Search |
Symbols
| A
| B
| C
| D
| E
| F
| G
| H
| I
| J
| K
| L
| M
| N
| O
| P
| Q
| R
| S
| T
| U
| V
| W
| X
| Y
| Z
Index: S
- S/Key codebook scheme
: 8.7.3. Code Books
- sa command
: 10.2. The acct/pacct Process Accounting File
- sabotage
: (see terrorism; vandalism)
- salt
- 8.6.2. What Is Salt?
- 8.6.3. What the Salt Doesn't Do
- sanitizing media
: 12.3.2.3. Sanitize your media before disposal
- SATAN package
- 17.6.1. SATAN
- E.4.7. SATAN
- savacct file
: 10.2. The acct/pacct Process Accounting File
- saved UID
: 4.3.2. Saved IDs
- saving backup media
- 7.1.5. How Long Should You Keep a Backup?
- (see also archiving information; backups)
- sbrk command
: 23.2. Tips on Avoiding Security-related Bugs
- scanf function
: 23.2. Tips on Avoiding Security-related Bugs
- scanning networks
: 17.6. Network Scanning
- SCCS (Source Code Control System)
- 7.3.2. Building an Automatic Backup System
- 17.3. Primary UNIX Network Services
- Scherbius, Arthur
: 6.3. The Enigma Encryption System
- screen savers
: 12.3.5.2. X screen savers
- screens, multiple
: 12.3.4.3. Multiple screens
- script command
: 24.1.2. Rule #2: DOCUMENT
- scripts, CGI
: (see CGI, scripts)
- scytales
: 6.1. A Brief History of Cryptography
- search warrants
- 26.2.4. Hazards of Criminal Prosecution
- 26.2.5. If You or One of Your Employees Is a Target of an Investigation...
- searching for .rhosts file
: 17.3.18.5. Searching for .rhosts files
- Seberry, Jennifer
: 6.5.4.3. HAVAL
- secrecy, Kerberos
: 19.6.1.3. Authentication, data integrity, and secrecy
- secret keys
: 6.4.6. RSA and Public Key Cryptography
- Secret Service, U.S.
- 26.2.2. Federal Jurisdiction
- F.3.3. U.S. Secret Service (USSS)
- Secure Hash Algorithm (SHA)
- 6.5.3. Digital Signatures
- 6.5.4.2. SHA
- Secure HTTP
: 18.4.1. Eavesdropping Over the Wire
- Secure NFS
: 19.3.2.4. Using Secure NFS
- -secure option
- 19.3.2.4. Using Secure NFS
- 19.4.4.5. Spoofing NIS
- secure option for /etc/exports
: 20.2.1.1. /etc/exports
- Secure RPC
- 19.3. Secure RPC (AUTH_DES)
- 19.3.4. Limitations of Secure RPC
- with NIS/NIS+
- 19.3.2. Setting Up Secure RPC with NIS
- 19.3.4. Limitations of Secure RPC
- NTP and
: 19.3.1.3. Setting the window
- reauthentication
: 19.3.1.3. Setting the window
- versus Kerberos
: 19.6.2. Kerberos vs. Secure RPC
- Secure Socket Layer
: (see SSL)
- secure terminals
: 8.5.1. Secure Terminals
- SecureID
: 8.7.2. Token Cards
- SecureNet key
: 8.7.2. Token Cards
- security
- 2.1. Planning Your Security Needs
- 9.1.2. Read-only Filesystems
- 12.1.1. The Physical Security Plan
- (see also integrity; physical security; system administration; threats)
- of CGI scripts
- 18.2.3. Writing Secure CGI Scripts and Programs
- 18.2.4.1. Beware mixing HTTP with anonymous FTP
- changed detection
- 9.2. Detecting Change
- 9.3. A Final Note
- checking arguments
: 23.2. Tips on Avoiding Security-related Bugs
- critical messages to log
- 10.5.3. syslog Messages
- 10.5.3.1. Beware false log entries
- cryptography
- 6. Cryptography
- 6.7.2. Cryptography and Export Controls
- definition of
: 1.1. What Is Computer Security?
