ABORT_LOGIN_ON_MISSING_HOMEDIR=1 Exit the login session if the user s home directory does not exist. Default value: ABORT_LOGIN_ON_MISSING_HOMEDIR=0
|
|
- Barnard Long
- 6 years ago
- Views:
Transcription
1 NAME security - security defaults configuration file DESCRIPTION A number of system commands and features are configured based on certain attributes defined in the /etc/default/security configuration file. This file must be world readable and root writable. Each line in the file is treated either as a comment or as configuration information for a given system command or feature. Comments are denoted by a # at the beginning of a line. Noncomment lines are of the form, attribute=value. If any attribute is not defined or is commented out in this file, the default behavior detailed below will apply. The default value of each attribute is defined in the /etc/security.dsc file. Attribute definitions, valid values, and defaults are defined as follows: ABORT_LOGIN_ON_MISSING_HOMEDIR This attribute controls login behavior if a user s home directory does not exist. Note that this is only enforced for non-root users and only applies to the login command or those services that indirectly invoke login such as the telnetd and rlogind commands. ABORT_LOGIN_ON_MISSING_HOMEDIR=0 Login with / as the home directory if the user s home directory does not exist. ABORT_LOGIN_ON_MISSING_HOMEDIR=1 Exit the login session if the user s home directory does not exist. Default value: ABORT_LOGIN_ON_MISSING_HOMEDIR=0 ALLOW_NULL_PASSWORD This attribute determines whether or not users with a null password can login. It does not apply to trusted systems. This attribute is supported only for non-root users managed by pam_unix (described in pam_unix (5)); this typically includes local and NIS users. For local users, the system-wide default defined here in /etc/default/security may be overridden by defining a per-user value in /var/adm/userdb (described in userdb(4)). ALLOW_NULL_PASSWORD=0 Users with a null password cannot login. ALLOW_NULL_PASSWORD=1 Users with a null password can login. Default value: ALLOW_NULL_PASSWORD=1 AUDIT_FLAG This attribute controls whether or not users are to be audited. It does not apply to trusted systems. This attribute is supported for users in all name server switch repositories, such as local, NIS and LDAP. This attribute is enforced in the pam_hpsec service module, and requires that the pam_hpsec module be configured in /etc/pam.conf. See pam_hpsec (5). The system-wide default defined here may be overridden by defining a per-user value in /var/adm/userdb (described in userdb(4)). For more information about HP-UX auditing, see audit (5). AUDIT_FLAG=0 Do not audit. AUDIT_FLAG=1 Audit. Default value: AUDIT_FLAG=1 AUTH_MAXTRIES This attribute controls whether an account is locked after too many consecutive authentication failures. It does not apply to trusted systems. This attribute is supported for users in all name server switch repositories, such as local, NIS and LDAP. This attribute is enforced in the pam_hpsec service module, and requires that the pam_hpsec module be configured in /etc/pam.conf. See pam_hpsec (5). Other PAM service modules in your configuration may enforce additional restrictions. The system-wide default defined here may be overridden by defining a per-user value in /var/adm/userdb (described in userdb(4)). When an account has been locked due to too many authentication failures, root can unlock the account by this command: HP-UX 11i Version 3: September Hewlett-Packard Company 1
2 userdbset -d -u username auth_failures AUTH_MAXTRIES=0 Any number of authentication retries is allowed. AUTH_MAXTRIES=N An account is locked after N+1 consecutive authentication failures. N can be any positive integer. Default value: AUTH_MAXTRIES=0 BOOT_AUTH This attribute controls whether authentication is required to boot the system into single user mode. If enabled, the system cannot be booted into single user mode until the password of an authorized user is provided. This attribute does not apply to trusted systems. However, if boot authentication is enabled on a standard system, then when the system is converted to a trusted system, boot authentication will also be enabled as default for the trusted system. BOOT_AUTH=0 Boot authentication is turned OFF. BOOT_AUTH=1 Boot authentication is turned ON. Default value: BOOT_AUTH=0 BOOT_USERS This attribute defines the names of users who are authorized to boot the system into single user mode from the console. Names are separated by a comma (,). It only takes effect when boot authentication is enabled. Refer to the description of the BOOT_AUTH attribute. The BOOT_USERS attribute does not apply to trusted systems. However, when a standard system is converted to a trusted system, this information is translated. For example: BOOT_USERS=mary,jack Other than the root user, user mary or jack can also boot the system into single user mode from the console. Default value: BOOT_USERS=root CRYPT_ALGORITHMS_DEPRECATE This attribute lists the password hash algorithms that must be deprecated when a user s password is changed. This attribute is only valid when the SHA11i3 product is installed. CRYPT_DEFAULT This attribute specifies the default password hash algorithm. It is used when a new user password is created, and either the user did not have a password before or the old password was hashed with a deprecated algorithm (listed in CRYPT_ALGORITHMS_DEPRECATE). The value of CRYPT_DEFAULT should not be present in CRYPT_ALGORITHMS_DEPRECATE. This attribute is only valid when the SHA11i3 product is installed. CRYPT_DEFAULT= unix The default hash algorithm is the traditional DES-based algorithm. Refer to crypt (3C) for more information. CRYPT_DEFAULT=6 The default hash algorithm is method 6, a newer hash algorithm based on SHA-512. For example: CRYPT_ALGORITHMS_DEPRECATE= unix CRYPT_DEFAULT=6 If a user s password is created for the first time, it is hashed using method 6. Or if a user s old password was hashed using unix, the new password is hashed using method 6. Default value: CRYPT_DEFAULT= unix DISPLAY_LAST_LOGIN This attribute controls whether a successful login displays the date, time and origin of the last successful login and the last authentication failure. Times are displayed 2 Hewlett-Packard Company 2 HP-UX 11i Version 3: September 2010
