Museum

Home

Lab Overview

Retrotechnology Articles

⇒ Online Manual

Media Vault

Software Library

Restoration Projects

Artifacts Sought

Related Articles

authcap(4)

svc.conf(4)

auditmask(8)

audit_setup(8)

secsetup(8)  —  Maintenance

NAME

secsetup − Security features setup script (Enhanced Security)

SYNOPSIS

/usr/sbin/secsetup

DESCRIPTION

The secsetup command is an interactive facility that allows you to toggle security features on your system. You must first have loaded the enhanced security subset onto your system before running the command.

The secsetup command allows you to configure your system either for security auditing, enhanced login, or any combination of those features. You can run secsetup while the system is in multiuser mode (however, you must reboot to cause the security level to change).

Because of the page table sharing mechanism used for shared libraries, the normal file system permissions are not adequate to protect against unauthorized reading.  The secsetup command will ask users if they wish to disable segment sharing. Only the text part of the library, not the data segment, is shared in this way. If the user enters a ’?’ at the prompt secsetup displays information about the choices. If the segment sharing is already disabled, secsetup states that segment sharing is already disabled. When the user selects to disable the segment sharing, they will be asked if they wish to have a new kernel built.

Depending on the security features chosen, when secsetup completes you may need to replace your system’s kernel and reboot the system.

NOTE:  After secsetup is run, passwords that were originally entered with more than 8 characters will match a string with ONLY the first 8 characters.

The audit_setup(8) reference page describes how to set up audit. 

EXAMPLES

The following is an example of how security can be setup using secsetup:

# /usr/sbin/secsetup

Enter security level(BASE ENHANCED ?)[ENHANCED]: <RETURN>
ENHANCED security will take effect on the next reboot.
Do you wish to run the audit setup utility (yes no ?)[yes]: no
Do you wish to disable segment sharing(yes no ?)[no]: yes
Segment sharing has been disabled.
Updating configuration file to prevent segmentation...
Configuration file ’/sys/conf/ALLERGY’ updated.
Would you like to have a kernel built now (y/[n]):  y
Running ’doconfig -c ALLERGY’....
∗∗∗ KERNEL CONFIGURATION AND BUILD PROCEDURE ∗∗∗
Saving /sys/conf/ALLERGY as /sys/conf/ALLERGY.bck
Do you want to edit the configuration file? (y/n) [n]: n
∗∗∗ PERFORMING KERNEL BUILD ∗∗∗
        Working....Mon Aug 23 15:02:48 EDT 1993
        Working....Mon Aug 23 15:04:48 EDT 1993
        Working....Mon Aug 23 15:06:50 EDT 1993
        Working....Mon Aug 23 15:08:50 EDT 1993
The new kernel is /sys/ALLERGY/vmunix.
Configuration complete. You may move /sys/ALLERGY/vmunix
into place and reboot. The ENHANCED security level will
take effect on the next system reboot.
Press return to continue: <RETURN>

#

FILES

/etc/sec/audit_events
/etc/auth
/etc/passwd
/etc/svc.conf

RELATED INFORMATION

authcap(4), svc.conf(4), auditmask(8), audit_setup(8)
Security

Typewritten Software • bear@typewritten.org • Edmonds, WA 98026