SMC log is stored in

/var/sadm/wbem/log/wbem_log

List all options of telnet

inetadm -l telnet

To log all inetd incoming connections

inetadm -M tcp_trace=TRUE
* logs daemon.notice where /etc/syslog.conf states

List inetd default properties

inetd -p

kill signal to make daemon reread config

-HUP

Both m4 and make are in

/usr/ccs/bin

Each selector level below

includes levels above
* crit includes alert and emerg

/etc/syslog.conf has two fields

1) selector
2) action

Selector has two components

facility.level
(auth.crit)

Wildcards in syslog.conf

*.crit - all facilities
kern.* - CANNOT be used

* in the action field means

broadcast to all logged in users

Table of selector levels is in

/usr/include/sys/syslog.h

The only white space allowed in syslog.conf

tab

Add role "backup" with Media Backup rights

roleadd -P "Media Backup" -m -d /export/home/backup backup

Give role "backup" to user "user1"

usermod -R backup user1

Two ways to add a custom profile

1) Edit /etc/security/prof_attr and /etc/security/exec_attr
2) With SMC

The best way to use RBAC

1) Create roles that have profiles
2) Edit profiles to have commands, scripts, and auths
3) Assign roles to users

Execute RBAC command without pf shell

pfexec /usr/sbin/shutdown

How many chars are used for a role passwd?

first 6

To pass arguments to a command in exec_attr

point to a script that has the command with arguments

Field "type=" in /etc/user_attr can be

either "normal" or "role"

Default user auths and profiles

/etc/security/policy.conf

File with auths database

/etc/security/auth_attr

File that assiciates profiles with commands

/etc/security/exec_attr

File that associates profiles with auths

/etc/security/prof_attr

File that associates users/roles with profiles/auths

/etc/user_attr

To let a user/role delegate authorizations

user must have authorization ending on "grant"

Profile that defines all non-root commands

All
* should always be the last profile listed

root profile in RBAC is called

Primary Administrator

Are there predefined roles and profiles?

No roles, but yes to profiles. New roles can be created by assigning profiles to them.

How many databases does RBAC have?

As many as letters - 4.
1) users, roles
2) authorizations
3) profiles
4) commands

If ACL mask is changed after group perms,

group and mask perms will differ.
* changing group with chmod resets mask

What's the effect of "setfacl -s"

removes previous ACL and substitutes it for the new

What's default ACL?

Applied to dirs. Subdirs will have perms that intersect with 777. Files will intersect with 666.
* 777 is default before mask for dirs in Unix
* 666 is default before mask for files in Unix

Set default dir1 ACL: user:rwx, group:r-x, other:r-x, mask:r-x

setfacl -m d:u::7,d:g::5,d:o:5,d:m:5 dir1

Copy file1 ACL to file3

getfacl file1 | setfacl -f - file3

What does recalculating mask mean?

Allow maximum effective perms for every ACL entry

Recalculate file1 mask to allow rwx to usera

setfacl -r -m u:usera:7 file1
* -r recalculates mask to allow perms 7

List ACL of file2

getfacl file2

Modify file1 ACL mask to rw

setfacl -m m:6 file1

If a file has ACL

ls -l shows +