Manualshelf

Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP HP-UX Auditing System Extensions
71727374757677787980
5. Maintain consistency of user name, uid, and gid among password files in the
administrative domain.
6. Maintain consistency among any group files on all nodes in the administrative
domain. For example, to check consistency with the hq and mfg systems, if the root
file system of the mfg system is remotely mounted to hq as /nfs/mfg/, enter the
following diff command:
$diff /etc/group /nfs/mfg/etc/group
If any differences are displayed, the two /etc/group files are inconsistent and
they should not be.
4.5.1 Verifying Permission Settings on Network Control Files
The network control files in the /etc directory are security targets because they provide
access to the network itself. Network control files should never be writable by the public.
Set the modes, owners, and groups on all system files carefully. Check these files regularly
for any changes and correct any changes.
The most commonly used network control files are as follows:
/etc/exports
List of file directories that can be exported to NFS clients. For more information, see
exports(4).
/etc/hosts
List of network hosts and their IP addresses. For more information, see hosts(4).
/etc/hosts.equiv
List of remote hosts that are allowed access and that are equivalent to the local host.
For more information, see hosts.equiv(4).
/etc/inetd.conf
Internet Services configuration file. For more information, seeinetd.conf(4).
/etc/netgroup
List of networkwide groups. For more information, seenetgroup(4).
/etc/networks
List of network names and their network numbers. For more information, see
networks(4).
/etc/protocols
List of protocol names and numbers. For more information, see protocols(4).
/etc/services
List of official service names and aliases with the port number and protocol that the
services use. For more information, see services(4).
4.5 Controlling an Administrative Domain 75