Managing system security

Introduction to security
        Security and your system
                Who should read this?
                What is security?
        Elements of the security policy
        The kernel and system architecture
                System architecture (SA) definition
                File management
                I/O management
                Kernel utilities
                Memory management
                Process management
                System services
                Access control
                        DAC checking algorithm
                How system architecture relates to security
                How modularity relates to security
                How object reuse relates to security
                        Object reuse and physical media
        Security mechanisms visible to users
                Identification and authentication (I&A)
                        login
                Discretionary access control (DAC)
                        File permission modes
                        Access control lists (ACLs)
                        DAC commands and system calls
                Process privileges
                        File privileges
                        Privileges possessed by processes
                        Relating file privileges and process privileges
        How the components of the system work together
                The shell

Security procedures
        Suggestions for making your system secure
        Login logging
                loginlog
                        Enabling login logging
                Last login time
                Recording su use
        Checking file characteristics
        Creating reference files
        Check set-UIDs
                Before you begin
                Example: checking set-UIDs
        Check set-UIDs by filesystem
                Before you begin
                Example: checking set-UIDs by filesystem
        Checking file privileges
                Example: checking file privileges

Administering privilege
        The traditional privilege model
        The current privilege model
                Why have fixed privileges?
                The need for an all-Privileged user
                A file-Based privilege mechanism
        File and process privileges
                Privileges associated with a file
                Privileges associated with a process
        The privilege policy
                Recalculating process privileges
        Privilege initialization at system startup
        Privileges and the filepriv command
                Displaying privilege information
                Installing a new program requiring privileges
                Changing privileges on an existing file
                Removing privileges from existing files
        Updating the file privilege database

Trusted facility management
        Executing processes with privilege: TFM
                Administrative roles
        TFM and administrative roles
                Displaying commands and privileges for a role
                Adding commands to a new role
                Adding commands to an existing role
                Removing commands and privileges for a role
                Removing a role
                Functioning in more than one role
                Assigning roles to users
                Adding commands for a user
                Removing commands from the TFM database
                Removing a user from the TFM database
        The tfadmin command
                Executing commands with privilege
                tfadmin and other commands
                When to use tfadmin or filepriv

NSS Overview