- digital signatures
: (see digital signatures)
- disabling finger
: 17.3.8.2. Disabling finger
- disk quotas
: 25.2.2.5. Using quotas
- dormant accounts, finding
: 8.4.3. Finding Dormant Accounts
- drills
: 24.1.3. Rule #3: PLAN AHEAD
- /etc/passwd
: (see /etc/group file; /etc/passwd file)
- firewalls
: (see firewalls)
- four steps toward
: 2.4.4.7. Defend in depth
- guessable passwords
- 3.6.1. Bad Passwords: Open Doors
- 3.6.4. Passwords on Multiple Machines
- identification protocol
: 17.3.12. Identification Protocol (auth) (TCP Port 113)
- improving DES algorithm
- 6.4.5. Improving the Security of DES
- 6.4.5.2. Triple DES
- IP
- 16.3. IP Security
- 16.3.3. Authentication
- laws and
: (see laws)
- legal liability
- 26.4. Other Liability
- 26.4.7. Harassment, Threatening Communication, and Defamation
- levels of NIS+ servers
: 19.5.5. NIS+ Limitations
- link-level
: 16.3.1. Link-level Security
- message digests
: (see message digests)
- modems and
- 14.4. Modems and Security
- 14.4.4.2. Protection against eavesdropping
- monitoring
: (see logging)
- multilevel (defense in depth)
- 1.3. History of UNIX
- 2.4.4.7. Defend in depth
- 2.5.3. Final Words: Risk Management Means Common Sense
- 17.2. Controlling Access to Servers
- name service and
: 16.3.2. Security and Nameservice
- national
: 26.2.2. Federal Jurisdiction
- network services
- 17.4. Security Implications of Network Services
- 19.1. Securing Network Services
- passwords
- 3.2. Passwords
- 3.8. Summary
- personnel
- 13. Personnel Security
- 13.3. Outsiders
- A.1.1.12. Chapter 13: Personnel Security
- policy of
- 1.2. What Is an Operating System?
- 2. Policies and Guidelines
- 2.5.3. Final Words: Risk Management Means Common Sense
- protecting backups
- 7.1.6. Security for Backups
- 7.1.6.3. Data security for backups
- published resources on
- D. Paper Sources
- D.2. Security Periodicals
- responding to breakins
- 24. Discovering a Break-in
- 24.7. Damage Control
- restricting login
: 8.3. Restricting Logins
- .rhosts
: (see .rhosts file)
- sendmail problems
: 17.3.4.1. sendmail and security
- Skipjack algorithm
: 6.4.1. Summary of Private Key Systems
- SNMP and
: 17.3.15. Simple Network Management Protocol (SNMP) (UDP Ports 161 and 162)
- software piracy
: 26.4.2.1. Software piracy and the SPA
- standards of
: 2.4.2. Standards
- superuser problems
: 4.2.1.5. The problem with the superuser
- through obscurity
- 2.5. The Problem with Security Through Obscurity
- 2.5.3. Final Words: Risk Management Means Common Sense
- 8.8.9. Account Names Revisited: Using Aliases for Increased Security
- 18.2.4. Keep Your Scripts Secret!
- tools for
: 11.1. Programmed Threats: Definitions
- Tripwire package
- 9.2.4. Tripwire
- 9.2.4.2. Running Tripwire
- UNIX and
- 1. Introduction
- 1.4. Security and UNIX
- 1.4.3. Add-On Functionality Breeds Problems
- user awareness of
- 1.4.1. Expectations
- 2. Policies and Guidelines
- 2.4.4.4. Concentrate on education
- 13.2.2. Ongoing Training and Awareness
- UUCP
: (see UUCP)
- weakness-finding tools
: 11.1.1. Security Tools
- World Wide Web
- 18. WWW Security
- 18.7. Summary
- X Window System
- 17.3.21.2. X security
- 17.3.21.3. The xhost facility
- Security Emergency Response Team (SERT)
: F.3.4.4. Australia: Internet .au domain
- security file (UUCP)
: 10.3.4. uucp Log Files
- security holes
- 2.5. The Problem with Security Through Obscurity
- (see also back doors; threats)
- ftpd program
: 6.5.2. Using Message Digests
- mailing list for
: E.1.3.3. Bugtraq
- reporting
: 2.5.1. Going Public
- ruusend in L.cmds file
: 15.4.3. L.cmds: Providing Remote Command Execution
- SUID/SGID programs
: 5.5.3.1. write: Example of a possible SUID/SGID security hole
- /usr/lib/preserve
: 5.5.3.2. Another SUID example: IFS and the /usr/lib/preserve hole
- UUCP
: 15.7. Early Security Problems with UUCP
- sed scripts
: 11.1.4. Trojan Horses
- seeds, random number
- 23.6. Tips on Generating Random Numbers
- 23.8. Picking a Random Seed
- select system call
: 17.1.3. The /etc/inetd Program
- selection lists
: 18.2.3.1. Do not trust the user's browser!
- self-destruct sequences
: 27.2.1. Hardware Bugs
- SENDFILES= command
- 15.5.1.3. A Sample Permissions file
- 15.5.2. Permissions Commands
- sendmail
- 11.1.2. Back Doors and Trap Doors
- 11.5.2.5. .forward, .procmailrc
- 11.5.3.3. /usr/lib/aliases, /etc/aliases, /etc/sendmail/aliases, aliases.dir, or aliases.pag
- 17.3.4. Simple Mail Transfer Protocol (SMTP) (TCP Port 25)
- 17.3.4.3. Improving the security of Berkeley sendmail V8
- 24.2.4.2. How to contact the system administrator of a computer you don't know
- (see also mail)
- aliases
: 11.5.3.3. /usr/lib/aliases, /etc/aliases, /etc/sendmail/aliases, aliases.dir, or aliases.pag
- determining version of
: 17.3.4.1. sendmail and security
- .forward file
: 24.4.1.6. Changes to startup files
- improving Version 8
: 17.3.4.3. Improving the security of Berkeley sendmail V8
- logging to syslog
: 17.3.4.3. Improving the security of Berkeley sendmail V8
- same Internet/NIS domain
: 19.4.3. NIS Domains
- security problems with
: 17.3.4.1. sendmail and security
- sendmail.cf file
: 17.3.4. Simple Mail Transfer Protocol (SMTP) (TCP Port 25)
- sensors
: (see detectors)
- separation of duties
: 13.2.5. Least Privilege and Separation of Duties
- sequence of commands
: 23.2. Tips on Avoiding Security-related Bugs
- serial interfaces
: 14.2. Serial Interfaces
- Serial Line Internet Protocol (SLIP)
: 14.5. Modems and UNIX
- serial numbers, logging
: 10.7.1.2. Informational material
- SERT (Security Emergency Response Team)
: F.3.4.4. Australia: Internet .au domain
- server-side includes
- 18.2.2.2. Additional configuration issues
- 18.3.2. Commands Within the <Directory> Block
- servers
- 16.2.5. Clients and Servers
- 17.1. Understanding UNIX Internet Servers
- 17.1.3. The /etc/inetd Program
- backing up
: 7.2.2. Small Network of Workstations and a Server
- checklist for bringing up
: 17.4. Security Implications of Network Services
- controlling access to
: 17.2. Controlling Access to Servers
- ftp
: (see FTP)
- http
: (see http server)
- load shedding
: 23.3. Tips on Writing Network Programs
- master/slave
: (see NIS)
- NIS+, security levels of
: 19.5.5. NIS+ Limitations
- overloading with requests
: 25.3.1. Service Overloading
- setting up for FTP
- 17.3.2.4. Setting up an FTP server
- 17.3.2.6. Setting up anonymous FTP with the standard UNIX FTP server
- web
: (see web servers)
- WN
: 18.3. Controlling Access to Files on Your Server
- Xauthority
: 17.3.21.4. Using Xauthority magic cookies
- service overloading
: 25.3.1. Service Overloading
- services file
: 17.1.1. The /etc/services File
- Services table (NIS+)
: 19.5.3. NIS+ Tables
- SESAME (Secure European System for Applications in a Multivendor Environment)
: 19.7.2. SESAME
- session
- hijacking
: 17.3.3. TELNET (TCP Port 23)
- IDs
- 4.3.3. Other IDs
- C.1.3.4. Process groups and sessions
- keys
- 6.4. Common Cryptographic Algorithms
- 19.3.1.1. Proving your identity
- setgid function
- 4.3.3. Other IDs
- 23.4. Tips on Writing SUID/SGID Programs
- setpgrp function
: C.1.3.4. Process groups and sessions
- setrlimit function
: 23.2. Tips on Avoiding Security-related Bugs
- setsid function
: C.1.3.4. Process groups and sessions
- setuid file
: 4.3.1. Real and Effective UIDs
- setuid function
: 23.4. Tips on Writing SUID/SGID Programs
- setuid/setgid
: (see SUID/SGID programs)
- SGID bit
- 5.5.1. SUID, SGID, and Sticky Bits
- 5.5.7. SGID Bit on Files (System V UNIX Only): Mandatory Record Locking
- (see also SUID/SGID programs)
- clearing with chown
: 5.7. chown: Changing a File's Owner
- on directories
: 5.5.6. SGID and Sticky Bits on Directories
- on files
: 5.5.7. SGID Bit on Files (System V UNIX Only): Mandatory Record Locking
- SGID files
: B.3.2.2. SGID files
- sh (Bourne shell)
- 11.5.1. Shell Features
- C.5.3. Running the User's Shell
- (see also shells)
- sh program
: 5.5.3.2. Another SUID example: IFS and the /usr/lib/preserve hole
- SUID and
: 5.5.2. Problems with SUID
- SHA (Secure Hash Algorithm)
- 6.5.3. Digital Signatures
- 6.5.4.2. SHA
- shadow file
- 8.1.1. Accounts Without Passwords
- 8.8.5. Shadow Password Files
- shadow passwords
- 3.2.1. The /etc/passwd File
- 8.4.1. Changing an Account's Password
- 8.8.5. Shadow Password Files
- Shamir, Adi
- 6.4.2. Summary of Public Key Systems
- 6.4.6. RSA and Public Key Cryptography
- shar format file
: 11.1.4. Trojan Horses
- shareware
: 27.2.2. Viruses on the Distribution Disk
- shell escapes
- 8.1.3. Accounts That Run a Single Command
- 8.1.4.6. Potential problems with rsh
- in L.cmds list
: 15.4.3. L.cmds: Providing Remote Command Execution
- shell scripts, SUID
- 5.5.3. SUID Shell Scripts
- 5.5.3.2. Another SUID example: IFS and the /usr/lib/preserve hole
- shells
- 1.2. What Is an Operating System?
- 3.2.1. The /etc/passwd File
- 11.1.4. Trojan Horses
- 11.5.1. Shell Features
- 11.5.1.4. Filename attacks
- C.2. Creating Processes
- C.5.3. Running the User's Shell
- changing
- 8.4.2. Changing the Account's Login Shell
- 8.7.1. Integrating One-time Passwords with UNIX
- history files
: 10.4.1. Shell History
- one-command accounts
: 8.1.3. Accounts That Run a Single Command
- restricted (rsh, ksh)
- 8.1.4.1. Restricted shells under System V UNIX
- 8.1.4.6. Potential problems with rsh
- UUCP
: (see uucico program)
- shells file
: 8.4.2. Changing the Account's Login Shell
- Shimomura, Tsutomu
: 23.3. Tips on Writing Network Programs
- shoulder surfing
- 3.2.4. Passwords Are a Shared Secret
- 5.5.2. Problems with SUID
- shredders
: 12.3.3. Other Media
- SHTTP
: (see Secure HTTP)
- shutdowns and wtmp file
: 10.1.3. last Program
- SIGHUP signal
: C.4. The kill Command
- SIGKILL signal
: C.4. The kill Command
- Signal Ground (SG)
: 14.3. The RS-232 Serial Protocol
- signal grounding
: 25.3.3. Signal Grounding
- signals
: C.3. Signals
- signature
: 9.2. Detecting Change
- signatures
: (see digital signatures)
- SIGSTOP signal
: C.4. The kill Command
- SIGTERM signal
: 25.2.1.1. Too many processes
- Simple Mail Transfer Protocol (SMTP)
- 17.3.4. Simple Mail Transfer Protocol (SMTP) (TCP Port 25)
- 17.3.4.3. Improving the security of Berkeley sendmail V8
- Simple Network Management Protocol
: (see SNMP)
- single-user mode
: C.5.1. Process #1: /etc/init
- Skipjack algorithm
: 6.4.1. Summary of Private Key Systems
- slash (/)
- IFS separator
: 11.5.1.2. IFS attacks
- root directory
- 5.1.1. Directories
- (see also root directory)
- Slave mode (uucico)
: 15.1.4. How the UUCP Commands Work
- slave server
- 19.4. Sun's Network Information Service (NIS)
- (see also NIS)
- SLIP (Serial Line Internet Protocol)
- 14.5. Modems and UNIX
- 16.2. IPv4: The Internet Protocol Version 4
- Small Business Community Nationwide (SBA CERT)
: F.3.4.31. Small Business Association (SBA): small business community nationwide
- smap program
: 17.3.4.1. sendmail and security
- smart cards, firewalls
: 21.5. Special Considerations
- smit tool
: 8.8.2. Constraining Passwords
- smoke and smoking
: 12.2.1.2. Smoke
- SMTP (Simple Mail Transfer Protocol)
- 17.3.4. Simple Mail Transfer Protocol (SMTP) (TCP Port 25)
- 17.3.4.3. Improving the security of Berkeley sendmail V8
- SNA (System Network Architecture)
: 16.4.2. SNA
- SNEFRU algorithm
: 6.5.4.4. SNEFRU
- sniffers
- 1.4.3. Add-On Functionality Breeds Problems
- 3. Users and Passwords
- 8.7. One-Time Passwords
- 17.3.3. TELNET (TCP Port 23)
- (see also eavesdropping)
- network
: 16.3. IP Security
- packet
: 16.3.1. Link-level Security
- SNMP (Simple Network Management Protocol)
: 17.3.15. Simple Network Management Protocol (SNMP) (UDP Ports 161 and 162)
- snoop program
: 24.2.3. Monitoring the Intruder
- SOCKS
: E.4.8. SOCKS
- soft disk quotas
: 25.2.2.5. Using quotas
- software
- for backups
- 7.4. Software for Backups
- 7.4.7. inode Modification Times
- bugs in
: (see bugs)
- for checking integrity
: 19.5.5. NIS+ Limitations
- checking new
- 8.1.5.2. Checking new software
- 11.1.2. Back Doors and Trap Doors
- consistency of
: 2.1. Planning Your Security Needs
- distributing
: (see FTP)
- exporting
: 26.4.1. Munitions Export
- failure of
: 7.1.1.1. A taxonomy of computer failures
- hacker challenges
: 27.2.4. Hacker Challenges
- logic bombs
: 11.1.3. Logic Bombs
- operating system
: (see operating systems)
- patches for, logging
: 10.7.2.2. Informational material
- quality of
- 1.4.2. Software Quality
- 1.4.3. Add-On Functionality Breeds Problems
- stolen (pirated)
- 17.3.2.6. Setting up anonymous FTP with the standard UNIX FTP server
- 26.4.2.1. Software piracy and the SPA
- stored via FTP
: 17.3.2.6. Setting up anonymous FTP with the standard UNIX FTP server
- testing
: 1.4.2. Software Quality
- vendor license agreements
: 18.5.2. Trusting Your Software Vendor
- viruses
: 11.1.5. Viruses
- worms
: 11.1.6. Worms
- software patents
: 6.7.1. Cryptography and the U.S. Patent System
- Software Publishers Association (SPA)
: 26.4.2.1. Software piracy and the SPA
- Software Security Response Team (SSRT)
: F.3.4.9. Digital Equipment Corporation and customers
- Solaris
- 1.3. History of UNIX
- 8.7.1. Integrating One-time Passwords with UNIX
- /etc/logindevperm
: 17.3.21.1. /etc/fbtab and /etc/logindevperm
- process limit
: 25.2.1.1. Too many processes
- Secure RPC time window
: 19.3.1.3. Setting the window
- /var/adm/loginlog file
: 10.1.4. loginlog File
- wtmpx file
: 10.1.2. utmp and wtmp Files
- Source Code Control System (SCCS)
: 7.3.2. Building an Automatic Backup System
- source code, keeping secret
: 2.5. The Problem with Security Through Obscurity
- SPA (Software Publishers Association)
: 26.4.2.1. Software piracy and the SPA
- Spaf's first principle
: 2.4.4.5. Have authority commensurate with responsibility
- spies
- 11.3. Authors
- 14.4.4.1. Kinds of eavesdropping
- spoofing
: 16.3. IP Security
- network connection
: 8.5.3.1. Trusted path
- network services
: 17.5. Monitoring Your Network with netstat
- NIS
: 19.4.4.5. Spoofing NIS
- RPCs
: 19.4.4.4. Spoofing RPC
- spool file
: 15.1.4. How the UUCP Commands Work
- spoolers, printer
: 12.3.4.1. Printer buffers
- sprinkler systems
- 12.2.1.1. Fire
- (see also water)
- Sprint response team
: F.3.4.32. Sprint
- sprintf function
- 23.1.1. The Lesson of the Internet Worm
- 23.2. Tips on Avoiding Security-related Bugs
- sscanf function
: 23.2. Tips on Avoiding Security-related Bugs
- SSL (Secure Socket Layer)
: 18.4.1. Eavesdropping Over the Wire
- SSRT (Software Security Response Team)
: F.3.4.9. Digital Equipment Corporation and customers
- Stallman, Richard
: 1. Introduction
- start bit
- 14.1. Modems: Theory of Operation
- 14.2. Serial Interfaces
- startup command
: 10.2.1. Accounting with System V
- startup files
- attacks via
- 11.5.2. Start-up File Attacks
- 11.5.2.7. Other initializations
- intruder's changes to
: 24.4.1.6. Changes to startup files
- stat function
: 5.4. Using Directory Permissions
- state law enforcement
: 26.2.1. The Local Option
- stateless
: 20.1.4.3. Connectionless and stateless
- static electricity
: 12.2.1.8. Electrical noise
- static links
: 23.4. Tips on Writing SUID/SGID Programs
- stdio
: (see portable I/O library)
- Steele, Guy L.
: 1. Introduction
- sticky bits
: 5.5.1. SUID, SGID, and Sticky Bits
- on directories
: 5.5.6. SGID and Sticky Bits on Directories
- stolen property
: (see theft)
- stop bit
- 14.1. Modems: Theory of Operation
- 14.2. Serial Interfaces
- storage
- 12.3.4. Protecting Local Storage
- 12.3.4.5. Function keys
- strcpy routine
: 23.1.1. The Lesson of the Internet Worm
- streadd function
: 23.2. Tips on Avoiding Security-related Bugs
- strecpy function
: 23.2. Tips on Avoiding Security-related Bugs
- strength, cryptographic
: 6.2.3. Cryptographic Strength
- of DES algorithm
- 6.4.4.3. DES strength
- 6.4.5.2. Triple DES
- of RSA algorithm
: 6.4.6.3. Strength of RSA
- string command
: 12.3.5.2. X screen savers
- strtrns function
: 23.2. Tips on Avoiding Security-related Bugs
- su command
- 4.2.1.2. Superuser is not for casual use
- 4.3. su: Changing Who You Claim to Be
- 4.3.8. Other Uses of su
- becoming superuser
: 4.3.4. Becoming the Superuser
- log of failed attempts
: 4.3.7. The Bad su Log
- sulog file
- 10.1. The Basic Log Files
- 10.3.2. sulog Log File
- utmp and wtmp files and
: 10.1.2.1. su command and /etc/utmp and /var/adm/wtmp files
- subnetting
: 16.2.1.2. Classical network addresses
- substitution (in encryption)
: 6.1.2. Cryptography and Digital Computers
- SUID/SGID programs
- 4.3.1. Real and Effective UIDs
- 5.5. SUID
- 5.5.7. SGID Bit on Files (System V UNIX Only): Mandatory Record Locking
- B.3. SUID and SGID Files
- back door via
: 11.1.2. Back Doors and Trap Doors
- chown command and
: 5.7. chown: Changing a File's Owner
- chroot call and
: 8.1.5.2. Checking new software
- created by intruders
: 24.4.1.3. New SUID and SGID files
- on directories
: 5.5.6. SGID and Sticky Bits on Directories
- disabling (turning off)
: 5.5.5. Turning Off SUID and SGID in Mounted Filesystems
- finding all files
- 5.5.4. Finding All of the SUID and SGID Files
- 5.5.4.1. The ncheck command
- shell scripts
- 5.5.3. SUID Shell Scripts
