Open System Services Management and Operations Guide (G06.25+, H06.03+)
Managing Security
Open System Services Management and Operations Guide—527191-002
8-2
Administrative Files and Directories
modem
ttyda or ttydfa
ttys0 through ttys9
These files also can be the target of UNIX security intruders.
•
The OSS environment does not use the following files and directories sometimes
found on UNIX systems:
°
In /etc:
aliases
dfs/dfstab
exports
ftpusers
hosts.lpd
mail/aliases or sendmail/aliases
rc, rc*, or rc?.d
shells
syslog.conf
system
ttys
tftpdaccess.cf
°
In any of various directories:
.plan
.project
sendmail.cf
°
The /home/quotas file, used to establish user disk space quotas
Some of these files and directories also provide mechanisms that intruders can
use to compromise UNIX system security or integrity.
•
The OSS file system does not provide the following UNIX features that are
sometimes used to impose security on a system:
°
Immutable files (other than those secured read-only through normal
permissions) or append-only files
°
Partitions within filesets
•
The OSS implementation of object security does not conform to POSIX.6 draft 12,
IEEE Standard 1003-1e, or IEEE Standard 1003-2c. In particular, the OSS
environment does not provide access control list function calls.
•
OSS file-auditing mechanisms and policies are implemented through the Guardian
environment Safeguard product instead of through such UNIX commands or
utilities as:
/etc/reboot, /etc/shutdown, or /etc/syslog
passwd