User level changes
Solaris file permissions
Network and name service changes
Disabling secure name service databases
System Guide
The following user-level changes are made:
•
all users for at, cron, and batch are disallowed
•
nuucp account is disabled
•
listen account is disabled
•
password entry locked for bin, sys, adm, uucp, nobody,
•
noaccess, nobody4, and anonymous
•
removal of + from the hosts.equiv file
The fix-modes utility (from the Solaris Security Toolkit)
adjusts group and world write permissions. It is run with the -
s option to secure file permissions for Solaris files that were
created at install time only. Customer-generated files are not
affected.
NOTE: When this command is run, a file called /var/ sadm/
install/content.mods is left. Do not delete this file. It contains
valuable information needed by fix modes to revert the
changes to the system file permissions if the security setting
is changed back to medium.
The following changes occur when security is invoked.
The following databases are disabled when security is
invoked:
•
passwd(4)
•
group(4)
•
exec_attr(4)
•
prof_attr(4)
•
ser_attr(4)
Security and Network Setup
3-9