Home PC Games Linux Windows Database Network Programming Server Mobile  
  Home \ Linux \ The basic principles of AIX system security     - CentOS 7 How to connect to a wireless network (Linux)

- Configuring Haproxy log support (syslog logging support) (Server)

- Using FTPClient to upload and download files in Java (Programming)

- Android use canvas board painting (Programming)

- Installation in lxml Python module (Linux)

- Linux md5sum verify file integrity (Linux)

- Brief Linux commands (Linux)

- Ubuntu 14.04 to install Blender 2.71 (Linux)

- Batch download files using the explorer under Windows Server 2008 R2 (Server)

- Ubuntu uses the / etc / profile file to configure the JAVA environment variable (Linux)

- Python is not C (Programming)

- Java Performance Tuning the proxy mode (Programming)

- OpenSIPS offline messaging feature set (Server)

- Oracle 11g users to create, authorize and import dmp file (Database)

- MySQL + Heartbeat + DRBD deployment architecture (Server)

- Upgrade to Linux Mint 16 petra Mint 17 Qiana (Linux)

- Linux Fundamentals of the text, data flow processing orders (Linux)

- Java Collections Framework interfaces map (Programming)

- Valgrind * not * leak check tool (Linux)

- See Shell Script Linux Server network traffic (Server)

  The basic principles of AIX system security
  Add Date : 2017-01-08      
  1. AIX user security concept
AIX each user has a unique user name, user ID and password, the owner of the file depends on the user ID; root can change the owner of the file; the default root for the super-user; user adm, sys, bin not allowed to log in; You need to share the same type of files users can be classified in the same group; the most common group two, system administrator for the group, staff for the general user group.
The basic principles of system security: the user is given a unique user name, user ID (UID) and password. After the user logs on, the legality of file access depends on the UID.
When a file is created, UID is automatically generated as the file owner. Only the owner and root can modify access permissions. Users need to share the same set of files can be included in the same group. Each user can belong to multiple groups. Each group is assigned a unique group name and group ID (GID), GID has also been assigned to the newly created file.
Should be particularly emphasized that the root privilege control:
Should be strictly limited number of people using root privileges;
root password to the system administrator should not change the disclosure period;
Different machines with different root password;
The system administrator should log in as a normal user, and then use the su command to enter the privileged;
PATH environment variable and root systems used by major security relationship.
Security system security log is an important guarantee for experienced system administrators often use it to do security checks. Results Su command stored in / var / adm / sulog; the user logon and logoff log records stored in / var / adm / wtmp, and / etc / utmp, the available who command; illegal and failed logins records stored in / etc / security / failedlogin, the same command with who, unknown login name recorded as unknown.
2. The access permissions for files and directories
File and directory has a set of permission bits, using standard read, write, and execute permissions to define three levels: user (file owner), group, and others, in addition to three additional permission bits is SUID, SGID and SVTX (sticky bit).
Executable files with the SUID bit means that the file runs, it runs in the process effective UID file. Shell does not support SUID, SUID directory meaningless; executable files with SGID bits means that file is run, the process in an effective GID file is a group of run; create a directory with SGID represented in the directory file / directory directory will inherit the group ID, while ignoring the creator is a group; AIX the sticky bit of meaningless file, directory with the sticky bit of meaning: even if the directory has write permissions (such as / tmp), the user can not just deleted files directory, unless the owner of the file or directory owner.
Permission bits file directory
R user has permission to read the user list directory contents
W user can modify the contents of the file users can create or delete files in the directory
X user executable file that users can cd to that directory and reference that directory in the PATH
When executing the program SUID file is valid UID has the Lord -
File has SGID program is running under effective GID directory file group created directories inherit GID
SVTX - only the file or directory owner the right to delete files in the directory
3. The security file
Storing user attributes and control access permissions of files and directories as follows:
/ Etc / passwd contains a valid user (without password)
/ Etc / group contains a valid group;
/ Etc / security contained Ordinary users can not access the security file;
/ Etc / security / passwd contains the user password;
/ Etc / security / user contains the user attributes, passwords and other constraints;
/ Etc / security / limits contains user resource limits;
/ Etc / security / environ contains user environment settings;
/etc/security/login.cfg contains login settings;
/ Etc / security / group included property group.
4. Check the legitimacy of the user's environment
Here are three commands to check the legality of the user environment:
pwdck native authentication information to verify the legality of checks / etc / passwd and etc / security / passwd consistency /, as well as /etc/security/login.cfg and / etc / security / user of consistency;
usrck verify the legitimacy of user-defined, check the / etc / passwd, / etc / security / user, / etc / security / limits and / etc / security / passwd user information, also check the / etc / group and / etc / security / group, in order to ensure data consistency.
grpck verify the legitimacy of the group, check the / etc / group, / etc / Data Consistency security / group and / etc / security / user between.
The above command is executed by root or a member of the security group for the user to modify the configuration after doing cleanup work.
- Mac OS X 10.9 build Nginx + MySQL + php-fpm environment (Server)
- Ten to improve the efficiency of the Linux bash tricks (Linux)
- Linux kernel update error, update-initramfs: failed Solution (Linux)
- iOS in Singleton (Programming)
- Configure the ASM process on Red Hat Linux 6.5 (Database)
- Testing Oracle 11g RMAN replicate database (Database)
- CentOS 7.0 running Docker kernel error solution (Server)
- Use XtraBackup to MySQL database online incremental backup and recovery (Database)
- Redis-- persistence articles (Database)
- Iptables small summary (Linux)
- Android imitation UC browser scroll up and down functions (Programming)
- Linux, security encryption to transfer files between machines (Linux)
- Linux formatted partition error Could not stat / dev / sda No such file or directory Solution (Linux)
- Compile and install Ubuntu Linux 4.0.5 kernel, network and fix vmware kernel module compilation error (Linux)
- CentOS 6.7 compile and install LAMP (Server)
- xCAT error Unable to dispatch hierarchical sub-command to NORESOLUTION: 3001 (Linux)
- Based Docker build stand-alone high-availability cluster Hadoop2.7.1 Spark1.7 (Server)
- Memory leak analysis using Android studio (Programming)
- The compiler installed Kaldi under Ubuntu 12.04 (Linux)
- Linux + Apache + PHP + Oracle based environment to build (Server)
  CopyRight 2002-2022 newfreesoft.com, All Rights Reserved.