3 using the system s time zone. See the discussion of time zones in the Notes section. This attribute does not apply to trusted systems. This attribute is supported for users in all name server switch repositories, such as local, NIS and LDAP. This attribute is enforced in the pam_hpsec service module, and requires that the pam_hpsec module be configured in /etc/pam.conf. See pam_hpsec (5). The system-wide default defined here may be overridden by defining a per-user value in /var/adm/userdb (described in userdb(4)). DISPLAY_LAST_LOGIN=0 Information is not displayed. DISPLAY_LAST_LOGIN=1 Information is displayed. Default value: DISPLAY_LAST_LOGIN=1 INACTIVITY_MAXDAYS This attribute controls whether an account is locked if there have been no logins to the account for a specified time interval. It does not apply to trusted systems. This attribute is supported only for non-root users managed by pam_unix (described in pam_unix (5)); this typically includes local and NIS users. In most cases this attribute can be enforced only as a system-wide default, however, for local users on a shadow password system, the system-wide default defined here in /etc/default/security may be overridden by defining a per-user value in the inactivity field of /etc/shadow with either one of these commands: useradd -f inactive_maxdays usermod -f inactive_maxdays When an account has been locked due to this feature, root can unlock the account by this command: userdbset -d -u username login_time INACTIVITY_MAXDAYS=0 Inactive accounts are not expired. INACTIVITY_MAXDAYS=N Inactive accounts are expired if there have been no logins to the account for at least N days. N can be any positive integer. Default value: INACTIVITY_MAXDAYS=0 LOGIN_TIMES This attribute restricts logins to specific time periods. Login time restrictions are based on the system s time zone. See the discussion of time zones in the Notes section. This attribute does not apply to trusted systems. This attribute is supported for users in all name server switch repositories, such as local, NIS and LDAP. This attribute is enforced in the pam_hpsec service module, and requires that the pam_hpsec module be configured in /etc/pam.conf. See pam_hpsec (5). Other PAM service modules in your configuration may enforce additional restrictions. The system-wide default defined here may be overridden by defining a per-user value in /var/adm/userdb (described in userdb(4)). LOGIN_TIMES=timeperiod An account is locked if the current time is not within the specified time period. The timeperiod consists of any number of day and time ranges separated by colons. A user is allowed to access the system when the login time is within any of the specified ranges. The days are specified by the following abbreviations: Su Mo Tu We Th Fr Sa Wk Any Where Wk is all week days and Any is any day of the week. A time range can be included after the day specification. A time range is a 24-hour time period, specified as hours and minutes separated by a hyphen. Each time must be specified with 4 digits (HHMM-HHMM ). Leading zeros are required. This time range indicates the start and end time for the specified days. The start time must be less than the end time. When no time range is specified, all times within the day(s) are valid. If the current time is within the range of any of the time ranges specified for a user, the user is allowed to access the system. HP-UX 11i Version 3: September Hewlett-Packard Company 3
4 Do not use as a time range to prevent user access. For example, Any:Fr cannot be used to disallow access on Fridays. Instead, SuMo- TuWeThSa should be used. See the EXAMPLES section. Default value: LOGIN_TIMES=Any Can login any day of the week. LONG_PASSWORD This attribute determines whether or not the length of a password can exceed 8 characters. This attribute is valid only when the LongPassword11i3 product is installed and the password hash algorithm is different from the traditional DES-based hash algorithm, see CRYPT_DEFAULT. LONG_PASSWORD=0 Passwords are limited to 8 characters. LONG_PASSWORD=1 Passwords can have more than 8 characters. Default value: LONG_PASSWORD=0 MIN_PASSWORD_LENGTH This attribute controls the minimum length of new passwords. On trusted systems it applies to all users. On standard systems it applies to non-root local users and to NIS users. The system-wide default defined here may be overridden by defining per-user values in /var/adm/userdb (described in userdb(4)). MIN_PASSWORD_LENGTH=N New passwords must contain at least N characters. For standard systems, N can be any value from 3 to 8. For trusted systems, N can be any value from 6 to 80. Default value: MIN_PASSWORD_LENGTH=6 NOLOGIN This attribute controls whether non-root login can be disabled by the /etc/nologin file. Note that this attribute only applies to the applications that use session management services provided by pam_hpsec as configured in /etc/pam.conf, or those services that indirectly invoke login such as the telnetd and rlogind commands. Other services may or may not choose to enforce the /etc/nologin file. NOLOGIN=0 Ignore the /etc/nologin file and do not exit if the /etc/nologin file exists. NOLOGIN=1 Display the contents of the /etc/nologin file and exit if the /etc/nologin file exists. Default value: NOLOGIN=0 NUMBER_OF_LOGINS_ALLOWED This attribute controls the number of simultaneous logins allowed per user. Note that this is only enforced for non-root users and only applies to the applications that use session management services provided by pam_hpsec as configured in /etc/pam.conf, or those services that indirectly invoke login, such as the telnetd and rlogind commands. The system-wide default defined here may be overridden by defining a per-user value in /var/adm/userdb (described in userdb(4)). NUMBER_OF_LOGINS_ALLOWED=0 Any number of logins are allowed per user. NUMBER_OF_LOGINS_ALLOWED=N N number of logins are allowed per user. Default value: NUMBER_OF_LOGINS_ALLOWED=0 PASSWORD_HISTORY_DEPTH This attribute controls the password history depth. A new password is checked against passwords stored in the user s password history. This prevents the user from re-using a recently used password. This attribute applies only to local users. For a trusted system, the maximum password history depth is 10 and the minimum is 1. For a standard system, the maximum password history depth is 24 and the minimum is 1. The system-wide default defined here may be overridden by defining a per-user value in /var/adm/userdb (described in userdb(4)). 4 Hewlett-Packard Company 4 HP-UX 11i Version 3: September 2010
5 PASSWORD_HISTORY_DEPTH=N A new password is checked against the N most recently used passwords, including the current password. For example, a password history depth of 2 prevents a user from alternating between two passwords. Default value: PASSWORD_HISTORY_DEPTH=1 Cannot re-use the current password. PASSWORD_MIN_type_CHARS Attributes of this form are used to require new passwords to have a minimum number of characters of particular types (upper case, lower case, digits or special characters). This can be helpful in enforcing site security policies about selecting passwords that are not easy to guess. This attribute applies only to non-root local users. The system-wide default defined here may be overridden by defining a peruser value in /var/adm/userdb (described in userdb(4)). PASSWORD_MIN_UPPER_CASE_CHARS=N Specifies that a minimum of N upper-case characters are required in a password when changed. PASSWORD_MIN_LOWER_CASE_CHARS=N Specifies that a minimum of N lower-case characters are required in a password when changed. PASSWORD_MIN_DIGIT_CHARS=N Specifies that a minimum of N digit characters are required in a password when