I want to periodically check if ASCII password/config files on Unix have 400 or 600 access. Folders and files are owned by designated group and user. Folders and Files do not have world write access.
Are there any tools/scripts available for this kind of auditing that I can use on Solaris? (7 Replies)
I read somewhere that you should make sure Apache is configured to not allow symbolic links to be followed outside the webroot, as this can compromise security.
I can imagine how this could lead to a security risk:
eg:
Is my assumption correct? -- Is it nothing more than: "its just... (0 Replies)
Hi,
I am doing a services audit on one of our servers at work and I notice that I sometimes have a service with two slightly different prefixes. For example,
S94httpd
K15httpd
Can one of them be safely deleted? (2 Replies)
gsscred(1M)gsscred(1M)NAME
gsscred - add, remove and list gsscred table entries
SYNOPSIS
user oid] uid]] comment]
user oid]] uid] mech]
user oid]] uid] mech]
DESCRIPTION
The utility is used to create and maintain a mapping between a security principal name and a local UNIX uid. The format of the user name
is assumed to be You can use the option to specify the object identifier of the name type. The OID must be specified in dot-separated
notation, for example:
The table is used on server machines to lookup the uid of incoming clients connected using
When adding users, if no user name is specified, an entry is created in the table for each user from the passwd table. If no comment is
specified, the utility inserts a comment that specifies the user name as an ASCII string and the GSS-API security mechanism that applies to
it. The security mechanism will be in string representation as defined in the file.
The parameters are interpreted the same way by the utility to delete users as they are to create users. At least one of the following
options must be specified: or If no security mechanism is specified, then all entries will be deleted for the user identified by either the
uid or user name. If only the security mechanism is specified, then all user entries for that security mechanism will be deleted.
Again, the parameters are interpreted the same way by the utility to search for users as they are to create users. If no options are spec-
ified, then the entire table is returned. If the user name or uid is specified, then all entries for that user are returned. If a secu-
rity mechanism is specified, then all user entries for that security mechanism are returned.
Options
Add a table entry.
Insert comment about this table entry.
Search table for entry.
Specify the mechanism for which this name is to be translated.
Specify the optional principal name.
Specify the OID indicating the name type of the user.
Remove the entry from the table.
Specify the uid for the user if the user is not local.
EXAMPLES
Example 1: Creating a gsscred Table
The following shows how to create a table for the Kerberos Security Mechanism(V5). obtains user names and uid's from the passwd table to
populate the table.
Example 2: Adding an Entry
The following shows how to add an entry for with a specified uid of 0 for the Kerberos Security Mechanism(V5).
Example 3: Listing All User Mappings
The following lists all user mappings for the Kerberos Security Mechanism(V5).
Example 4: Lising All Mappings for a Specified User
The following lists all mappings for all security mechanisms for the user
EXIT STATUS
The following exit values are returned:
0 Successful completion.
>0 An error occurred.
FILES
The mapping table.
Tables of GSS-API based security mechanism installed.
SEE ALSO gssd(1M), gsscred_clean(1M).
gsscred(1M)