United States-English

HP-UX System Administrator's Guide: Security Management: HP-UX 11i Version 3 > Part I Protecting Systems

Chapter 2 Administering User and System Security

»

Technical documentation


	Complete book in PDF


»	Feedback

» Table of Contents

» Glossary

» Index

Table of Contents

Managing User Access

Monitoring User Accounts
Monitoring Guest Accounts
Creating Application User Accounts
Managing Group Accounts

Authenticating Users During Login

Explanation of the Login Process
Checking the login Tracking Files (btmp and wtmp)
Checking Who Is Logged In

Authenticating Users with PAM

Overview
PAM Libraries
Systemwide Configuration Using /etc/pam.conf
Sample /etc/pam.conf File
The /etc/pam_user.conf User Configuration File
Examples: How PAM Works for Login

Managing Passwords

System Administrator Responsibilities
User Responsibilities
Criteria of a Good Password
Changing the /etc/passwd Password File
The /etc/shadow Shadow Password File
Eliminating Pseudo-Accounts and Protecting Key Subsystems in /etc/passwd
Secure Login with HP-UX Secure Shell
Securing Passwords Stored in NIS
Securing Passwords Stored in LDAP Directory Server

Defining System Security Attributes

Configuring Systemwide Attributes
Configuring Per-User Attributes
Troubleshooting the User Database

Handling setuid and setgid Programs

Why setuid and setgid Programs Can Be Risky
How IDs Are Set
Guidelines for Limiting Setuid Power

Preventing Stack Buffer Overflow Attacks

Protecting Unattended Terminals and Workstations

Controlling Access Using /etc/inittab and Run Levels
Protecting Terminal Device Files
Configuring the Screen Lock

Protecting Against System Access by Remote Devices

Controlling Access Using /etc/dialups and /etc/d_passwd

Securing Login Banners

Protecting the root Account

Monitoring root Account Access
Using the Restricted SMH Builder for Limited Superuser Access
Reviewing Superuser Access

This chapter addresses basic user security after the operating system is installed. It focuses on logins, passwords, and other user interactions with the system. The following topics are discussed:

Managing user access (Section )
Authenticating users during login (Section )
Authenticating users with PAM (Section )
Managing passwords (Section )
Defining system security attributes (Section )
Handling setuid and setgid programs (Section )
Preventing stack buffer overflow attacks (Section )
Protecting unattended terminals and workstations (Section )
Protecting against system access by remote devices (Section )
Securing login banners (Section )
Protecting the root account (Section )

Printable version


Privacy statement	Using this site means you accept its terms	Feedback to webmaster

© 2008 Hewlett-Packard Development Company, L.P.