Administrator's Guide

ManualsBrandsHP ManualsSoftwareHP HP-UX Auditing System Extensions

security considerations for, 104

Logical Volume Manager

See LVM, 104

login banners

securing, 57

login command, 32, 193

login process

explanation of, 32

login tracking file, 33

lost+found directory, 27, 198

LVM, 104

M

MAC, 208

managing file access, 87

managing passwords, 41

minimum time

password aging, 195

mobile connection

securing, 56

modem access

security guidelines for managing, 55

mounting a file system securely, 104

N

network administration, 75

controlling file security, 106

managing an administrative domain, 74

network control file

checking permissions on, 106

verifying permissions on, 75

NFS, 106

and ACLs, 103

protecting NFS-mounted files, 107

securing the client, 107

securing the server, 107

NIS

securing passwords stored in, 46

O

operations

guidelines for creating, 153

P

PAM

authenticating users with, 34

configuring systemwide, 37

overview of, 35

PAM authentication

login example, 39

PAM library, 36

PAM service module, 35

parameter

PASSWORD_HISTORY_DEPTH, 196

passwd command, 194

examples of, 42

password, 195

aging, 192, 194, 195

expiration time, 195

lifetime, 195

minimum time, 195

authentication

used by SSH, 81

criteria of a good, 42

database, 191, 192, 194

/tcb/files/auth/, 192, 193

encrypted field, 194

encryption, 193

entry

manipulating, 197

file

fields, 193

protected password database, 191, 192, 194

generation, 195

history, 196

integrity, 193

management, 41

reuse, 196

security, 192

shadow, 43

types of, 195

PASSWORD_HISTORY_DEPTH parameter, 196

patch installation

using Software Assistant, 26

Perfect Forward Secrecy (PFS)

defined, 209

permissions

checking network control file, 106

verifying for network control files, 75

power failure, 27, 198

file loss, 27

preshared keys

definition, 209

primary audit log file, 180

privedit, 165

options, 166

syntax, 166

privrun, 163

-p, 161

examples, 164

operation, 150

options, 163

syntax, 163

protected password database

/tcb/files/auth/, 192, 193

prpwd, 194

pseudo-account

example of, 45

public key based authentication

and host-based authentication, 81

used by SSH, 81

putprpwnam function, 197

216 Index