HP UX Bastille User Manual page 38

Actions
AccountSecurity.SU_DEFAULT_PATH
Headline
Default
Description
Actions
AccountSecurity.SU_DEFAULT_PATHyn
Headline
Default
Description
Actions
AccountSecurity.system_auditing
Headline
Default
Description
Actions
AccountSecurity.umask
Headline
Default
Description
38 Question modules
has physical access to the machine and enough time, there is very little you
can do to prevent unauthorized access. This may be more problematic when
an authorized administrator can't remember the password. Note: For HP-UX
11.22 and prior, this requires conversion to trusted mode. HP-UX Bastille will
automatically do the conversion if you select this option. Trusted mode is
incompatible with LDAP-UX client services prior to version 3.0 and can cause
other incompatibility issues with applications which do their own
authentication.
Sets the parameter BOOT_AUTH=1 in the /etc/default/security file. For
HP-UX 11.22 and prior, convert to trusted mode, and set ensure bootpw=YES
with modprdef.
Set the new PATH at su .
/sbin:/usr/sbin:/bin:/usr/bin
The SU_DEFAULT_PATH parameter defines a new default PATH environment
value to be set when su to a non-superuser account is executed. Refer to su(1).
Set SU_DEFAULT_PATH=new_PATH. This ensures that an su session will
always have a default PATH value, preventing the inheritance of a poisoned
PATH variable from your current login session. The PATH environment variable
is set to new_PATH when the su command is invoked. Other environment
values are not changed. The PATH value is not validated. This parameter does
not apply to a superuser account, and is applicable only when the "-" option
is not used along with the su command.
Sets the parameter SU_DEFAULT_PATH in the /etc/default/security
file.
Set a default path for the su command.
Y
Set the SU_DEFAULT_PATHyn parameter.
None.
Basic system security auditing enabled.
N
Enabling basic system security auditing logs a subset of system calls. This
logging produces system overhead. If this system is in a performance sensitive
role, the risk of not logging may be less than the risk of incurring a small
amount of overhead.
Configure and start auditing and acct programs. Convert to trusted mode if
necessary.
Set umask for all users on the system.
77
The umask utility sets a default permission for files that you create. HP-UX
Bastille can set one of several umasks. Select one of the following or create
your own: 002–Everyone can read your files and people in your group can
alter them. 022–Everyone can read your files, but no one can write to them.
027–Only people in your group can read your files, but no one can write to
them. 077–No one on the system can read or write your files. In addition to