Xerox 701P46740 manual Enable and disable services, Bsm

Page 9

Enable and disable services

 

The following tables provide a list of the services that can be

 

enabled and disabled from the Xerox FreeFlow Print Server

 

“Setup > Security Profiles” menu options.

 

NOTE: Services list may vary, depending on the product.

 

Table 2-2“System” tab

 

 

System Service

Description

 

 

Allow_host.equiv_plus

Background: The /etc/hosts.equiv and /.rhosts files provide the remote

 

authentication database for rlogin, rsh, rcp, and rexec. The files

 

specify remote hosts and users that are considered to be trusted.

 

Trusted users are allowed to access the local system without

 

supplying a password. These files can be removed or modified to

 

enhance security. The Xerox FreeFlow Print Server is provided with

 

both of these files deleted entirely. The setting All_host.equiv_plus is

 

set to disabled, then anytime that security settings are applied, the +

 

will be removed from host.equiv. IMPORTANT NOTE: Removing the +

 

from the hosts.equiv file will prevent the use of the Xerox command

 

line client print from remote clients. An alternative would be to remove

 

the + and add the name of each trusted host that requires this

 

functionality. Leaving the + will allow a user from any remote host to

 

access the system with the same username

Anonymous FTP

 

BSM

Enable or disable the Basic Security Module (BSM) on Solaris

Executable Stacks

Some security exploits take advantage of the Solaris OE kernel

 

executable system stack to attack the system. Some of these exploits

 

can be avoided by making the system stack non-executable. The

 

following lines are added to /etc/system/fP file:set

 

noexec_user_stack=1set noexec_user_stack_log=1

Hide Info Banners

 

Multicast Routing

 

Remote CDE Logins

Deny all remote access (direct/broadcast) to the X server running on

 

the Xerox FreeFlow Print Server by installing an appropriate /etc/dt/

 

config/Xaccess file.

Restrict DFS tab

 

Restrict NFS Portmon

 

Router

Disable router mode by creating an empty the empty file: /etc/

 

notrouter.

Secure File

 

Permissions

 

 

 

Security Guide

5

Image 9
Contents Security Guide USA Table of contents Table of contents Contents About this guideConventions Customer support System supplied security profiles SecurityFTP CD-ROMBSM Enable and disable servicesS40LLC2 S72AUTOINSTALLS47ASPPP S70UUCPS17HCLNFS.DAEMON S15NFS.SERVERS76SNMPDX S77DMISecurity Guide Security Guide User level changes Multicast routing disabled Disabling secure name service databasesSolaris file permissions OS and host information hiddenRemote CDE login disabled Executable stacks disabledXerox FreeFlow Print Server router capabilities disabled Sendmail daemon securedEnable-ftp and disable-ftp Remote shell internet serviceSecurity warning banners Disabling LP anonymous printingAccount management Setting the current and default profilesCreating user-defined profiles Local users and groupsDefault user groups and user accounts Creating user accounts Group authorizationCDS MED CD-ROMAuto-Logon Password security Default Screen/Auto-LogoffHow to Enable/Disable Strong Password Strong PasswordsGUI Logging Audit LogsDate/Time User Login/Logout Accessing the Xerox FreeFlow Print Server through ADSChanging individual passwords User Activity on the SystemIP Filtering Limiting accessUsing the Print Server SSL/TLS Security Feature Secure Socket LayerRemote Workflow Isgw Creating and Using a Self-Signed CertificateSecurity Guide Digital Certificates Network ProtocolIPP HttpSnmp WinsSecure Print Micr modeSSL NFSRoles and responsibilities Prevent Unauthorized Queue ChangesQueue Lock Xerox responsibilitiesCustomer Responsibilities Security tipsOnline Help for security Virus Scan