changed. PASSWORD_MIN_SPECIAL_CHARS=N Specifies that a minimum of N special characters are required in a password when changed. Default value: The default for each of these attributes is zero. PASSWORD_MAXDAYS This attribute controls the default maximum number of days that passwords are valid. This value, if specified, is used by the authentication subsystem during the password change process in the case where aging restrictions do not already exist for the given user. The value takes effect after the password change. This attribute applies only to local users and does not apply to trusted systems. The passwd -x option can be used to override this value for a specific user. PASSWORD_MAXDAYS=N A new password is valid for up to N days, after which the password must be changed. N can be an integer from -1 to 441. Default value: PASSWORD_MAXDAYS=-1 password aging is turned off. PASSWORD_MINDAYS This attribute controls the default minimum number of days before a password can be changed. This value is used by the authentication subsystem during the password change process in the case where aging restrictions do not already exist for the user. The value is stored persistently and takes effect after the password change. This attribute applies only to local users and does not apply to trusted systems. The passwd -n option can be used to override this value for a specific user. PASSWORD_MINDAYS=N A new password cannot be changed until at least N days since it was last changed. N can be an integer from 0 to 441. Default value: PASSWORD_MINDAYS=0 PASSWORD_WARNDAYS This attribute controls the default number of days before password expiration that a user is to be warned that the password must be changed. This value, if specified, is used by the authentication subsystem during the password change process in the case where aging restrictions do not already exist for the given user. The value takes effect after the password change. This attribute applies only to local users on shadow password systems. The passwd -w option can be used to override this value for a specific user. PASSWORD_WARNDAYS=N Users are warned N days before their password expires. N can be an integer from 0 to 441. Default value: PASSWORD_WARNDAYS=0 (no warning) HP-UX 11i Version 3: September Hewlett-Packard Company 5
6 SU_DEFAULT_PATH This attribute defines a new default PATH environment value to be set when su to a non-superuser account is done. Refer to su(1). SU_DEFAULT_PATH=new_PATH The PATH environment variable is set to new_path when the su command is invoked. The path value is not validated. This attribute does not apply to a superuser account, and is applicable only when the "-" option is not used with the su command. Default value: If this attribute is not defined or if it is commented out, PATH is not changed. SU_KEEP_ENV_VARS This attribute forces su to propagate certain unsafe environment variables to its child process despite the security risk of doing so. Refer to su(1). By default, su does not export the environment variables HOME, ENV, IFS, SHLIB_PATH or LD_* because they could be maliciously misused. Any combination of these can be specified in this entry, with a comma separating the variables. Currently, no other environment variables may be specified in this way. This may change in future HP-UX releases as security needs require. SU_KEEP_ENV_VARS=var1,var2,...,varN Default value: If this attribute is not defined or if it is commented out, these environment variables will not be propagated by the su command. SU_ROOT_GROUP This attribute defines the root group name for the su command. Refer to su(1). SU_ROOT_GROUP=group_name The root group name is set to the specified symbolic group name. The su command enforces the restriction that a non-superuser must be a member of the specified root group to be allowed to su to root. This does not alter password checking. Default value: If this attribute is not defined or if it is commented out, there is no default value. In this case, a non superuser is allowed to su to root without being bound by root group restrictions. UMASK This attribute controls umask() of all sessions initiated via pam_hpsec. This attribute is supported for users in all name server switch repositories, such as local, NIS and LDAP. This attribute is enforced in the pam_hpsec service module, and requires that the pam_hpsec module be configured in /etc/pam.conf. See pam_hpsec (5). It accepts values from 0 to 0777 as an unsigned octal integer (must have a leading zero to denote octal). The system-wide default defined here may be overridden by defining a per-user value in /var/adm/userdb (described in userdb(4)). UMASK=default_umask The current umask is set or restricted further with the value of default_umask. For trusted systems, the umask is also restricted so as not to exceed SEC_DEFAULT_MODE defined in /usr/include/hpsecurity.h. Default value: UMASK=0 Notes Use the functions defined in secdef (3) to read the values of the attributes defined in this file. The usage, possible values and default value of each of the attributes described in this manpage is defined in the /etc/security.dsc file. The behavior of some attributes is affected by the time zone. For these attributes the time zone is determined by the first line of the form TZ=timezone in the file /etc/timezone. If the time zone is not specified in this file, it is obtained from the file /etc/default/tz, as described in tzset (3C). 6 Hewlett-Packard Company 6 HP-UX 11i Version 3: September 2010
7 EXAMPLES The following are examples of LOGIN_TIMES usage. SaSu:Wk The user can login to the system all day on weekends and after 6:00 pm on week days. MoWeFr :TuThSu The user can login to the system on Monday, Wednesday and Friday from 10:00 am to 2:00 pm and on Tuesday, Thursday, and Sunday from 8:00 am to 5:00 pm. Any The user can login to the system every day from 4:00 am until 1:00 pm. Any No day or time restrictions. This is the default. Mo :Tu The user can login to the system any time between Monday after 6:00 pm until Tuesday at 3:00 am. Mo :Mo The user can only login to the system on Mondays between midnight and 3:00 am or after 6:00 pm on Mondays. WARNINGS HP-UX 11i Version 3 is the last release to support trusted systems functionality. AUTHOR The security file was developed by HP. FILES /etc/default/security /etc/security.dsc /var/adm/userdb security defaults configuration file security attributes description file user database SEE ALSO login(1), passwd(1), su(1), init(1m), userstat(1m), secdef(3), pam.conf(4), userdb(4), pam_hpsec(5), pam_unix(5). HP-UX 11i Version 3: September Hewlett-Packard Company 7
8 (Notes) (Notes) 8 Hewlett-Packard Company 1 HP-UX 11i Version 3: September 2010
ABORT_LOGIN_ON_MISSING_HOMEDIR=1 Exit the login session if the user s home directory does not exist. Default value: ABORT_LOGIN_ON_MISSING_HOMEDIR=0
NAME security - security defaults configuration file DESCRIPTION A number of system commands and features are configured based on certain attributes defined in the /etc/default/security configuration file.
