Xerox 701P46740 manual Solaris file permissions, Disabling secure name service databases

Page 15

Solaris file permissions

Secure File Permission options can be enabled or disabled through the Xerox FreeFlow Print Server interface. Fix-modes include:

fixmodes-xerox: fix file permissions for all packages to make them more secure. Available under the System tab under the “Secure File Permissions” drop-down menu.

fixmodes-solaris: fix file permissions only for Solaris packages to make them more secure. Available under the System tab under the “Secure File Permissions” drop- down menu.

The fix-modes utility (from the Solaris Security Toolkit) adjusts group and world write permissions. It is run with the '-s' option to secure file permissions for Solaris files that were created at install time only. Customer-generated files are not affected.

NOTE: When this command is run, a file called /var/sadm/install/ content.mods is left. Do not delete this file. It contains valuable information needed by fix modes to revert the changes to the system file permissions if the security setting is changed back to medium.

Disabling secure name service databases

The following databases are disabled when security is invoked:

passwd(4)

group(4)

exec_attr(4)

prof_attr(4)

ser_attr(4)

Multicast routing disabled

Multicast is used to send data to many systems at the same time while using one address.

OS and host information hidden

The ftp, telnet and sendmail banners are set to null so that users in cannot see the hostname and OS level.

Security Guide

11

Page 14 Page 16
Image 15
Page 14 Page 16
Contents Security Guide USA Table of contents Table of contents Contents About this guideConventions Customer support System supplied security profiles SecurityFTP CD-ROMBSM Enable and disable servicesS70UUCP S72AUTOINSTALLS40LLC2 S47ASPPPS77DMI S15NFS.SERVERS17HCLNFS.DAEMON S76SNMPDXSecurity Guide Security Guide User level changes OS and host information hidden Disabling secure name service databasesMulticast routing disabled Solaris file permissionsSendmail daemon secured Executable stacks disabledRemote CDE login disabled Xerox FreeFlow Print Server router capabilities disabledDisabling LP anonymous printing Remote shell internet serviceEnable-ftp and disable-ftp Security warning bannersLocal users and groups Setting the current and default profilesAccount management Creating user-defined profilesDefault user groups and user accounts Creating user accounts Group authorizationCDS MED CD-ROMAuto-Logon Password security Default Screen/Auto-LogoffHow to Enable/Disable Strong Password Strong PasswordsGUI Logging Audit LogsUser Activity on the System Accessing the Xerox FreeFlow Print Server through ADSDate/Time User Login/Logout Changing individual passwordsIP Filtering Limiting accessUsing the Print Server SSL/TLS Security Feature Secure Socket LayerRemote Workflow Isgw Creating and Using a Self-Signed CertificateSecurity Guide Digital Certificates Network ProtocolWins HttpIPP SnmpNFS Micr modeSecure Print SSLXerox responsibilities Prevent Unauthorized Queue ChangesRoles and responsibilities Queue LockCustomer Responsibilities Security tipsOnline Help for security Virus Scan
Top Page Image Contents