- 5.5.3.2. Another SUID example: IFS and the /usr/lib/preserve hole
- uucp access
: 15.3. UUCP and Security
- writing
: 23.4. Tips on Writing SUID/SGID Programs
- SUID/SGID programs:writing:programming:writing:zzz]
: 23. Writing Secure SUID and Network Programs
- suing
: (see civil actions)
- sulog file
- 4.3.7. The Bad su Log
- 10.3.2. sulog Log File
- sum command
- 6.5.5.1. Checksums
- 9.2.3. Checksums and Signatures
- Sun Microsystem's NIS
: (see NIS)
- Sun Microsystems
: F.3.4.34. Sun Microsystems customers
- SUN-DES-1 authentication
: 17.3.21.3. The xhost facility
- SunOS operating system
: 1.3. History of UNIX
- authdes_win variable
: 19.3.1.3. Setting the window
- /etc/fbtab file
: 17.3.21.1. /etc/fbtab and /etc/logindevperm
- TFTP sand
: 17.3.7. Trivial File Transfer Protocol (TFTP) (UDP Port 69)
- trusted hosts and
: 17.3.18.5. Searching for .rhosts files
- superencryption
: 6.4.5. Improving the Security of DES
- superuser
- 4. Users, Groups, and the Superuser
- 4.2.1. The Superuser
- 4.2.1.5. The problem with the superuser
- (see also root account)
- abilities of
: 27.1.3. What the Superuser Can and Cannot Do
- becoming with su
: 4.3.4. Becoming the Superuser
- changing passwords
- 8.4.1. Changing an Account's Password
- 8.8.8. Disabling an Account by Changing Its Password
- encryption and
: 6.2.4. Why Use Encryption with UNIX?
- logging attempts to become
: (see sulog file)
- problems with
: 4.2.1.5. The problem with the superuser
- restrictions on
: 4.2.1.4. What the superuser can't do
- TCB files
: 8.5.3.2. Trusted computing base
- using passwd command
: 3.5. Verifying Your New Password
- web server as
: 18.2.1. The Server's UID
- SURFnet
: F.3.4.25. Netherlands: SURFnet-connected sites
- surges
: (see power surges)
- SVR4 (System V Release 4)
: 1.3. History of UNIX
- swap partition
: 5.5.1. SUID, SGID, and Sticky Bits
- swap space
: 25.2.3. Swap Space Problems
- Swatch program
- 10.6. Swatch: A Log File Tool
- 10.6.2. The Swatch Configuration File
- E.4.9. Swatch
- SWITCH
: F.3.4.35. SWITCH-connected sites
- symbolic links and permissions
: 5.1.7. File Permissions in Detail
- symbolic-link following
- 18.2.2.2. Additional configuration issues
- 18.3.2. Commands Within the <Directory> Block
- SymLinksIfOwnerMatch option
: 18.3.2. Commands Within the <Directory> Block
- symmetric key
: (see private-key cryptography)
- SYN bit
: 16.2.4.2. TCP
- sync system call
- 5.6. Device Files
- 8.1.3. Accounts That Run a Single Command
- sys (user)
: 4.1. Users and Groups
- syslog facility
- 4.3.7. The Bad su Log
- 10.5. The UNIX System Log (syslog) Facility
- 10.5.3.1. Beware false log entries
- 23.1.1. The Lesson of the Internet Worm
- false log entries
: 10.5.3.1. Beware false log entries
- where to log
- 10.5.2. Where to Log
- 10.5.2.3. Logging everything everywhere
- syslog file
: 17.3.4.3. Improving the security of Berkeley sendmail V8
- syslog.conf file
: 10.5.1. The syslog.conf Configuration File
- systat service
: 17.3.1. systat (TCP Port 11)
- system
- auditing activity on
: 2.1. Planning Your Security Needs
- backing up critical files
- 7.3. Backing Up System Files
- 7.3.2. Building an Automatic Backup System
- control over
: (see access control)
- database files
: 1.2. What Is an Operating System?
