has physical access to the machine and enough time, there is very little you can do to prevent unauthorized access. This may be more problematic when an authorized administrator can't remember the password. Note: For
11.22and prior, this requires conversion to trusted mode.
Actions | Sets the parameter BOOT_AUTH=1 in the /etc/default/security file. For |
| |
| with modprdef. |
Headline | Set the new PATH at su . |
Default | /sbin:/usr/sbin:/bin:/usr/bin |
Description | The SU_DEFAULT_PATH parameter defines a new default PATH environment |
| value to be set when su to a |
| Set SU_DEFAULT_PATH=new_PATH. This ensures that an su session will |
| always have a default PATH value, preventing the inheritance of a poisoned |
| PATH variable from your current login session. The PATH environment variable |
| is set to new_PATH when the su command is invoked. Other environment |
| values are not changed. The PATH value is not validated. This parameter does |
| not apply to a superuser account, and is applicable only when the |
| is not used along with the su command. |
Actions | Sets the parameter SU_DEFAULT_PATH in the /etc/default/security |
| file. |
Headline | Set a default path for the su command. |
Default | Y |
Description | Set the SU_DEFAULT_PATHyn parameter. |
Actions | None. |
Headline | Basic system security auditing enabled. |
Default | N |
Description | Enabling basic system security auditing logs a subset of system calls. This |
| logging produces system overhead. If this system is in a performance sensitive |
| role, the risk of not logging may be less than the risk of incurring a small |
| amount of overhead. |
Actions | Configure and start auditing and acct programs. Convert to trusted mode if |
| necessary. |
Headline | Set umask for all users on the system. |
Default | 77 |
Description | The umask utility sets a default permission for files that you create. |
| Bastille can set one of several umasks. Select one of the following or create |
| your own: |
| alter them. |
| |
| them. |
38 Question modules