Open System Services Management and Operations Guide (G06.29+, H06.07+)
Managing Security
Open System Services Management and Operations Guide—527191-005
8-3
Administrative Files and Directories
°
In any of various directories:
.plan
.project
sendmail.cf
°
The /home/quotas file, used to establish user disk space quotas
Some of these files and directories also provide mechanisms that intruders can
use to compromise UNIX system security or integrity.
•
The OSS file system does not provide the following UNIX features that are
sometimes used to impose security on a system:
°
Immutable files (other than those secured read-only through normal
permissions) or append-only files
°
Partitions within filesets
•
On systems running H-series RVUs and G-series RVUs before G06.29, the OSS
implementation of object security does not conform to POSIX.6 draft 12, IEEE
Standard 1003-1e, or IEEE Standard 1003-2c. In particular, the OSS environment
does not provide ACL function calls. On systems running G06.29 and later G-
series RVUs, ACLs are supported.
•
OSS file-auditing mechanisms and policies are implemented through the Guardian
environment Safeguard product instead of through such UNIX commands or
utilities as:
/etc/reboot, /etc/shutdown, or /etc/syslog
passwd
Access to OSS auditing logs occurs through the Safeguard audit reduction tool
(SAFEART) program. UNIX directories and files such as the following are not
provided and therefore do not require monitoring:
°
In /var:
aculog
adm/acct, adm/lastlog, adm/loginlog, adm/messages, adm/pacct,
adm/utmp or adm/utmpx, adm/wwtmp or adm/wtmpx
spool/atrun or spool/ftp
sulog, vold.log, or xferlog
°
In /usr:
adm/wtmp (FTP login log)
etc/rpc.mountd (NFS access log)
lib/aliases
local/etc/http/logs/access_log