More informationInformation System Audit Engr. Abdul-Rahman Mahmood MS, PMP, MCP, QMR(ISO9001:2000)
Information System Audit Engr. Abdul-Rahman Mahmood MS, PMP, MCP, QMR(ISO9001:2000) armahmood786@yahoo.com alphasecure@gmail.com alphapeeler.sf.net/pubkeys/pkey.htm http://alphapeeler.sourceforge.net pk.linkedin.com/in/armahmood
More informationPasswords CSC 193 WAKE FOREST. U N I V E R S I T Y Department of Computer Science. Spring 2014
Passwords CSC 193 WAKE FOREST U N I V E R S I T Y Department of Computer Science Spring 2014 Unix Passwords In Unix, users are identified by user names Authenticated by passwords Therefore to login as
More informationChapter 5: User Management. Chapter 5 User Management
Chapter 5: User Management Chapter 5 User Management Last revised: 20/6/2004 Chapter 5 Outline In this chapter we will learn Where user and group account information is stored How to manage user accounts
More informationFDX-2025TS User guide
TS User guide 2 1. TABLE OF CONTENTS 2. General... 4 3. Start page... 4 4. Logon... 5 5. Points... 6 3.1 Point status... 6 3.2 Point dialog... 7 3.2.1 Manual command... 7 3.2.2 Trend table... 8 3.2.3 Trend
More informationScheduling. Scheduling Tasks At Creation Time CHAPTER
CHAPTER 13 This chapter explains the scheduling choices available when creating tasks and when scheduling tasks that have already been created. Tasks At Creation Time The tasks that have the scheduling
More informationConfiguring Message Notification
Last Updated: July 21, 2007 This chapter describes the procedures f implementing the Cisco Unity Express message notification feature and includes the following sections: Overview of Message Notification,
More informationHP-UX Security I. Ideal candidate for this course Experienced system and network administrators responsible for securing and monitoring HP-UX systems
Course Data Sheet HP-UX Security I Course description This course teaches you about the most common HP-UX system security vulnerabilities, and introduces a variety of tools and techniques that can be used
More informationCisco HSI Backup and Restore Procedures
CHAPTER 6 The Cisco HSI provides a script for backing up configuration data. The script enables a system administrator to perform manual backups, schedule and administer automatic backups, and view a history
More informationOperating Systems Lab 1 (Users, Groups, and Security)
Operating Systems Lab 1 (Users, Groups, and Security) Overview This chapter covers the most common commands related to users, groups, and security. It will also discuss topics like account creation/deletion,
More informationHP-UX PAM RADIUS A Release Notes
HP-UX PAM RADIUS A.01.00 Release Notes HP-UX 11i v2, HP-UX 11i v3 HP Part Number: 5992-3382 Published: March 2008 Edition: 1.0 Copyright 2008 Hewlett-Packard Development Company, L.P. Confidential computer
More informationLinux Systems Security. Access Control and Authentication NETS1028 Fall 2016
Linux Systems Security Access Control and Authentication NETS1028 Fall 2016 Access Control Authenticating users is the act of trying to verify that a user is who they claim to be We generally rely on the
More informationUNIX/Linux Auditing. Baccam Consulting, LLC Training Events
UNIX/Linux Auditing Baccam Consulting, LLC tanya@securityaudits.org Training Events www.securityaudits.org/events.html ***CISSP Course being offered April 25-April 29, 2016 Copyright 2005-2016, Baccam
More informationPreposition Configuration Mode Commands
Chapter 3 Preposition Configuration Mode Commands To create and modify preposition directives on a WAAS device for prepositioning files for WAFS, use the accelerator cifs preposition global configuration
More informationLastPass Enterprise Recommended Policies Guide
LastPass Enterprise Recommended Policies Guide This document will help guide you through common scenarios and selecting policies to enable on your LastPass Enterprise account. We will not cover all policies
More informationOS Security. Authentication. Radboud University Nijmegen, The Netherlands. Winter 2014/2015
OS Security Authentication Radboud University Nijmegen, The Netherlands Winter 2014/2015 What does an OS do? Definition An operating system (OS) is a computer program that manages access of processes (programs)
More informationCIT 470: Advanced Network and System Administration. Topics. Namespaces. Accounts and Namespaces. 1. Namespaces 2. Policies
CIT 470: Advanced Network and System Administration Accounts and Namespaces CIT 470: Advanced Network and System Administration Slide #1 Topics 1. Namespaces 2. Policies 1. selection 2. lifetime 3. scope
More information2. Perform the following steps to reset password using Password Reset Link Method:
PASSWORD RESET 1. If you have forgotten your password, you can reset it via the following methods: a) password reset using password reset link, b) password reset using security questions, or c) call the
More information32 GroupWise 6.5 Administration Guide
I System Chapter 1, GroupWise System Administration, on page 33 Chapter 2, ConsoleOne Administration Tool, on page 35 Chapter 3, GroupWise View, on page 37 Chapter 4, System Operations, on page 43 Chapter
More informationBasic Security for HP-UX System Administrators
