beautypg.com

Xerox 4590 EPS-10912 User Manual

Page 11

background image

Security Guide

5

Table 2-2

“System” tab

Table 2-3

“INIT” tab RC2 section

System Service

Description

Allow_host.equiv_plus

Background: The /etc/hosts.equiv and /.rhosts files provide the remote
authentication database for rlogin, rsh, rcp, and rexec. The files
specify remote hosts and users that are considered to be trusted.
Trusted users are allowed to access the local system without
supplying a password. These files can be removed or modified to
enhance security. DocuSP is provided with both of these files deleted
entirely. The setting All_host.equiv_plus is set to disabled, then
anytime that security settings are applied, the + will be removed from
host.equiv. IMPORTANT NOTE: Removing the + from the hosts.equiv
file will prevent the use of the Xerox command line client print from
remote clients. An alternative would be to remove the + and add the
name of each trusted host that requires this functionality. Leaving the
+ will allow a user from any remote host to access the system with the
same username

BSM

Enable or disable the Basic Security Module (BSM) on Solaris

Executable Stacks

Some security exploits take advantage of the Solaris OE kernel
executable system stack to attack the system. Some of these exploits
can be avoided by making the system stack non-executable. The
following lines are added to /etc/system/fP file:set
noexec_user_stack=1set noexec_user_stack_log=1

Remote CDE Logins

Deny all remote access (direct/broadcast) to the X server running on
DocuSP by installing an appropriate /etc/dt/config/Xaccess file.

Router

Disable router mode by creating an empty the empty file: /etc/
notrouter.

Secure Sendmail

Force sendmail to only handle outgoing mail. No incoming mail will be
handled by sendmail.

Security Warning
Banners

Enable security warning banners to be displayed when a user logins
or telnets into the DocuSP server.

RC2 Service

Description

S40LLC2

Class II logical link control driver

S47ASPPP

Asynchronous PPP link manager. This service is re-enabled via
enable-remote-diagnostics command.

S70UUCP

UUCP server

S71LDAP.CLIENT

LDAP daemon to cache server and client information for NIS lookups.

S72AUTOINSTALL

Script executed during stub JumpStart or AUTOINSTALL JumpStart

S72SLPD

Service Location Protocol daemon

This manual is related to the following products:
See also other documents in the category Xerox Computer hardware: