secconfig man page on OSF1

Man page or keyword search:  
man Server   12896 pages
apropos Keyword Search (all sections)
Output format
OSF1 logo
[printable version]

secconfig(8)							  secconfig(8)

NAME
       secconfig,  secsetup  -	Security  features  setup  graphical interface
       (Enhanced Security)

SYNOPSIS
       /usr/sbin/sysman secconfig

					Note

       The secsetup utility has	 been  replaced	 by  the  secconfig  graphical
       interface.

DESCRIPTION
       The secconfig utility is a graphical interface used to select the level
       of system security needed. It can convert from Base to  enhanced	 secu‐
       rity  mode,  and	 configure base and enhanced security features. If you
       are using secconfig to enable Enhanced security, you  must  first  have
       loaded the enhanced security subsets.

       You  can	 run secconfig while the system is in multiuser mode. However,
       if you change the security level, the change is not completed until you
       reboot the system.

       For  both  base and enhanced security, the secconfig utility allows you
       to enable segment sharing, to enable access control lists  (ACLs),  and
       to restrict the setting of the execute bit to root only.

       For enhanced security, the secconfig utility additionally allows you to
       configure security support from simple shadow passwords all the way  to
       a  strict  C2  level  of	 security.  Shadow password support is an easy
       method for system administrators, who do not wish to  use  all  of  the
       extended	 security  features,  to  move	each  user's  password	out of
       /etc/passwd and into the extended user profile database	(auth.db.  You
       can  use the Custom mode if you wish to select additional security fea‐
       tures, such as breakin detection and evasion, automatic database	 trim‐
       ming, and password controls.

       When  converting	 from base to enhanced security, secconfig updates the
       system default database (/etc/auth/system/default) and  uses  the  con‐
       vuser utility to migrate user accounts.

       While  it  is  possible	to convert user accounts from enhanced back to
       base, the default encryption algorithms and supported password  lengths
       differ  between	base and enhanced security, and thus user account con‐
       versions do not succeed without a password change.

					Note

       Because of the page table sharing mechanism used for shared  libraries,
       the  normal file system permissions are not adequate to protect against
       unauthorized reading. The secconfig interface  allows  you  to  disable
       segment sharing. The change in segment sharing takes effect at the next
       reboot.

FILES
       /etc/auth/system/default

       /etc/passwd

       /tcb/files/auth.db

SEE ALSO
       acl(4), authcap(4), default(4), convuser(8)

       Security

								  secconfig(8)
[top]
                             _         _         _ 
                            | |       | |       | |     
                            | |       | |       | |     
                         __ | | __ __ | | __ __ | | __  
                         \ \| |/ / \ \| |/ / \ \| |/ /  
                          \ \ / /   \ \ / /   \ \ / /   
                           \   /     \   /     \   /    
                            \_/       \_/       \_/ 
More information is available in HTML format for server OSF1

List of man pages available for OSF1

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net