Basic Security for HP-UX System Administrators Bill Hassell Director of IT Systems and Methods, Inc. Major Security Areas Physical System Setup Logins Modems Patches IntraNetworks The Internet 2 Why is
More informationQUESTION: 1 An RSA SecurID tokencode is unique for each successful authentication because
1 RSA - 050-v71-CASECURID02 RSA SecurID Certified Administrator 7.1 Exam QUESTION: 1 An RSA SecurID tokencode is unique for each successful authentication because A. a token periodically calculates a new
More informationUser accounts and authorization
User accounts and authorization Authentication vs authorization Authentication: proving the identity of someone Authorization: allowing a user to access certain resources 1 Government authorization documents
More informationPerform the following steps to reset password using Password Reset Link Method:
PASSWORD RESET If you have forgotten your password, you can reset it via the following methods: a) password reset using password reset link, b) password reset using security questions, or c) call the SLS
More informationMessage Networking 5.2 Administration print guide
Page 1 of 421 Administration print guide This print guide is a collection of system topics provided in an easy-to-print format for your convenience. Please note that the links shown in this document do
More informationProcesses are subjects.
Identification and Authentication Access Control Other security related things: Devices, mounting filesystems Search path Race conditions NOTE: filenames may differ between OS/distributions Principals
More informationAvaya Communications Process Manager Release 2.2 Web Portal Help for Administrative Users
Avaya Communications Process Manager Release 2.2 Web Portal Help for Administrative Users Document No. 04-601163 August 2008 Issue 10 2008 Avaya Inc. All Rights Reserved. Notice While reasonable efforts
More informationVeritas NetBackup Appliance Security Guide
Veritas NetBackup Appliance Security Guide Release 2.7.2 NetBackup 52xx and 5330 Veritas NetBackup Appliance Security Guide Documentation version: 2.7.2 Legal Notice Copyright 2016 Veritas Technologies
More informationOS Security. Authentication. Radboud University Nijmegen, The Netherlands. Winter 2014/2015
OS Security Authentication Radboud University Nijmegen, The Netherlands Winter 2014/2015 What does an OS do? Definition An operating system (OS) is a computer program that manages access of processes (programs)
More information10 userdel: deleting a user account 9. 1 Context Tune the user environment and system environment variables [3]
1. Context 1.111.1 2 8 Deleting a group 8 1.111.1 Manage users and group accounts and related system files Weight 4 Outline Contents Linux Professional Institute Certification 102 Nick Urbanik
More informationRev A. DNCS System Release 5.0 Security Configuration Guide
4034689 Rev A DNCS System Release 5.0 Security Configuration Guide Please Read Important Please read this entire guide. If this guide provides installation or operation instructions, give particular attention
More informationHP-UX Security H3541S
HPE course number Course length Delivery mode View schedule, local pricing, and register View related courses H3541S 5 days ILT, VILT View now View now HP-UX Security H3541S Concerned about system security?
More informationKerberos-enabled applications. Core services for UNIX shell programs and applications. Kerberos environment. Centrify DirectControl Service Library
Understanding Centrify DirectControl Agents The Centrify DirectControl Agent makes a UNIX, Linux, or Mac OS X computer look and behave like a Windows client computer to Active Directory. The Centrify DirectControl
More informationConfiguring the Hostname, Domain Name, Passwords, and Other Basic Settings
CHAPTER 5 Configuring the Hostname, Domain Name, Passwords, and Other Basic Settings This chapter describes how to configure basic settings on your ASA 1000V that are typically required for a functioning
More informationCallPilot Programming Record
Part o. P0941757 02.1 CallPilot Programming Record 2 P0941757 02.1 About the CallPilot Programming Record 3 Use this guide to record how you program your CallPilot Mini, CallPilot 150 or Business Communications
More informationPart No. P CallPilot. Programming Record
Part o. P0941757 04 CallPilot Programming Record 2 P0941757 04 About the CallPilot Programming Record 3 Use this guide to record how you program your CallPilot Mini, CallPilot 150 or Business Communications
More informationPearson Edexcel Award
Pearson Edexcel Award January 2018 Examination Timetable FINAL For more information on Edexcel qualifications please visit http://qualifications.pearson.com Pearson Edexcel Award January 2018 Examination
More informationModifying IPM Components
CHAPTER 4 This chapter provides information on modifying IPM components. IPM components include collectors, source routers, target devices, and operations. Information is provided on viewing, updating,
More informationManaging Users and Configuring Role-Based Access Control
Managing s and Configuring Role-Based Access Control This section describes how to manage users in Prime Central, including defining users and passwords and configuring role-based access control (RBAC).