- overload attacks
: 25.2.1.2. System overload attacks
- performance
: (see performance)
- remote, commands on
: 15.1.2. uux Command
- summarizing usage per user
: 25.2.2.2. quot command
- transfering files to other
: 15.1.1. uucp Command
- system (in swatch program)
: 10.6.2. The Swatch Configuration File
- system administration
: 2.4.4.5. Have authority commensurate with responsibility
- avoiding conventional passwords
- 8.8. Administrative Techniques for Conventional Passwords
- 8.8.9. Account Names Revisited: Using Aliases for Increased Security
- change monitoring
: 9.3. A Final Note
- changing passwords
- 8.4.1. Changing an Account's Password
- 8.8.8. Disabling an Account by Changing Its Password
- cleaning up /tmp directory
: 25.2.4. /tmp Problems
- contacting administrator
: 24.2.4.2. How to contact the system administrator of a computer you don't know
- controlling UUCP security
: 15.3. UUCP and Security
- detached signatures (PGP)
: 6.6.3.6. PGP detached signatures
- disabling finger system
: 17.3.8.2. Disabling finger
- discovering intruders
- 24.2. Discovering an Intruder
- 24.2.6. Anatomy of a Break-in
- dual universes and
: 5.9.1. Dual Universes
- errors by
: 7.1.1.1. A taxonomy of computer failures
- finding largest files
: 25.2.2.1. Disk-full attacks
- immutable files and
: 9.1.1. Immutable and Append-Only Files
- locked accounts
: 3.3. Entering Your Password
- message authentication
: 6.5.2. Using Message Digests
- monitoring phantom mail
: 17.3.4.2. Using sendmail to receive email
- new passwords
: 3.4. Changing Your Password
- read-only filesystems and
: 9.1.2. Read-only Filesystems
- references on
: D.1.11. UNIX Programming and System Administration
- removing automatic backups
: 18.2.3.5. Beware stray CGI scripts
- sanitizing media
: 12.3.2.3. Sanitize your media before disposal
- trusting
: 27.3.2. Your System Administrator?
- weakness-finding tools
: 11.1.1. Security Tools
- system call
: 5.1.7. File Permissions in Detail
- system clock
- changing
- 5.1.5. File Times
- 9.2.3. Checksums and Signatures
- 17.3.14. Network Time Protocol (NTP) (UDP Port 123)
- for random seeds
: 23.8. Picking a Random Seed
- Secure RPC timestamp
: 19.3.1.3. Setting the window
- system files
: 11.6.1.2. Writable system files and directories
- initialization files
: 11.5.3.5. System initialization files
- system function
- 5.5.3.2. Another SUID example: IFS and the /usr/lib/preserve hole
- 18.2.3.2. Testing is not enough!
- 18.2.3.3. Sending mail
- 23.2. Tips on Avoiding Security-related Bugs
- system functions, checking arguments to
: 23.2. Tips on Avoiding Security-related Bugs
- System Network Architecture (SNA)
: 16.4.2. SNA
- System V UNIX
- Which UNIX System?
- 1.3. History of UNIX
- accounting with
: 10.2.1. Accounting with System V
- chroot in
: 8.1.5. Restricted Filesystem
- default umask value
: 5.3. The umask
- groups and
: 4.1.3.2. Groups and older AT&T UNIX
- inittab program
: C.5.1. Process #1: /etc/init
- modems and
: 14.5.1. Hooking Up a Modem to Your Computer
- passwords
: 8.1.1. Accounts Without Passwords
- ps command with
: C.1.2.1. Listing processes with systems derived from System V
- random number generators
: 23.7.3. drand48 ( ), lrand48 ( ), and mrand48 ( )
- recent login times
: 10.1.1. lastlog File
- Release 4 (SVR4)
: 1.3. History of UNIX
- restricted shells
: 8.1.4.1. Restricted shells under System V UNIX
- SGI bit on files
: 5.5.7. SGID Bit on Files (System V UNIX Only): Mandatory Record Locking
- su command and
: 4.3.6. Restricting su
- SUID files, list of
: B.3. SUID and SGID Files
- utmp and wtmp files
: 10.1.2. utmp and wtmp Files
- UUCP
: 15.4.1.3. Format of USERFILE entry without system name
- /var/adm/loginlog file
: 10.1.4. loginlog File
- wtmpx file
: 10.1.2. utmp and wtmp Files
- Systems file
: 15.3.3. Security of L.sys and Systems Files
Search |
Symbols
| A
| B
| C
| D
| E
| F
| G
| H
| I
| J
| K
| L
| M
| N
| O
| P
| Q
| R
| S
| T
| U
| V
| W
| X
| Y
| Z
Copyright © 1999
O'Reilly & Associates, Inc.
All Rights Reserved.