, - . , , :  -> -> :  : - 10-13 - +----------------------------------------------------------------+ | Expiration | | ( ) | | Use the system default minimum password lifetime | | ( - | | , ) | | 10 Dec 88 19:33 /usr/auth | | +-----View/Modify an existing user account-----+ | | | (/ | | | | ) | | |+------+-----------Password life and death------------+--------+| || ( ) || || Username : Sample || || ( ) || || Last password change Date/Time || || ( /) || || successful Wed Feb 22 09:27:29 1989 || || () || || unsuccessful NEVER || || () || ||Maximum days between changes:Specify [Default] of None Value: || ||( ()( (:)|| || ) ) || ||Expiration time (days) :Specify [Default] of 20 Value: || ||( ) ()( (:)|| || 20) || ||Lifetime (days) :Specify [Default] of 26 Value: || ||( ) ()( (:)|| || 26) || |+--------------------------------------------------------------+| +----------------------------------------------------------------+ - " - , ". / -  - . - - . , :  -> -> : - 10-14 - +----------------------------------------------------------------------+ | Audit | | (p) | | System startup (boots) and shutdown ( - | | p p ) | | 7 Dec 88 18:43 /usr/auth | | +--------View/Modify an existing user account-------+ | | |(/ -| | | | ) | | |+--+-------------------Audites events------------------+-------------+| || (, ) || ||Username: sample || ||( ) || ||A.Startup/shutdown [Default] B.Login/Logoff [Default]|| || (/p) (/) || ||C.Process Create/Delete [Default] D.Make Object Available [Default]|| || (/ ) ( ) || ||E.Map Object to Subject [Default] F.Object Modification [Default]|| || ( ) ( ) || ||G.Make Object Unavailable[Default] H.Object Creation [Default]|| || ( ) ( ) || ||I.Object Deletion [Default] J.DAC changes [Default]|| || ( ) ( DAC) || ||K.DAC Denials [Default] L.Admin/Operator Actions[Default]|| || ( DAC ( /)|| ||M.Insufficient Privilege [Default] N.Resource Denials [Default]|| || ( ) ( ) || ||O.IPC Functions [Default] P.Process Modification [Default]|| || ( IPC) ( ) || ||Q.Audit Subsystem Events [Default] R.Database Events [Default]|| || ( ) ( )|| ||S.Subsystem Events [Default] T.Use of Privilege [Default]|| || ( ) ( ) || |+--------------------------------------------------------------------+| +----------------------------------------------------------------------+ , , - " " "- " . "Default( )", "Always()" "Never()". - <F3> - . (, "n","nev" "N" NEVER). , - , <CTL>x. ( , , ). - 10-14a - /  , , - . , - , , .   , , - ,- 8. - NGROUPS. configure  : ", - " . , . - " configure" " " - . - 10-15 - ________________________________________________________________   , , , - , . - , - , , . 10.1 , "Relaxed ()" - ( , UNIX ), " - , ": - 10-15a -  10.1  , . +-----------------------------+---------------+----------------+ | | Relaxed | C2 | ============================================================ |  | | | +-----------------------------+---------------+----------------+ | - | 0 | 14 | | | | | | () | 0 | 42 | | | 0 | 365 | | | 8 | 10 | +-----------------------------+---------------+----------------+ | - | Yes | Yes | | | | | | | Yes | Yes | | | | | | - | No | No | | | | | | - | Yes | Yes | | | | | ============================================================ |   | | | +-----------------------------+---------------+----------------+ | - | 99 | 5 | | | | | | | 0 | 2 | | | | | | | | | ============================================================ |   | | A,B,F,H,I,J,K, | | | | L,M,N,Q,R,S,T *| ============================================================ |  | +-----------------------------+---------------+----------------+ | | queryspace, | queryspace, | | | printerstat, | printerstat, | | | printqueue, | printqueue | | | su,mem, | | | | terminal | | +-----------------------------+---------------+----------------+ | | execsuid, | execsuid, | | | chmodsuguid, | chown, | | | chown, | nopromain | | | nopromain | | +-----------------------------+---------------+----------------+ * " - 10-16 -  ,   . "2", , . - UNIX, sysadmsh: -> -> ->  - , , - UNIX (. 10.1). , - : +--------------------------------------------------------------+ | Relax | | ()| | Do not change the current level of security ( | | ) | | /tcb/files/auth 03/23/89 10:57 | | +------------------Configure default---------------------+ | | | ( ) | | | | | | | | This options will change the system default | | | | authorizations for users to so that the system will | | | | behave in a similar manner to a conventional UNIX | | | | system. It will also disable auditing of users | | | | actions.(a - | | | | , - | | | | UNIX. | | | | , | | | | ). | | | | It may nt be possible to reliably restore the | | | | current level of system integrity at a later time. | | | | ( | | | | ). | | | | | | | |Are you absolutely sure you wish to do this? Yes [No] | | | |( , ?| | | | []) | | | +--------------------------------------------------------+ | +--------------------------------------------------------------+ - 10-16a - , , - : +---------------------------------------------------+ |The default file has changed since installation| |( | | ) | |Previous changes will be lost ( | | ) | | | |Press <Return> to continue, or <Escape> to abort| |( <Return> , <Escape> | | ) | +---------------------------------------------------+ - 10-17 -   sysadmsh: ->  : * * * , , , - . - , - sysadmsh. , , . , , , . , . , - , , .  , x   , , . , - . - . , . , - . - - , , . - , - - 10-17a - . , - ( - ) . sysadmsh:  -> ->   - 10-18 - : +---------------------------------------------------------------+ | Logins | | ( ) | | | | Allowed consecutive failed login attempts before | | account is locked ( - | | | | ) | | /tcb/files/auth 03/23/89 10:57 | |+-------------------Login restriction-------------------------+| || ( ) || || || || Maximum number of unsuccessful attempts before || || locking ... ( - || || ) || || ... user account : [10] || || ( ) || || ... terminal : [10] || || () || || || ||Delay (in seconds) between login attempts on a terminal:[2]|| ||( ) || || CPU sheduling priority after successful login :[0]|| ||( || || ) || |+-------------------------------------------------------------+| +---------------------------------------------------------------+ : Maximum number of unsuccessful attempts before locking , , . - , - (. " "), - . - 10-18a - Delay (in seconds) between login attempts on a terminal , . - , - , - , . - , - login:. ' - , ( ) . - 10-19 - CPU sheduling priority after successful login nice(C) - .  ,  - sysadmsh:  -> ->  : +------------------------------------------------------+ | Password| | ()| |Minimum number of days which must elapse between | |password changes( , | | ) | |/tcd/files/auth 03/23/89 10:57| | +-----------Password selection-------------+ | | | ( ) | | | |Minimum days between changes :[14] | | | |( )| | | |Expiration time :[182 ] | | | |( ) | | | |Lifetime :[364 ] | | | |( ) | | | |Maximum password length :[ 10] | | | |( ) | | | |User can run generator :[Yes] No | | | |( ) | | | |User can choose own :[Yes] No | | | |( ) | | | |Checked for obviousness : Yes [No] | | | |( ) | | | |Single user password required : Yes [No] | | | |( )| | | +------------------------------------------+ | +------------------------------------------------------+ , , - 10-19a - - , . , , , . , , .    . - , - . . - , . - - . - - 10-20 - , . - , . , - , , , ,   . . . : Minimum days between changes , - . Expiration time , . Lifetime . Maximum password length . - - 80 . User can run generator , - . , - , . User can choose own - . "" , - . "" , - - - . UNIX, . - "", - UNIX, . "", - 10-21 - , - . Checked for obviousness - - . , - , , goodpw(ADM). - "" , - , - , , - , - . - . , - , , . Single user password required , - ( ). ,   - . . , "- ".  ,  : - .  -  .  , . - . , , sysadmsh:  -> ->  : - 10-22 - +----------------------------------------------------------+ | Authorization | | ( ) | | | | Privileges enforced by the system | | (, ) | | | | /tcb/files/auth 03/23/89 10:57 | | | |+---------------------Authorizations---------------------+| || ( ) || || || || System default authorizations (<F3> for list) (-|| || , , (<F3>-|| || )) || || || || Kernel: Subsystem: [... ]|| ||( )+----------+ ( ) || || |chmodsugid| || || |chown | || || |execsuid | || |+----------+nopromain +----------------------------------+| | +----------+ | +----------------------------------------------------------+ <F3> , . . - 10-22a -  10.2   +-----------+---------------------+---------------------------+ | | | | +-----------+---------------------+---------------------------+ | mem | Memory | - | | | () | ; | | | | | +-----------+---------------------+---------------------------+ | terminal | Terminal | - | | | () | write(C) | +-----------+---------------------+---------------------------+ | lp | Line Printer | | | | ( ) | | +-----------+---------------------+---------------------------+ | backup | Backups | | | | ( | | | | ) | | +-----------+---------------------+---------------------------+ | auth | Account | : - | | | () | , | | | | . | +-----------+---------------------+---------------------------+ | audit | Audit | : | | | () | | | | | | +-----------+---------------------+---------------------------+ | cron | Job Scheduling | - | | | ( | cron(C), at(C) | | | ) |  batch(C) | | | | | | sysadmin | System Integrity | | | | ( | integrity(ADM) | | | ) | | +-----------+---------------------+---------------------------+  - , . . - ; , auth, lp. - 10-23 - , - , - . 2, - , . sysadmin integrity(ADM), . ( - integrity(ADM) " " "- " ).  10.3   +--------------------------------------------------------------+ | | +--------------------------------------------------------------+ | queryspace backup | | df | | | | | | printerqueue lp | | , | | lpstat  | | | | printerstat lp ,| | -| | /| | | | | | su auth | | | | -| | -| | . ( | | | | ). | +--------------------------------------------------------------+ - 10-23a - (, printqueue, , lpstat). , - UNIX. "- " , . - "" , , . ________________________________________________________________  , . (- , lp printqueue printerstat). ________________________________________________________________ - 10-24 -  -   , - , - , . ,  . - , . su su(C). - : 1. 2. 3. , 4. 5.   , - . , - chown. , - . , - , , , , - . - 10-24a -  10.4   +----------------------------------------------------------------+ | | +------------------+---------------------------------------------+ | configaudit | -| | | | | writeaudit | | | | | | execsuid | SUID | | chmodsugid | SUID SGID| | | | | chown | | | suspendaudit | | | | | | nopromain | -| | | | +------------------+---------------------------------------------+ , , - ; 2. ; - 10-25 - " " " " . 1execsuid, chmodsugid3 0 1chown3   " " " 3- " " " - .   - . , 10.5, . - , configaudit suspendaudit. - . - sysadmin, chmodsugid, integrity(ADM)  .  10.5   +---------------