Secure Solaris File Permissions; Delete And Secure User Accounts; Disallow All Users For At, Cron And Batch Commands - Xerox DocuPrint 115 System Manual

Security and Network Setup
4-10
• Disallowing all users for at, cron, and batch commands
• Disabling unnecessary solaris services
• Disabling bwnfs daemon
• Disabling unnecessary internet services daemon
• Securing name service cache daemon
• Multicast routing
• Hide OS and host information
• Securing sendmail daemon
• Securing network parameters
• Disabling executable stacks
• Restricting NFS port monitor
• Disabling remote logins to CDE
• Preventing the DocuSP from acting as a router
• Enabling security warning banners

Secure Solaris file permissions

The fix-modes command is run with the '-s' option to secure file
permissions for Solaris only. When this command is run, a file
called /var/sadm/install/content.mods is left. Do not delete this
file, it contains valuable information needed by fix-modes to
revert the changes to the system file permissions.

Delete and Secure User Accounts

When the security script is enabled, the nuucp and listen
accounts are deleted. Also, the passwords for the following
accounts are locked; bin, sys, adm, lp, uucp, nobody, noaccess
and nobody4.

Disallow all users for at, cron and batch commands

When security is enabled, all users are blocked from using the
at, cron, and batch commands by creating the files /etc/cron.d/
cron.allow and etc/cron.d/at.allow.
Disable Unnecessary Solaris Services
Solaris services that are not required for DocuSP are disabled
when security has been enabled. The following services are
disabled:
System Guide
Common Controller