Home PC Games Linux Windows Database Network Programming Server Mobile  
           
  Home \ Linux \ The basic principles of AIX system security     - VMware virtual machine can not start VMnet0 no Internet access and other issues (Linux)

- RedHat Redis Linux installation (Database)

- HAProxy performance under high concurrency (Server)

- Python programming style (Programming)

- Why do you need close contact Rust 1.0 (Programming)

- Cygwin install Python MySQLdb (Linux)

- Ubuntu 14.04 configure JDK1.8.0_25, switchable version (Linux)

- Solaris 10 nagios monitoring system (Linux)

- JavaScript function definition mode (Programming)

- You must ask yourself four questions before deploying Docker (Server)

- Deploy Mono 4 and Jexus 5.6 on CentOS7 (Server)

- MySQL In can not be overridden with an internal connection (Database)

- RHEL5.8 physical opportunities to Read-only file system (Linux)

- How to modify the Sublime in Tab four spaces (Linux)

- Linux / Unix system-level IO (Linux)

- CentOS 6.6 command-line automatic completion (Linux)

- Enable Intel Rapid Start in GNU / Linux (Linux)

- Using LLVM Clang and Blocks under Linux (Programming)

- The AWK use Cygwin tools mysql binlog log viewer (Database)

- Adding SSH to Github (Linux)

 
         
  The basic principles of AIX system security
     
  Add Date : 2017-01-08      
         
         
         
  1. AIX user security concept
AIX each user has a unique user name, user ID and password, the owner of the file depends on the user ID; root can change the owner of the file; the default root for the super-user; user adm, sys, bin not allowed to log in; You need to share the same type of files users can be classified in the same group; the most common group two, system administrator for the group, staff for the general user group.
The basic principles of system security: the user is given a unique user name, user ID (UID) and password. After the user logs on, the legality of file access depends on the UID.
When a file is created, UID is automatically generated as the file owner. Only the owner and root can modify access permissions. Users need to share the same set of files can be included in the same group. Each user can belong to multiple groups. Each group is assigned a unique group name and group ID (GID), GID has also been assigned to the newly created file.
Should be particularly emphasized that the root privilege control:
Should be strictly limited number of people using root privileges;
root password to the system administrator should not change the disclosure period;
Different machines with different root password;
The system administrator should log in as a normal user, and then use the su command to enter the privileged;
PATH environment variable and root systems used by major security relationship.
Security system security log is an important guarantee for experienced system administrators often use it to do security checks. Results Su command stored in / var / adm / sulog; the user logon and logoff log records stored in / var / adm / wtmp, and / etc / utmp, the available who command; illegal and failed logins records stored in / etc / security / failedlogin, the same command with who, unknown login name recorded as unknown.
2. The access permissions for files and directories
File and directory has a set of permission bits, using standard read, write, and execute permissions to define three levels: user (file owner), group, and others, in addition to three additional permission bits is SUID, SGID and SVTX (sticky bit).
Executable files with the SUID bit means that the file runs, it runs in the process effective UID file. Shell does not support SUID, SUID directory meaningless; executable files with SGID bits means that file is run, the process in an effective GID file is a group of run; create a directory with SGID represented in the directory file / directory directory will inherit the group ID, while ignoring the creator is a group; AIX the sticky bit of meaningless file, directory with the sticky bit of meaning: even if the directory has write permissions (such as / tmp), the user can not just deleted files directory, unless the owner of the file or directory owner.
Permission bits file directory
R user has permission to read the user list directory contents
W user can modify the contents of the file users can create or delete files in the directory
X user executable file that users can cd to that directory and reference that directory in the PATH
When executing the program SUID file is valid UID has the Lord -
File has SGID program is running under effective GID directory file group created directories inherit GID
SVTX - only the file or directory owner the right to delete files in the directory
3. The security file
Storing user attributes and control access permissions of files and directories as follows:
/ Etc / passwd contains a valid user (without password)
/ Etc / group contains a valid group;
/ Etc / security contained Ordinary users can not access the security file;
/ Etc / security / passwd contains the user password;
/ Etc / security / user contains the user attributes, passwords and other constraints;
/ Etc / security / limits contains user resource limits;
/ Etc / security / environ contains user environment settings;
/etc/security/login.cfg contains login settings;
/ Etc / security / group included property group.
4. Check the legitimacy of the user's environment
Here are three commands to check the legality of the user environment:
pwdck native authentication information to verify the legality of checks / etc / passwd and etc / security / passwd consistency /, as well as /etc/security/login.cfg and / etc / security / user of consistency;
usrck verify the legitimacy of user-defined, check the / etc / passwd, / etc / security / user, / etc / security / limits and / etc / security / passwd user information, also check the / etc / group and / etc / security / group, in order to ensure data consistency.
grpck verify the legitimacy of the group, check the / etc / group, / etc / Data Consistency security / group and / etc / security / user between.
The above command is executed by root or a member of the security group for the user to modify the configuration after doing cleanup work.
     
         
         
         
  More:      
 
- How to manage KVM virtual environments with command-line tools in Linux (Server)
- CentOS 6.5 installation and simple configuration Nginx (Server)
- To change CentOS7 runlevel (Linux)
- Ubuntu system safe and caution sudo su command (Linux)
- It is time to upgrade your gulp 4.0 (Programming)
- OpenNMS separate database (Server)
- GRUB2 boot Ubuntu Manual (Linux)
- Linux Command Tutorial: Ubuntu apt-get command (Linux)
- Distributed transaction management Spring declarative transactions (Programming)
- To compiler and install MariaDB-10.0.20 under CentOS 6.6 (Database)
- iOS in the event delivery and the responder chain (Programming)
- How to disable UEFI to install Linux on Win8 (Linux)
- Based on a complete solution RMI service to transfer large files (Programming)
- MySQL master recovery from failure using binlog (Database)
- By way of a binary installation innobackupex (Database)
- WebLogic administrator account and reset the password (Database)
- Briefly explain the invasion of the four-level denial of service attack DoS Linux server (Linux)
- MySQL performance comparison of large amounts of data storage (Database)
- [Errno 4] IOError: [Errno ftp error] with yum appears as a workaround (Linux)
- Linux System Getting Started Learning: Fix ImportError: No module named scapy.all (Linux)
     
           
     
  CopyRight 2002-2022 newfreesoft.com, All Rights Reserved.