More informationISDS Security Enhancements Instructions
[ ISDS Security Enhancements Instructions Overview Introduction As networks become more complex, the requirements for data security become more important. It is no longer feasible to consider the ISDS
More informationPass4sure CASECURID01.70 Questions
Pass4sure.050-80-CASECURID01.70 Questions Number: 050-80-CASECURID01 Passing Score: 800 Time Limit: 120 min File Version: 4.8 http://www.gratisexam.com/ 050-80-CASECURID01 RSA SecurID Certified Administrator
More informationRequesting Time Off: Employee Navigation Salaried Non-Exempt
Requesting Time Off: Employee Navigation Salaried Non-Exempt Logging on Log in using your Clemson Primary* Username and Password. URL: https://clemson.kronos.net (*To determine your Primary Username, go
More informationPayflow Implementer's Guide FAQs
Payflow Implementer's Guide FAQs FS-PF-FAQ-UG-201702--R016.00 Fairsail 2017. All rights reserved. This document contains information proprietary to Fairsail and may not be reproduced, disclosed, or used
More informationNuts and Bolts of Enhanced Security Management for Tru64 UNIX
Nuts and Bolts of Enhanced Security Management for Tru64 UNIX Martin Moore Team Leader, Tru64 UNIX Support Hewlett-Packard 2004 Hewlett-Packard Development Company, L.P. The information contained herein
More informationIBM Security Identity Manager Version Administration Topics
IBM Security Identity Manager Version 6.0.0.5 Administration Topics IBM Security Identity Manager Version 6.0.0.5 Administration Topics ii IBM Security Identity Manager Version 6.0.0.5: Administration
More informationPearson Edexcel Award
Pearson Edexcel Award May June 2018 Examination Timetable FINAL For more information on Edexcel qualifications please visit http://qualifications.pearson.com v3 Pearson Edexcel Award 2018 Examination View
More informationQ) Q) What is Linux and why is it so popular? Answer - Linux is an operating system that uses UNIX like Operating system...
Q) Q) What is Linux and why is it so popular? Answer - Linux is an operating system that uses UNIX like Operating system... Q) Q) What is the difference between home directory and working directory? Answer
More informationSecuring Linux Systems Before Deployment
Securing Linux Systems Before Deployment Richard Williams Senior Support Services Specialist Symark Why secure Linux systems? Your Linux enterprise installation is growing Assets on Linux systems are becoming
More informationSpecops Password Policy
Specops Software. All right reserved. For more information about Specops Password Policy and other Specops products, visit www.specopssoft.com Copyright and Trademarks Specops Password Policy is a trademark
More informationInterface Reference. McAfee Application Control Windows Interface Reference Guide. Add Installer page. (McAfee epolicy Orchestrator)
McAfee Application Control 8.1.0 - Windows Interface Reference Guide (McAfee epolicy Orchestrator) Interface Reference Add Installer page Add an existing installer to the McAfee epo repository. Table 1
More informationProgramming Assignment 0
CMSC 17 Computer Networks Fall 017 Programming Assignment 0 Assigned: August 9 Due: September 7, 11:59:59 PM. 1 Description In this assignment, you will write both a TCP client and server. The client has
More informationUser & Group Administration
User & Group Administration David Morgan Users useradd/userdel /home/ /etc/passwd is the user database /etc/shadow has passwords (relocated from passwd) /etc/group whoami su / sudo / SUID process
More informationElixir Domain Configuration and Administration
Elixir Domain Configuration and Administration Release 4.0.0 Elixir Technology Pte Ltd Elixir Domain Configuration and Administration: Release 4.0.0 Elixir Technology Pte Ltd Published 2015 Copyright 2015
More informationUser Guide. Admin Guide. r
User Guide Admin Guide r 03.08.16 1 Welcome to Keeper! We re excited you have chosen to work with us. Let s get started by walking through how you can tell your employees about Keeper, then we ll walk
More informationSUDO(8) System Manager s Manual SUDO(8)
NAME sudo, sudoedit - execute a command as another user SYNOPSIS sudo -h -K -k -V sudo -v [-AknS] [-a type] [-g group] [-h host] [-p prompt] [-u user] sudo -l [-AknS] [-a type] [-g group] [-h host] [-p
More informationSA-027WQ. Manual. 7-Day Timer. Lighting Systems Access Controls Security Systems Environmental Controls. Automate the following:
SA-027WQ 7-Day Timer Manual Automate the following: Lighting Systems Access Controls Security Systems Environmental Controls 12~24 VAC/VDC Program up to 60 flexible events Holiday function (up to 99 days)
More informationUnderstanding Door Configuration
CHAPTER 5 This chapter describes the concepts used to configure doors and templates. A door configuration is a collection of devices, such as locks and readers, connected to a Cisco Physical Access Gateway
More informationGETTING STARTED WITH SINGAPORE STUDENT LEARNING SPACE Instructions for Students
ANNEX A(v28 March 18) GETTING STARTED WITH SINGAPORE STUDENT LEARNING SPACE Instructions for Students SYSTEM REQUIREMENTS 1. The Singapore Student Learning Space (SLS) is accessible through the internet
More informationConfiguration Manager
CHAPTER 7 This chapter describes how to perform routine Cisco VXC Manager configuration management tasks using the Administrator Console. It provides information on managing the configuration settings
More informationVisit us on the World-Wide Web at Programming Guide. Controller Boards
Visit us on the World-Wide Web at www.chamberlain.com PRO Systems Programming Guide Controller Boards -106 & -107 PROKey PROCard TABLE OF CONTENTS INTRODUCTION About the PRO System................................3
More informationThe following steps guide you through logging in to the Virtual Gateway:
Logon Process for the Virtual Gateway The following steps guide you through logging in to the Virtual Gateway: 1. Access the Virtual Gateway home page at www.mass.gov/vg and click the Logon link: Click
More informationLab Authentication, Authorization, and Accounting
Objectives Given a scenario, select the appropriate authentication, authorization, or access control Install and configure security controls when performing account management, based on best practices
More informationContents Using the Primavera Cloud Service Administrator's Guide... 9 Web Browser Setup Tasks... 10
Cloud Service Administrator's Guide 15 R2 March 2016 Contents Using the Primavera Cloud Service Administrator's Guide... 9 Web Browser Setup Tasks... 10 Configuring Settings for Microsoft Internet Explorer...
More informationHow to Secure SSH with Google Two-Factor Authentication
How to Secure SSH with Google Two-Factor Authentication WELL, SINCE IT IS QUITE COMPLEX TO SET UP, WE VE DECIDED TO DEDICATE A WHOLE BLOG TO THAT PARTICULAR STEP! A few weeks ago we took a look at how
More informationOperating System Security. 0Handouts: Quizzes ProsoftTraining All Rights Reserved. Version 3.07
0Handouts: Lesson 1 Quiz 1. What is the working definition of authentication? a. The ability for a person or system to prove identity. b. Protection of data on a system or host from unauthorized access.
More informationOptional Labs. 0Handouts: 2002 ProsoftTraining All Rights Reserved. Version 3.07
0Handouts: Optional Lab 1-1: Understanding the /etc/securetty file In this lab, you will examine a PAM component, the /etc/securetty file. 1. Boot into Linux as root. Open a Telnet client and attempt to
More informationOracle 1Z Oracle Solaris 11 System Administration.
Oracle Oracle Solaris 11 System Administration http://killexams.com/exam-detail/ QUESTION: 147 Review the boot environments displayed on your system: Which option describes the solaris-1 BE? A. It is active
More informationUsers and Groups. his chapter is devoted to the Users and Groups module, which allows you to create and manage UNIX user accounts and UNIX groups.
cameron.book Page 19 Monday, June 30, 2003 8:51 AM C H A P T E R 4 Users and Groups T his chapter is devoted to the Users and Groups module, which allows you to create and manage UNIX user accounts and
More informationLDAP-UX Client Services B with Microsoft Windows Active Directory Administrator's Guide
LDAP-UX Client Services B.04.10 with Microsoft Windows Active Directory Administrator's Guide HP-UX 11i v1 and v2 *J4269-90064* HP Part Number: J4269-90064 Published: E1206 Edition: Edition 3 Copyright
More informationHP XP P9000 Remote Web Console Messages
HP XP P9000 Remote eb Console Messages Abstract This document lists the error codes and error messages for HP XP P9000 Remote eb Console for HP XP P9000 disk arrays, and provides recommended action for
More informationCallPilot Programming Record. BCM 4.0 CallPilot
CallPilot Programming Record BCM 4.0 CallPilot Document Status:Standard Document Version: 02 Part Code: 0027404 Date: June 2006 Copyright 2006 ortel etworks, All Rights Reserved The information in this
More informationError Message Reference
IBM Security Access Manager for Mobile Version 8.0.0.1 Error Message Reference GC27-6210-01 IBM Security Access Manager for Mobile Version 8.0.0.1 Error Message Reference GC27-6210-01 Note Before using
More informationRedhat Basic. Need. Your. What. Operation G U I D E. Technical Hand Note template version
Redhat Basic Operation G U I D E What Need Your www.next-asia.com Readhat Basic Operation Guide, Prepared by Nazmul Khan Page 1 of 43 Redhat Basic Operation Guide RedHat Installation Guide... 2 Installation...
More informationCSE 265: System and Network Administration
CSE 265: System and Network Administration User accounts The /etc/passwd file The /etc/shadow file Root powers Ownership of files and processes The superuser The /etc/group file Adding users Removing users
More informationRSA Exam 050-v71-CASECURID02 RSA SecurID Certified Administrator 7.1 Exam Version: 6.0 [ Total Questions: 140 ]
s@lm@n RSA Exam 050-v71-CASECURID02 RSA SecurID Certified Administrator 7.1 Exam Version: 6.0 [ Total Questions: 140 ] Question No : 1 An RSA SecurID tokencode is unique for each successful authentication
More informationcron How-To How to use cron to Schedule rsync Synchronizations September 29, 2004
cron How-To How to use cron to Schedule rsync Synchronizations September 29, 2004 615-0006-01 2004 Net Integration Technologies Inc. All company and product names are registered trademarks off their respective
More informationSession Administration System Upload & Download Utilities
Session Administration System Upload & Download Utilities The Elluminate Live! Session Administration System (SAS) offers a great deal of flexibility to both corporate and educational clients. It provides
More informationGlobalbrain Administration Guide. Version 5.4
Globalbrain Administration Guide Version 5.4 Copyright 2012 by Brainware, Inc. All rights reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system,
More informationMANAGING THE NONUNIFORM BEHAVIOUR OF TERMINALS AND KEYBOARDS. : WHEN THINGS GO WRONG
MANAGING THE NONUNIFORM BEHAVIOUR OF TERMINALS AND KEYBOARDS. : WHEN THINGS GO WRONG Terminals and keyboards have no uniform behavioral pattern. Terminal settings directly impact the keyboard operation.
