Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: Protect Account UID = 0
Top Forums UNIX for Dummies Questions & Answers Protect Account UID = 0 Post 302139878 by reborg on Tuesday 9th of October 2007 05:41:34 PM
Old 10-09-2007
Firstly have a look at the CERT UNIX security checklist, which will list a number of measures that would be expected of any system.

In addition to these you should read up on the "two man rule" and similar security techniques. In paticular you must be careful of SOX requirements if the system will be US based.
 

9 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Protect from rm /

We recently had an accidental delete from /. I hold the root password but others are allowed to sudo over to root to perform admin tasks. The only way I want to permit deletion from / is by physically being root (su -). I'd like to add a line to the sudoers file which would permit all commands... (1 Reply)
Discussion started by: scottsl
1 Replies

2. UNIX for Dummies Questions & Answers

Setting an account to be a non-login account automatically?

Is there a way to easily change an account to be a non login account (NP in the shadow) file? I know I can just edit the file but that is not what we want to do. We use access control software and want to provide a way to set an account to be non-login using simple commands that can be mapped... (0 Replies)
Discussion started by: LordJezo
0 Replies

3. UNIX for Dummies Questions & Answers

Change Account to not lock account if password expires

I have access to 15+ UNIX boxes at work, and I do not consistently log onto all of them over time. When I do try to access one I havent been on in awhile, my account is locked as the password has expired. I need to request to the UNIX SA's that the password expiration is 90 days and that if it... (1 Reply)
Discussion started by: stringzz
1 Replies

4. Linux

Apply disk quota to account(dedicate 3 GB to account).

Hi , I am faceing lot of problem due to "disk space is not enough". senerio is like as, In system has 5 account. a,b,c,d,e say account c if very critical. Due to other user's data, user 'c' is faceing disk space issue. I want to dedicate 3 GB for user 'c'. No user... (1 Reply)
Discussion started by: ashokd009
1 Replies

5. Linux

uid of an account which accesses ftp/http

Hi Techs, Please guide me the answer with the explanation. Q1) What is the uid of an individual account which can access ftp/http? Thanks in advance to all. (3 Replies)
Discussion started by: ajazshariff
3 Replies

6. Solaris

New root account with Different UID number

Hi Unix Gurus . I have requirement where in which - I would like create duplicate root equivalent account with all the privileges equal to root. Is it possible to create this duplicate account with different UID. ? this id i would like give it to my teams - who does multiple activities using... (2 Replies)
Discussion started by: johnavery50
2 Replies

7. Forum Support Area for Unregistered Users & Account Problems

Restart old account, change email for account

Hi there, I may have had a typo in my email previously provided. I have doublechecked my email for Scott's reply but havent seen it, so I am creating a new post. My new email can be either one of these: <removed> or <removed> I beleive my old email was <removed by admin> thanks for your... (1 Reply)
Discussion started by: AKelam_MagnusA
1 Replies

8. How to Post in the The UNIX and Linux Forums

Simultaneously try to execute commands after connecting to remote account to one account

I have made password less connection to my remote account. and i tried to execute commands at a time. but i am unable to execute the commands. ssh $ACCOUNT_DETAILS@$HOST_DETAILS cd ~/JEE/*/logs/ (1 Reply)
Discussion started by: kishored005
1 Replies

9. Windows & DOS: Issues & Discussions

What happens to your skype account if you close outlook.com email account?

Hello, Does anyone know what happens to your skype account if you close the outlook.com email account which are linked together? As you know they are both owned by Microsoft. Thanks (0 Replies)
Discussion started by: milhan
0 Replies

LEARN ABOUT DEBIAN

tigexp

TIGEXP(8)						      Administrator Commands							 TIGEXP(8)

NAME

       tigexp - UNIX Security Checker Explanation Generator

SYNOPSIS

       tigexp msgid [msgid[msgid...]]

       tigexp [-f|-F] [security_report]

DESCRIPTION

       Tigexp is used to generate explanations of the output from the Tiger security checking package.	In the first form, tigexp will generate an
       explanation of each of the message ids listed.  In the second form, the security report specified will be scanned and  explanations  gener-
       ated.  The -f option will generate one explanation for each unique message id in the security report, whereas the -F option will output the
       security report with explanations inserted after each entry in the report.

       There are five different message levels produced by Tiger. Each of the message levels is the last letter of the message id. The levels are:

       ALERT  A message of this level indicates that Tiger has detected a possible intrusion attempt or  troublesome  misconfiguration	which  can
	      expose the whole system to attacks.

       FAIL   Messages of this level indicate a violation of a generic security policy or a possible intrusion. Appropriate action should be taken
	      to fix this security issue.

       WARN   Messages of this level indicate a security issue which should be checked further and might  indicate  a  probable  vulnerability	or
	      exposure. Most Tiger messages appear in this category.

       INFO   These  includes  information messages which are not necessarily a security violation but might be useful for the administrator. Note
	      that the tigerrc configuration file through the Tiger_Show_INFO_Msgs option determines whether or not Tiger shows these  items.  The
	      default behaviour is to not show them.

       ERROR  These  messages are errors in the execution of Tiger (or any of its scripts), this is probably due to a misconfiguration in the pro-
	      gram, because of a problem in the installation or because a file needed for the test is missing. The script who outputs  this  error
	      should be investigated further.

       CONFIG Messages with this level inform of stages in the configuration process of Tiger. They are not errors (otherwise ERROR would be used)
	      but notices for the user running the program explaining, for example, which configuration might be used.

   OPTIONS
       -f     Scan the indicated security report and generate explanations of it.  One explanation will be generated for each unique message id in
	      the security report.  If the name of a security report is not given, then the report is read from stdin.

       -F     Output the indicated security report with explanations inserted after each entry in the report.  If the name of a security report is
	      not given, then the report is read from stdin.

FILES

       $TIGERHOMEDIR/doc/explain.idx

SEE ALSO

       tiger(8)

BUGS

       If the explanation index is out of date, it doesn't recognize it and generates junk.

Security							  12 August 2003							 TIGEXP(8)
All times are GMT -4. The time now is 08:10 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy