Anhang zur Ausführungsbestimmung für UNIX-Systeme bei ....
Anhang D: Konfiguration Sun-OS
Tabelle 1: Geräte-Beschreibungs-Dateien
Tabelle 2: Hauptspeicher-Beschreibungs-Dateien
Tabelle 3: Werkzeuge, die auf Hauptspeicher-Beschreibungs-Dateien zugreifen
Tabelle 4: Unterstützte Shells
Tabelle 5: Log-Dateien
Tabelle 6: Gruppen-Datei
Tabelle 7: Netzwerk-Dateien
Tabelle 8: Crash Dump Dateien
Tabelle 9: Tabelle des Datei-Systems
Tabelle 10: Daten zur Terminal-Initialisierung
Tabelle 11: Terminal-Konfigurations-Datenbank
Tabelle 12: Terminal Capability Datenbank
Tabelle 13: Scheduled Administrative Commands
Tabelle 14: System-Start Kommando-Prozeduren
Tabelle 15: Schutz der Benutzer-Account-Dateien
Tabelle 16: Weitere Dateien im Verzeichnis /usr/etc
Tabelle 17: Weitere System-Dateien
Tabelle 18: "wall"-Befehl
Tabelle 19: "uudecode"-Befehl
Tabelle 20: "chroot"-Befehl
Tabelle 21: System-Verzeichnisse
Tabelle 22: Temporäre System-Verzeichnisse
Tabelle 23: Empfehlungen zum Datei-Schutz der Benutzer-Umgebungen
Tabelle 24: Mail-Dateien des Benutzers
Tabelle 25: Datei der Mail-Alias-Namen
Tabelle 26 : ftp Verzeichnisse
Tabelle 27 : ftp Dateien
Tabelle 28: Schutz der Dateien für die Batch-Verarbeitung
Tabelle 1: Geräte-Beschreibungs-Dateien
Datei/Verzeichnis |
Owner |
Gruppe |
Zugriffsart |
Beschreibung (original) |
/dev |
bin |
staff |
2755 |
Directory of special device files. |
/dev/console |
[user] |
[user's group] |
620 |
Opened console device special file. (The file is opened when on is set for the console entry in the /etc/ttytab file.) |
/dev/MAKEDEV |
root |
staff |
744 |
Shell script for installing special files. |
/dev/[disk]* |
root |
operator |
640 |
Buffered disk systems. |
/dev/r[disk]* |
root |
operator |
640 |
Unbuffered disk systems. |
/dev/null |
root |
staff |
666 |
The data sink file must be group- and word-writable. |
/dev/rmt* |
root |
staff |
666 |
Tape devices. |
/dev/tty# |
root or [user] |
tty |
620 |
Opened terminal special files. |
/usr/etc/mknod |
root |
wheel |
744 |
Creates special files. Link to etc/mknod. |
/dev/klog |
root |
staff |
600 |
|
/dev/mb* |
root |
staff |
600 |
Multibus interfaces. |
/dev/nit |
root |
staff |
600 |
Network interface tap. |
/dev/nrst* |
root |
staff |
666 |
Norewind streamer tape device. |
/dev/rst* |
root |
staff |
666 |
Streamer tape device. |
/dev/vme* |
root |
staff |
600 |
VME bus interface. |
/usr/kvm/sys/[k-arch]/conf/GENERIC |
root |
staff |
664 |
Generic device configuration file. Used in the absence of a custom device configuration file. |
/usr/kvm/sys/[k-arch]/conf/[SYSTEM_NAME]
|
root |
staff |
755 |
Custom device configuratoin file. Replace [k-arch] with the kernel architecture displayed by the command /usr/bin/arch -k Replace [SYSTEM_NAME] with the name of your system. |
Tabelle 2: Hauptspeicher-Beschreibungs-Dateien
Datei/Verzeichnis |
Owner |
Gruppe |
Zugriffsart |
Beschreibung (original) |
/dev/drum |
root |
kmem |
640 |
Refers to paging device. |
/dev/dump |
root |
kmem |
660 |
|
/dev/eeprom |
root |
staff |
644 |
|
/dev/klog |
oot |
staff |
600 |
|
/dev/kmem |
root |
kmem |
640 |
Image of virtual main memory. |
/dev/mbio |
root |
staff |
600 |
|
/dev/mbmem |
root |
staff |
600 |
|
/dev/mem |
root |
kmem |
640 |
Image of physical main memory. |
/dev/nit |
root |
staff |
600 |
|
/dev/rsd* |
root |
operator |
640 |
|
/dev/rxy* |
root |
operator |
640 |
|
/dev/sd* |
root |
operator |
640 |
|
/dev/vme* |
root |
staff |
600 |
|
/dev/xy* |
root |
operator |
640 |
|
Tabelle 3: Werkzeuge, die auf Hauptspeicher-Beschreibungs-Dateien zugreifen
Datei/Verzeichnis |
Owner |
Gruppe |
Zugriffsart |
/usr/kvm/ps |
root |
kmem |
2755 |
/usr/bin/iostat |
root |
kmem |
2755 |
/usr/bin/ipcs |
root |
kmem |
2755 |
/usr/bin/mail |
root |
staff |
4755 |
/usr/etc/nfsstat |
root |
kmem |
2755 |
/usr/etc/pstat |
root |
kmem |
2755 |
/usr/ucb/netstat |
root |
staff |
2755 |
/usr/ucb/vmstat |
root |
kmem |
2755 |
/usr/kvm/w |
root |
kmem |
2755 |
Tabelle 4: Unterstützte Shells
Datei/Verzeichnis |
Owner |
Gruppe |
Zugriffsart |
/etc/shells |
root |
staff |
644 |
Tabelle 5: Log-Dateien
Datei/Verzeichnis |
Owner |
Gruppe |
Zugriffsart |
Beschreibung (original) |
/etc/syslog.conf |
root |
staff |
644 |
Configuration file used to direct syslog messages to files, devices and users. any files specified in /etc/syslog.conf must have the protection described for/usr/spool/mqueue/syslog. |
/etc/utmp |
root |
staff |
666 |
Information about logged-in users. Must be world-writable.
|
/usr/adm/acct |
bin |
staff |
2755 |
Raw system accounting data directory. |
/var/adm/lastlog |
root |
staff |
644 |
User login times. |
/usr/adm/savacct |
root |
staff |
644 |
Reduced system accounting data from /user/adm/acct. |
/var/adm/usracct |
root |
staff |
644 |
Per-user summary of system accounting data. |
/var/adm/wtmp |
root |
staff |
644 |
uccessful logins, logouts, shutdowns, and reboots. |
/usr/etc/sa |
root |
wheel |
755 |
Prints process accounting statistics. |
/var/log/syslog and syslog.# |
root |
staff |
666 |
Contains private information regarding mail transfers. |
/var/adm/messages |
root |
wheel |
644 |
Log file for console messages. A different file name may be designated in /etc/syslog.conf. |
/usr/adm/acct/fiscal |
bin |
staff |
2755 |
|
/usr/adm/acct/write |
bin |
staff |
2755 |
|
/usr/adm/acct/sum |
bin |
staff |
2755 |
|
/etc/security |
root |
wheel |
0711 |
Security directory structure defined by C2conv utility. |
/etc/security/audit |
audit |
audit |
0700 |
Audit directory |
etc/security/audit/{server}/files |
audit |
audit |
0700 |
Mount point for audit files from remote machines. |
Tabelle 6: Gruppen-Datei
Datei/Verzeichnis |
Owner |
Gruppe |
Zugriffsart |
Beschreibung (original) |
/etc/group |
root |
staff |
664 |
Information about groups. Write access to this file allows you to place yourself in any group, including system-administration groups.
|
/etc/group.bak |
root |
staff |
644 |
Backup group file created by C2conv. If this file contains encrypted group passwords set the mode to 600 or remove the file. |
/etc/group.yp |
root |
staff |
644 |
NIS distributed group database/file |
/etc/security/group.adjunct |
root |
staff |
640 |
Shadow group file. |
/usr/include/grpadj.h |
root |
staff |
444 |
Describes the format of /etc/security/group.adjunct. |
Tabelle 7: Netzwerk-Dateien
Datei/Verzeichnis |
Owner |
Gruppe |
Zugriffsart |
Beschreibung (original) |
/etc/exports |
root |
staff |
644 |
Local file systems and directories available for NFS support. |
/etc/ftpusers |
root |
staff |
644 |
List of unauthorized ftp users. |
/etc/hosts |
root |
staff |
644 |
Information about known hosts on the ... Internet. This file must not be writable by remote hosts. |
/etc/hosts.equiv |
root |
staff |
600 |
List of remote machines whose users can access the local system without password. |
/etc/inetd |
root |
staff |
755 |
Internet daemon. Link to /usr/etc/inetd. |
/etc/inetd.conf |
root |
staff |
644 |
Internet daemon configuration database. |
/etc/remote |
root |
staff |
644 |
Modem information for tip. |
/etc/rexecd |
root |
staff |
755 |
Remote execution daemon. Link to /usr/etc/rexecd. |
/etc/services |
root |
staff |
644 |
List of Internet services. |
/etc/X*.hosts |
root |
staff |
644 |
Contains server access control list for the workstation's display. |
/usr/etc/automount |
root |
staff |
755 |
Automatically mounts and unmounts NFS files system. |
/usr/etc/in.ftpd |
root |
staff |
755 |
Ftp daemon. |
/usr/ucb/rcp |
root |
staff |
4755 |
Remote copy program copies files between machines. |
/usr/ucb/rdist |
root |
staff |
4755 |
Remote file distribution program maintains identical copies of files on multiple hosts. |
/usr/ucb/rlogin |
root |
staff |
4755 |
Connects the terminal to a remote host. |
usr/ucb/rsh |
root |
staff |
4755 |
Shell for executing commands on remote hosts. |
/usr/ucb/tftpd |
root |
staff |
755 |
TFTP daemon. |
/etc/rlogind |
bin |
bin |
544 |
rlogin daemon |
/etc/remshd |
bin |
bin |
544 |
Remote shell (remsh) daemon |
Tabelle 8: Crash Dump Dateien
Datei/Verzeichnis |
Owner |
Gruppe |
Zugriffsart |
Beschreibung |
/var/crash |
root |
staff |
700 |
Directory for crash dump files. |
/var/crash/vmcore.# |
root |
staff |
700 |
Dump file for main memory. |
/var/crash/vmunix.# |
root |
staff |
700 |
Dump file for kernel image. |
Tabelle 9: Tabelle des Datei-Systems
Datei/Verzeichnis |
Owner |
Gruppe |
Zugriffsart |
Beschreibung |
/etc/fstab |
root |
staff |
644 |
Konfiguration des Datei-Systems |
Tabelle 10: Daten zur Terminal-Initialisierung
Datei/Verzeichnis |
Owner |
Gruppe |
Zugriffsart |
Beschreibung (original) |
/etc/ttytab |
root |
staff |
644 |
Terminal port initialization data. |
/etc/ttys |
root |
staff |
444 |
File derived from the /etc/ttytab and used for backward compatibility. Do not edit this file. |
Tabelle 11: Terminal-Konfigurations-Datenbank
Datei/Verzeichnis |
Owner |
Gruppe |
Zugriffsart |
Beschreibung (original) |
/etc/gettytab |
root |
staff |
44 |
Terminal configuration database. |
Tabelle 12: Terminal Capability Datenbank
Datei/Verzeichnis |
Owner |
Gruppe |
Zugriffsart |
Beschreibung |
/etc/termcap |
root |
staff |
644 |
Terminal capability Datenbank |
Tabelle 13: Scheduled Administrative Commands
Datei/Verzeichnis |
Owner |
Gruppe |
Zugriffsart |
Beschreibung (original) |
/var/spool/cron/crontabs |
root |
staff |
2755 |
Directory for scheduled system administration commands. |
/var/spool/cron/crontabs/root |
root |
staff |
600 |
Scheduled system administration commands executed by the cron command. |
Tabelle 14: System-Start Kommando-Prozeduren
Datei/Verzeichnis |
Owner |
Gruppe |
Zugriffsart |
Beschreibung (original) |
/etc/rc |
root |
staff |
640 |
Generic startup command script which is often made site specific. |
/etc/rc.boot |
root |
staff |
644 |
Startup file which sets the machine name and, if coming up in multiuser mode, runs fsck -p. |
/etc/rc.local |
root |
staff |
600 |
Site-specific startup command script. |
/etc/rc.single |
root |
staff |
755 |
Script invoked by rc.boot when the / file system is mounted read-only and write access is needed. |
Tabelle 15: Schutz der Benutzer-Account-Dateien
Datei/Verzeichnis |
Owner |
Gruppe |
Zugriffsart |
Beschreibung (original) |
/etc/passwd |
root |
staff |
644 |
Basic user-account information used in conjunction with shadow password file. |
/etc/passwd.bak |
root |
staff |
600 |
Backup password file created by C2conv with mode 644. Either maintain at mode 600 or remove this file. |
/etc/passwd.yp |
root |
staff |
644 |
NIS distributed password database/file. |
/etc/security/passwd.adjunct |
root |
staff |
600 |
Shadow password file. |
usr/include/pwdadj.h |
root |
staff |
444 |
Description of the format of /etc/security/passwd.adjunct. |
Tabelle 16: Weitere Dateien im Verzeichnis /usr/etc
Datei/Verzeichnis |
Owner |
Gruppe |
Zugriffsart |
/usr/etc/dchek |
root |
staff |
755 |
/usr/etc/eeprom |
root |
kmem |
755 |
/usr/etc/htable |
root |
taff |
755 |
/usr/etc/init |
root |
staff |
755 |
/usr/etc/ncheck |
oot |
staff |
755 |
/usr/etc/pac |
root |
staff |
755 |
usr/etc/zdump |
root |
staff |
755 |
/usr/etc/zic |
root |
staff |
755 |
/usr/etc/portmap |
root |
staff |
755 |
/etc/sendmail.fc |
root |
staff |
600 |
/etc/sendmail.cf |
root |
staff |
644 |
/etc/sm |
root |
staff |
755 |
/etc/sm.bak |
root |
staff |
755 |
Tabelle 17: Weitere System-Dateien
Datei/Verzeichnis |
Owner |
Gruppe |
Zugriffsart |
Beschreibung (original) |
bin/passwd |
root |
staff |
755 |
Change password command. |
/usr/lib/preserve |
root |
staff |
755 |
Preserves vi backup files. |
/usr/lib/recover |
root |
staff |
755 |
Recovers vi backup files. |
/usr/lib/sendmail |
root |
staff |
4711 |
Network mailer program. |
/usr/ucb/lprm |
root |
staff |
6711 |
Removes jobs from a printer queue. |
/vmunix |
root |
staff |
755 |
SunOS operating system boot file image.Write protection of this file is critical. |
/etc/sm |
root |
staff |
777 |
Directory of machines monitored by the statd status monitor. |
etc/sm.bak |
root |
staff |
777 |
Directory of machines notified of the recovery of the in.statd daemon. |
Tabelle 18: "wall"-Befehl
Datei/Verzeichnis |
Owner |
Gruppe |
Zugriffsart |
Beschreibung |
/bin/wall |
root |
tty |
2550 |
Bildschirm-Meldungen für alle angemeldeten Benutzer. |
Tabelle 19: "uudecode"-Befehl
Datei/Verzeichnis |
Owner |
Gruppe |
Zugriffsart |
Beschreibung |
/usr/bin/uudecode |
root |
staff |
111 |
Entschlüsselt Dateien, die durch /usr/bin/uuencode verschlüsselt wurden |
Tabelle 20: "chroot"-Befehl
Datei/Verzeichnis |
Owner |
Gruppe |
Zugriffsart |
Beschreibung |
/usr/etc/chroot |
root |
staff |
700 |
Ändert das "root"-Verzeichnis für einen Befehl |
Tabelle 21: System-Verzeichnisse
Datei/Verzeichnis |
Owner |
Gruppe |
Zugriffsart |
Beschreibung (original) |
|
root |
staff |
2755 |
Root of all file systems and home directory of the superuser. |
/bin |
root |
staff |
2755 |
Single user commands. Link to /usr/bin. |
/etc |
bin |
staff |
2755 |
System management commands. |
/etc/sm |
root |
staff |
2777 |
Status daemon statd and lock daemon lockd files. |
/etc/sm.bak |
root |
staff |
2777 |
Status daemon statd and lock daemon lockd files. |
/etc/security |
root |
staff |
2711 |
C2 security file. |
/usr |
root |
wheel |
755 |
A file system hierarchy. |
/usr/adm oder var/adm |
root |
wheel |
755 |
Administrative information. |
/usr/bin |
root |
staff |
2755 |
Additional user commands. |
/usr/etc |
bin |
staff |
2755 |
More system management commands. |
/usr/kits/[prodnnn]/bin und /usr/kits/[prodnnn]/lib |
root |
staff |
755 |
Recommended directories for layered product commands. |
/usr/kvm |
bin |
staff |
2755 |
Directory for kernel VM library functions. |
/usr/lib |
bin |
bin |
2755 |
Many system executables, such as the compiler and system libraries. |
/usr/local |
bin |
staff |
2755 |
Commands with a local origin. |
/usr/ucb |
bin |
staff |
2755 |
Certain Berkeley extension commands. |
/usr/spool |
bin |
bin |
2755 |
Directory for communication programs. Link to var/spool. |
/usr/sys |
root |
staff |
755 |
System files. |
/var |
bin |
staff |
2755 |
Directory of variable length files. |
/vmunix |
root |
staff |
755 |
Operating system boot file image. Write protection of this file is critical. |
Tabelle 22: Temporäre System-Verzeichnisse
Datei/Verzeichnis |
Owner |
Gruppe |
Zugriffsart |
Beschreibung |
/tmp |
bin |
staff |
3777 |
World writable directory for temporary files. |
/var/tmp |
bin |
staff |
3777 |
World writable directory for temporary files. |
/usr/tmp |
bin |
staff |
3777 |
World writable directory for temporary files. |
/usr/var/tmp |
bin |
staff |
3777 |
World writable directory for temporary files. |
Tabelle 23: Empfehlungen zum Datei-Schutz der Benutzer-Umgebungen
Datei/Verzeichnis |
Owner |
Gruppe |
Zugriffsart |
Beschreibung (original) |
. cshrc |
user's name |
user's group |
640 |
Environment file for C shell. |
. forward |
user's name |
user's group |
640 |
Mail forwarding address.Use for temporary forwarding only.Write access allows an attacker to redirect mail or specify that a malicious
/tmp program be run upon receipt of mail. |
.kshrc |
user's name |
user's group |
640 |
Environment file for KornShell. |
.login |
user's name |
user's group |
640 |
Environment file for csh shell. |
.logout |
user's name |
user's group |
640 |
Environment file for csh shell. |
.mailrc |
user's name |
user's group |
640 |
Environment file for mail. |
.netrc |
user's name |
user's group |
600 |
Information used for ftp auto-login. |
.plan |
user's name |
user's group |
644 |
Message displayed by the finger command. |
.profile |
user's name |
user's group |
640 |
Environment file for the sh, sh5, ksh shells. |