More informationCredential Policy CHAPTER
CHAPTER 21 Cisco Unified Communications Manager authenticates user login credentials before allowing system access. To help secure user accounts, you can specify settings for failed logon attempts, lockout
More informationipac Access Controller
STANLEY MANUFACTURED ACCESS CONTROL ipac Access Controller QUICK START GUIDE QUICK USER GUIDE Contents Standalone Interface...3 ipac at a Glance...3 Button and Functions...4 Screen Display...4 Information
More informationUSING MOODLE WITH TURNINGPOINT 5
USING MOODLE WITH TURNINGPOINT 5 1 USING MOODLE WITH TURNINGPOINT 5 The integration with Moodle allows for Turning Technologies users to leverage response devices in class to easily collect student achievement
More informationDownloading and installing Db2 Developer Community Edition on Red Hat Enterprise Linux Roger E. Sanders Yujing Ke Published on October 24, 2018
Downloading and installing Db2 Developer Community Edition on Red Hat Enterprise Linux Roger E. Sanders Yujing Ke Published on October 24, 2018 This guide will help you download and install IBM Db2 software,
More informationWhy secure the OS? Operating System Security. Privilege levels in 80X86 processors. The basis of protection: Seperation. Privilege levels - A problem
Why secure the OS? Operating System Security Works directly on the hardware but can be adapted during runtime Data and process are directly visible Application security can be circumvented from lower layers
More informationGenesys Administrator Extension Help. Profile Menu
Genesys Administrator Extension Help Profile Menu 11/19/2017 Contents 1 Profile Menu 1.1 User Preferences 1.2 System Preferences Genesys Administrator Extension Help 2 Profile Menu The Profile menu enables
More informationCA Process Automation
CA Process Automation User Interface Reference Release 04.3.00 This Documentation, which includes embedded help systems and electronically distributed materials, (hereinafter referred to as the Documentation
More informationArcGIS Enterprise Security: Advanced. Gregory Ponto & Jeff Smith
Enterprise Security: Advanced Gregory Ponto & Jeff Smith Agenda Focus: Security best practices for Enterprise Server Portal for 10.5.x Features Strongly Recommend: Knowledge of Server and Portal for Security
More informationBasic Device Management
This chapter contains the following sections: About, page 1 Licensing Requirements for, page 2 Default Settings for Basic Device Parameters, page 3 Changing the Device Hostname, page 3 Configuring the
More informationProject #3: Implementing NIS
Project #3: Implementing NIS NIS Daemons Limitations of NIS How We Will Use NIS NIS Domain Name NIS Software Setting Up NIS on it20 /etc/nsswitch.conf Creating New Accounts on Ubuntu /etc/passwd /etc/shadow
More informationCTEC1863/2018F Bonus Lab Page 1 of 5
CTEC1863/2018F Bonus Lab Page 1 of 5 Bonus Lab: OpenSUSE Linux Rescue In this lab, we will install an OpenSUSE virtual machine. However, both the non-root user and the root passwords are unknown. To fix
More informationAmb-OS User Interface FTP Transfer Manual
Amb-OS User Interface FTP Transfer Manual Amb-OS Media, LLC Amb-OS User Interface Revision 18v AMR-100 Receiver Firmware Revision 2.21 Revision 03 05/19/14 SUPPORT INFORMATION Email: support@amb-os.com
More informationREV SCHEDULER (iseries)
Powerful Scheduling made easy Run scheduled jobs in an unattended environment throughout your Enterprise to increase: Throughput, Accuracy, Efficiency. Base Model is native on all platforms Run REV SCHEDULER
More informationZEITSCHALTUHR TIMER SWITCH TIJDSCHAKELKLOK KOPPLINGSUR RELOJ TEMPORIZADOR IDŐZÍTŐ KAPCSOLÓ ΧΡΟΝΟΔΙΑΚΟΠΤΗΣ DZ 20-A V2
DZ 20-A V2 ZEITSCHALTUHR Bedienungs- und Sicherheitshinweise TIJDSCHAKELKLOK Bedienings- en veiligheidsinstructies TIMER SWITCH Operation and Safety Notes KOPPLINGSUR Bruksanvisning och säkerhetsanvisningar
More informationSetting Up the Sensor
CHAPTER 4 This chapter provides information for setting up the sensor. This chapter contains the following sections: Understanding Initialization, page 4-1 Configuring Network Settings, page 4-1 Configuring
More informationCisco Unity Express 8.0 Voic System User s Guide for Advanced Features
Cisco Unity Express 8.0 Voice-Mail System User s Guide for Advanced Features First Published: October 26, 2010 This guide provides information about using some of the advanced voice-mail features of your
More informationPre-Assessment Answers-1
Pre-Assessment Answers-1 0Pre-Assessment Answers Lesson 1 Pre-Assessment Questions 1. What is the name of a statistically unique number assigned to all users on a Windows 2000 system? a. A User Access
More informationSubstitute Quick Reference (SmartFindExpress Substitute Calling System and Web Center)
Substitute Quick Reference (SmartFindExpress Substitute Calling System and Web Center) System Phone Number 578-6618 Help Desk Phone Number 631-4868 (6:00 a.m. 4:30 p.m.) Write your Access number here Write
More informationAbout the SPECTRUM Control Panel
About the SPECTRUM Control Panel The SPECTRUM Control Panel is a convenient Point and Click interface that provides facilities that let you configure SPECTRUM resources, start and stop SpectroSERVER, start
More informationHelp on the SPECTRUM Control Panel
Help on the SPECTRUM Control Panel The SPECTRUM Control Panel is a convenient Point and Click interface that provides facilities that let you configure SPECTRUM resources, start and stop SpectroSERVER,
More informationCisco Transport Manager Release 9.2 Basic External Authentication
Cisco Transport Manager Release 9.2 Basic External Authentication August 23, 2010 This document describes the basic external authentication functionality in Cisco Transport Manager (CTM) Release 9.2. Contents
More informationANNEX A GETTING STARTED WITH SINGAPORE STUDENT LEARNING SPACE Instructions for Students
ANNEX A GETTING STARTED WITH SINGAPORE STUDENT LEARNING SPACE Instructions for Students SYSTEM REQUIREMENTS 1. The Singapore Student Learning Space (SLS) is accessible through the internet browsers on
More information