net-Net Central December 2013 Copyright 2013, 2012 Oracle and/or its affiliates. All rights reserved. This software
More informationCheck List: Linux Machines
Check List: Linux Machines High Level Install and maintain malware protection software o Install MalWare (Defender) o Install AntiVirus (Microsoft Security Essentials) Account Management o Remove guest
More informationipac Access Controller
STANLEY MANUFACTURED ACCESS CONTROL ipac Access Controller QUICK START GUIDE QUICK USER GUIDE Contents Standalone Interface...3 ipac at a Glance...3 Button and Functions...4 Screen Display...4 Information
More informationDownloading and installing Db2 Developer Community Edition on Red Hat Enterprise Linux Roger E. Sanders Yujing Ke Published on October 24, 2018
Downloading and installing Db2 Developer Community Edition on Red Hat Enterprise Linux Roger E. Sanders Yujing Ke Published on October 24, 2018 This guide will help you download and install IBM Db2 software,
More informationBusiness Card Smart Data Getting Started Guide
Smart Data Getting Started Guide Table of contents Getting Started 3 Set-up Tasks 4 Spending Alert Configuration 5 Common Tasks 6 Transaction Summary 6 Glossary 7 Follow the links from to log into Smart
More informationSubstitute Quick Reference (SmartFindExpress Substitute Calling System and Web Center)
Substitute Quick Reference (SmartFindExpress Substitute Calling System and Web Center) System Phone Number 578-6618 Help Desk Phone Number 631-4868 (6:00 a.m. 4:30 p.m.) Write your Access number here Write
More informationScheduler Plug-In Help Kepware Technologies
2015 Kepware Technologies 2 Table of Contents Table of Contents 2 4 Plug-In Interface 5 Schedule Properties 7 Recurrence Configuration 8 Exception Configuration 9 Daylight Saving Time 10 Defining Tags
More informationZodiac Link QUICKSTART GUIDE
Zodiac Link QUICKSTART GUIDE May 2014 Table of Contents Step 1 Enroll Administrator... 3 Step 2 Set Mode... 3 Step 3 Set Slaves... 4 Step 4 Map Slaves... 4 Step 5 Set Reader Clock... 4 Step 6 - Synchronize
More informationThe following steps guide you through logging in to the Virtual Gateway:
Logon Process for the Virtual Gateway The following steps guide you through logging in to the Virtual Gateway: 1. Access the Virtual Gateway home page at www.mass.gov/vg and click the Logon link: Click
More informationYou can access data using the FTP/SFTP protocol. This document will guide you in the procedures for configuring FTP/SFTP access.
You can access data using the FTP/SFTP protocol. This document will guide you in the procedures for configuring FTP/SFTP access. Overview of Configuring FTP/SFTP Access In order to access data using the
More informationParental Webcam. User Guide
Parental Webcam User Guide 1 Table of Contents 1 Opening an Account 3 1.1 The Unique Nursery Code 3 1.2 Your Details 4 2 Logging In 5 2.1 Forgotten / Changing your Password 5 3 Viewing a Camera 8 3.1 The
More informationOracle 1Z Oracle Solaris 11 System Administration.
Oracle Oracle Solaris 11 System Administration http://killexams.com/exam-detail/ QUESTION: 147 Review the boot environments displayed on your system: Which option describes the solaris-1 BE? A. It is active
More informationSchedule/BACnet Schedule
Object Dictionary 1 Schedule/BACnet Schedule Introduction Note: The Johnson Controls Schedule object is considered a BACnet Schedule object because it supports BACnet functionality. In addition, this object
More informationXitron LuxelF9000 v3.02b Plugin Install Notes Wednesday, March 13, 2002
Xitron LuxelF9000 v3.02b Plugin Install Notes Wednesday, March 13, 2002 As an interim solution for the newer Sumo/LuxelF9000 recorders with updated resolutions, Xitron has released a new plugin to support
More informationCisco Unity Express 8.0 Voic System User s Guide for Advanced Features
Cisco Unity Express 8.0 Voice-Mail System User s Guide for Advanced Features First Published: October 26, 2010 This guide provides information about using some of the advanced voice-mail features of your
More informationIdentity, Authentication, and Access Control
Identity, Authentication, and Access Control License This work by Z. Cliffe Schreuders at Leeds Metropolitan University is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.
More information