.project |
user's name |
user's group |
644 |
Message text displayed by the finger command. See related guideline in Section 2.2.3.4. |
.rhosts |
user's name |
user's group |
600 |
Remote users who can access the local account without a password. |
. sunview |
user's name |
user's group |
640 |
Environment file for the Sunview window environment. |
Xauthority |
user's name |
user's group |
640 |
Access control list for the workstation display. |
Xdefaults |
user's name |
user's group |
640 |
Xwindows default file. |
.X11startup |
user's name |
user's group |
640 |
Workstation startup file. |
.Xinitrc |
user's name |
user's group |
640 |
|
.wastebasket |
user's name |
user's group |
640 |
|
.* |
user's name |
user's group |
640 |
All other files in the user's directory. |
Tabelle 24: Mail-Dateien des Benutzers
Datei/Verzeichnis |
Owner |
Gruppe |
Zugriffsart |
Beschreibung (original) |
/usr/spool/mail/ [username] or /var/spool/mail/ username] |
[user] |
staff |
600 |
User mail file. |
/usr/spool/mail or /var/spool/mail |
root |
staff |
377 |
Directory of user mail files. |
/var/spool/secretmail |
bin |
bin |
3777 |
Secret mail directory. |
Tabelle 25: Datei der Mail-Alias-Namen
Datei/Verzeichnis |
Owner |
Gruppe |
Zugriffsart |
Beschreibung (original) |
/etc/aliases |
root |
staff |
644 |
Mail aliases file. |
/etc/aliases.dir |
root |
staff |
664 |
Along with aliases.pag, this file is the actual binary implementation of /etc/aliases. Link to /usr/lib/aliases.dir. |
/etc/aliases.pag |
oot |
staff |
664 |
Along with aliases.dir this file is the actual binary implementation of /usr/lib/aliases. |
/var/yp/src/ mail.aliases |
root |
staff |
755 |
Source file for send mail/NIS mapping. Link to /etc/aliases. |
Tabelle 26 : ftp Verzeichnisse
Directory |
Owner |
Group |
Mode |
Description (original) |
~ftp |
ftp |
ftp |
555 |
Home directory for anonymous ftp. |
~ftp/bin |
root |
ser |
111 |
Directory for the ls command. |
~ftp/etc |
root |
user |
111 |
Directory for the ftp group and passwd files. |
~ftp/pub |
ftp |
ftp |
1775 |
Public directory for files accessible to anonymous ftp users. |
Tabelle 27 : ftp Dateien
File |
Owner |
Group |
Mode |
Description (original) |
~ftp/bin/ls |
ftp |
staff |
555 |
Supports the ftp list commands. |
~ftp/etc/group |
root |
staff |
444 |
Group file for ftp account. |
~ftp/etc/passwd |
root |
staff |
444 |
Password file for ftp account. |
Tabelle 28: Schutz der Dateien für die Batch-Verarbeitung
Datei/Verzeichnis |
Owner |
Gruppe |
Zugriffsart |
Beschreibung (original) |
/var/spool/cron/at.deny |
root |
staff |
644 |
Users denied use of the at batch commands. |
/var/spool/cron/at.allow |
root |
staff |
644 |
Users allowed use of the at batch command. |
/var/spool/cron/crontabs/[username] |
root |
staff |
400 |
Commands executed by root on behalf of the specified user. |
/var/spool/cron/cron.allow |
root |
staff |
644 |
List of users allowed to use cron. If this file does not exist, cron checks cron.deny. |
/var/spool/cron/cron.deny |
root |
staff |
644 |
List of users denied use of cron. If this file is empty and cron.allow does not exist, any user can use cron. If neither cron.allow or cron.deny exist, only superusers can use cron. |
Zurück zu den Unix-Systemen.
Stand 05.03.1998 |