# # # WARNING: You must have prior authorization to access this system. # All connections are logged and monitored. By connecting to # to this system you fully consent to all monitoring. # Unauthorized access or use will be prosecuted to the full # extent of the law. You have been warned. # #
Example
B
This is an example of the /etc/ftpusers
file.
root daemon bin sys adm lp uucp nuucp listen nobody noaccess nobody4 lance
Example
C
This is an example of part of the
/etc/default/login file
#ident "@(#)login.dfl 1.8 96/10/18 SMI" /* SVr4.0 1.1.1.1 */ # Set the TZ environment variable of the shell. # #TIMEZONE=EST5EDT # ULIMIT sets the file size limit for the login. Units are disk blocks. # The default of zero means no limit. # #ULIMIT=0 # If CONSOLE is set, root can only login on that device. # Comment this line out to allow remote login by root. # CONSOLE=/dev/console
#ident "@(#)inetd.conf 1.44 99/11/25 SMI" /* SVr4.0 1.5 */ # # Configuration file for inetd(1M). See inetd.conf(4). # # To re-configure the running inetd process, edit this file, then # send the inetd process a SIGHUP. # # Syntax for socket-based Internet services: # # Syntax for TLI-based Internet services: # #tli # # IPv6 and inetd.conf # By specifying a value of tcp6 or udp6 for a service, inetd will # pass the given daemon an AF_INET6 socket. The following daemons have # been modified to be able to accept AF_INET6 sockets # # ftp telnet shell login exec tftp finger printer # # and service connection requests coming from either IPv4 or IPv6-based # transports. Such modified services do not normally require separate # configuration lines for tcp or udp. For documentation on how to do this # for other services, see the Solaris System Administration Guide. # # You must verify that a service supports IPv6 before specifying as # tcp6 or udp6. Also, all inetd built-in commands (time, echo, discard, # daytime, chargen) require the specification of as tcp6 or udp6 # # The remote shell server (shell) and the remote execution server # (exec) must have an entry for both the "tcp" and "tcp6" values. # # Ftp and telnet are standard Internet services. # ftp stream tcp6 nowait root /usr/sbin/in.ftpd in.ftpd telnet stream tcp6 nowait root /usr/sbin/in.telnetd in.telnetd # # Tnamed serves the obsolete IEN-116 name server protocol. # # # Shell, login, exec, comsat and talk are BSD protocols. # #shell stream tcp nowait root /usr/sbin/in.rshd in.rshd #shell stream tcp6 nowait root /usr/sbin/in.rshd in.rshd #login stream tcp6 nowait root /usr/sbin/in.rlogind in.rlogind #exec stream tcp nowait root /usr/sbin/in.rexecd in.rexecd
Example
E
This is an example of the /etc/syslog.conf
file NOTE: Do not use the space bar for /etc/syslog.conf,
you must use tabs!
#ident "@(#)syslog.conf 1.5 98/12/14 SMI" /* SunOS 5.0 */ # # Copyright (c) 1991-1998 by Sun Microsystems, Inc. # All rights reserved. # # syslog configuration file. # # This file is processed by m4 so be careful to quote (`') names # that match m4 reserved words. Also, within ifdef's, arguments # containing commas must be quoted. # *.err;kern.notice;auth.notice /dev/sysmsg *.err;kern.debug;daemon.notice;mail.crit /var/adm/messages ### TCP Wrappers local3.info /var/adm/tcpdlog *.alert;kern.err;daemon.err operator *.alert root *.emerg * ### Syslog server *.info @marge # if a non-loghost machine chooses to have authentication messages # sent to the loghost machine, un-comment out the following line: #auth.notice ifdef(`LOGHOST', /var/log/authlog, @loghost) mail.debug ifdef(`LOGHOST', /var/log/syslog, @loghost) # # non-loghost machines will use the following lines to cause "user" # log messages to be logged locally. # ifdef(`LOGHOST', , user.err /dev/sysmsg user.err /var/adm/messages user.alert `root, operator' user.emerg * )
Example
F
This is an example of the access control
lists for TCP Wrappers
#cat /etc/hosts.allow
ALL: merlin,zeus,david: ALLOW
#cat /etc/hosts.deny
ALL: ALL
Example
G
This is an example of setting the
TCP initial sequence number generation parameters in the file /etc/default/inetinit
# @(#)inetinit.dfl 1.2 97/05/08 # # TCP_STRONG_ISS sets the TCP initial sequence number generation parameters. # Set TCP_STRONG_ISS to be: # 0 = Old-fashioned sequential initial sequence number generation. # 1 = Improved sequential generation, with random variance in increment. # 2 = RFC 1948 sequence number generation, unique-per-connection-ID. # TCP_STRONG_ISS=2
#
# NOTE: You want to delete '/usr/bin/yppasswd', as it is hard linked
# to '/usr/bin/passwd'.
#
-r-sr-xr-x 1 root bin 15260 Oct 6 1998 /usr/lib/fs/ufs/quota
-r-sr-sr-x 1 root tty 174392 Aug 14 03:32 /usr/lib/fs/ufs/ufsdump
-r-sr-xr-x 1 root bin 869168 Aug 14 03:32 /usr/lib/fs/ufs/ufsrestore
---s--x--x 1 root bin 4316 Oct 6 1998 /usr/lib/pt_chmod
-r-sr-xr-x 1 root bin 8576 Oct 6 1998 /usr/lib/utmp_update
-r-sr-xr-x 1 root sys 27628 Oct 6 1998 /usr/bin/sparcv7/ps
-r-sr-xr-x 2 root bin 11528 Oct 6 1998 /usr/bin/sparcv7/uptime
-r-sr-xr-x 2 root bin 11528 Oct 6 1998 /usr/bin/sparcv7/w
-rwsr-xr-x 1 root sys 35916 Oct 6 1998 /usr/bin/at
-rwsr-xr-x 1 root sys 13996 Oct 6 1998 /usr/bin/atq
-rwsr-xr-x 1 root sys 12704 Oct 6 1998 /usr/bin/atrm
-r-sr-xr-x 1 root bin 14352 Oct 6 1998 /usr/bin/eject
-r-sr-xr-x 1 root bin 28776 Oct 6 1998 /usr/bin/fdformat
-r-sr-xr-x 1 root bin 29292 Oct 6 1998 /usr/bin/login
-rwsr-xr-x 1 root sys 7736 Oct 6 1998 /usr/bin/newgrp
-r-sr-xr-x 1 root bin 21368 Oct 6 1998 /usr/bin/rcp
-r-sr-xr-x 1 root bin 56280 Oct 6 1998 /usr/bin/rdist
-r-sr-xr-x 1 root bin 16772 Oct 6 1998 /usr/bin/rlogin
-r-sr-xr-x 1 root bin 9332 Oct 6 1998 /usr/bin/rsh
-rws--x--x 1 uucp bin 56240 Aug 14 03:34 /usr/bin/tip
-r-sr-sr-x 2 root sys 99824 Sep 9 1999 /usr/bin/yppasswd
-r-sr-xr-x 1 root bin 12948 Oct 6 1998 /usr/sbin/sparcv7/whodo
-rwsr-xr-x 3 root bin 17536 Aug 14 03:34 /usr/sbin/allocate
-rwsr-xr-x 1 root bin 10000 Aug 14 03:34 /usr/sbin/mkdevalloc
-rwsr-xr-x 1 root bin 10336 Aug 14 03:34 /usr/sbin/mkdevmaps
-r-sr-xr-x 1 root bin 20404 Oct 6 1998 /usr/sbin/ping
-rwsr-xr-x 1 root sys 23000 Aug 14 03:32 /usr/sbin/sacadm
-r-sr-xr-x 1 root bin 22056 Oct 6 1998 /usr/sbin/traceroute
-rwsr-xr-x 3 root bin 17536 Aug 14 03:34 /usr/sbin/deallocate
-rwsr-xr-x 3 root bin 17536 Aug 14 03:34 /usr/sbin/list_devices