unixdev.net


Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (OSF1-V5.1-alpha)
Page:
Section:
Apropos / Subsearch:
optional field



secconfig(8)							 secconfig(8)



NAME

  secconfig, secsetup -	Security features setup	graphical interface (Enhanced
  Security)

SYNOPSIS

  /usr/sbin/sysman secconfig

  NOTE:	 The secsetup utility has been replaced	by the secconfig graphical
  interface.

DESCRIPTION

  The secconfig	utility	is a graphical interface used to select	the level of
  system security needed.  It can convert from Base to enhanced	security
  mode,	and configure base and enhanced	security features.  If you are using
  secconfig to enable Enhanced security, you must first	have loaded the
  enhanced security subsets.

  You can run secconfig	while the system is in multiuser mode.	However, if
  you change the security level, the change is not completed until you reboot
  the system.

  For both base	and enhanced security, the secconfig utility allows you	to
  enable segment sharing, to enable access control lists (ACLs), and to	res-
  trict	the setting of the execute bit to root only.

  For enhanced security, the secconfig utility additionally allows you to
  configure security support from simple shadow	passwords all the way to a
  strict C2 level of security.	Shadow password	support	is an easy method for
  system administrators, who do	not wish to use	all of the extended security
  features, to move each user's	password out of	/etc/passwd and	into the
  extended user	profile	database (auth.db.  You	can use	the Custom mode	if
  you wish to select additional	security features, such	as breakin detection
  and evasion, automatic database trimming, and	password controls.

  When converting from base to enhanced	security, secconfig updates the	sys-
  tem default database (/etc/auth/system/default) and uses the convuser	util-
  ity to migrate user accounts.

  While	it is possible to convert user accounts	from enhanced back to base,
  the default encryption algorithms and	supported password lengths differ
  between base and enhanced security, and thus user account conversions	do
  not succeed without a	password change.

  NOTE:	Because	of the page table sharing mechanism used for shared
  libraries, the normal	file system permissions	are not	adequate to protect
  against unauthorized reading.	 The secconfig interface allows	you to dis-
  able segment sharing.	 The change in segment sharing takes effect at the
  next reboot.


FILES

  /etc/auth/system/default
  /etc/passwd
  /tcb/files/auth.db

RELATED	INFORMATION

  acl(4), authcap(4), default(4), convuser(8),
  Security