Anhang zur Ausführungsbestimmung für UNIX-Systeme bei ....


Anhang D: Konfiguration Sun-OS

Tabelle 1: Geräte-Beschreibungs-Dateien

Tabelle 2: Hauptspeicher-Beschreibungs-Dateien

Tabelle 3: Werkzeuge, die auf Hauptspeicher-Beschreibungs-Dateien zugreifen

Tabelle 4: Unterstützte Shells

Tabelle 5: Log-Dateien

Tabelle 6: Gruppen-Datei

Tabelle 7: Netzwerk-Dateien

Tabelle 8: Crash Dump Dateien

Tabelle 9: Tabelle des Datei-Systems

Tabelle 10: Daten zur Terminal-Initialisierung

Tabelle 11: Terminal-Konfigurations-Datenbank

Tabelle 12: Terminal Capability Datenbank

Tabelle 13: Scheduled Administrative Commands

Tabelle 14: System-Start Kommando-Prozeduren

Tabelle 15: Schutz der Benutzer-Account-Dateien

Tabelle 16: Weitere Dateien im Verzeichnis /usr/etc

Tabelle 17: Weitere System-Dateien

Tabelle 18: "wall"-Befehl

Tabelle 19: "uudecode"-Befehl

Tabelle 20: "chroot"-Befehl

Tabelle 21: System-Verzeichnisse

Tabelle 22: Temporäre System-Verzeichnisse

Tabelle 23: Empfehlungen zum Datei-Schutz der Benutzer-Umgebungen

Tabelle 24: Mail-Dateien des Benutzers

Tabelle 25: Datei der Mail-Alias-Namen

Tabelle 26 : ftp Verzeichnisse

Tabelle 27 : ftp Dateien

Tabelle 28: Schutz der Dateien für die Batch-Verarbeitung


Tabelle 1: Geräte-Beschreibungs-Dateien

Datei/Verzeichnis Owner Gruppe Zugriffsart Beschreibung (original)
/dev bin staff 2755 Directory of special device files.
/dev/console [user] [user's group] 620 Opened console device special file. (The file is opened when on is set for the console entry in the /etc/ttytab file.)
/dev/MAKEDEV root staff 744 Shell script for installing special files.
/dev/[disk]* root operator 640 Buffered disk systems.
/dev/r[disk]* root operator 640 Unbuffered disk systems.
/dev/null root staff 666 The data sink file must be group- and word-writable.
/dev/rmt* root staff 666 Tape devices.
/dev/tty# root or [user] tty 620 Opened terminal special files.
/usr/etc/mknod root wheel 744 Creates special files. Link to etc/mknod.
/dev/klog root staff 600
/dev/mb* root staff 600 Multibus interfaces.
/dev/nit root staff 600 Network interface tap.
/dev/nrst* root staff 666 Norewind streamer tape device.
/dev/rst* root staff 666 Streamer tape device.
/dev/vme* root staff 600 VME bus interface.
/usr/kvm/sys/[k-arch]/conf/GENERIC root staff 664 Generic device configuration file. Used in the absence of a custom device configuration file.
/usr/kvm/sys/[k-arch]/conf/[SYSTEM_NAME] root staff 755 Custom device configuratoin file. Replace [k-arch] with the kernel architecture displayed by the command /usr/bin/arch -k Replace [SYSTEM_NAME] with the name of your system.

ToTop


Tabelle 2: Hauptspeicher-Beschreibungs-Dateien

Datei/Verzeichnis Owner Gruppe Zugriffsart Beschreibung (original)
/dev/drum root kmem 640 Refers to paging device.
/dev/dump root kmem 660
/dev/eeprom root staff 644
/dev/klog oot staff 600
/dev/kmem root kmem 640 Image of virtual main memory.
/dev/mbio root staff 600
/dev/mbmem root staff 600
/dev/mem root kmem 640 Image of physical main memory.
/dev/nit root staff 600
/dev/rsd* root operator 640
/dev/rxy* root operator 640
/dev/sd* root operator 640
/dev/vme* root staff 600
/dev/xy* root operator 640

ToTop


Tabelle 3: Werkzeuge, die auf Hauptspeicher-Beschreibungs-Dateien zugreifen

Datei/Verzeichnis Owner Gruppe Zugriffsart
/usr/kvm/ps root kmem 2755
/usr/bin/iostat root kmem 2755
/usr/bin/ipcs root kmem 2755
/usr/bin/mail root staff 4755
/usr/etc/nfsstat root kmem 2755
/usr/etc/pstat root kmem 2755
/usr/ucb/netstat root staff 2755
/usr/ucb/vmstat root kmem 2755
/usr/kvm/w root kmem 2755

ToTop


Tabelle 4: Unterstützte Shells

Datei/Verzeichnis Owner Gruppe Zugriffsart
/etc/shells root staff 644

ToTop


Tabelle 5: Log-Dateien

Datei/Verzeichnis Owner Gruppe Zugriffsart Beschreibung (original)
/etc/syslog.conf root staff 644 Configuration file used to direct syslog messages to files, devices and users. any files specified in /etc/syslog.conf must have the protection described for/usr/spool/mqueue/syslog.
/etc/utmp root staff 666 Information about logged-in users. Must be world-writable.
/usr/adm/acct bin staff 2755 Raw system accounting data directory.
/var/adm/lastlog root staff 644 User login times.
/usr/adm/savacct root staff 644 Reduced system accounting data from /user/adm/acct.
/var/adm/usracct root staff 644 Per-user summary of system accounting data.
/var/adm/wtmp root staff 644 uccessful logins, logouts, shutdowns, and reboots.
/usr/etc/sa root wheel 755 Prints process accounting statistics.
/var/log/syslog and syslog.# root staff 666 Contains private information regarding mail transfers.
/var/adm/messages root wheel 644 Log file for console messages. A different file name may be designated in /etc/syslog.conf.
/usr/adm/acct/fiscal bin staff 2755
/usr/adm/acct/write bin staff 2755
/usr/adm/acct/sum bin staff 2755
/etc/security root wheel 0711 Security directory structure defined by C2conv utility.
/etc/security/audit audit audit 0700 Audit directory
etc/security/audit/{server}/files audit audit 0700 Mount point for audit files from remote machines.

ToTop


Tabelle 6: Gruppen-Datei

Datei/Verzeichnis Owner Gruppe Zugriffsart Beschreibung (original)
/etc/group root staff 664 Information about groups. Write access to this file allows you to place yourself in any group, including system-administration groups.

/etc/group.bak root staff 644 Backup group file created by C2conv. If this file contains encrypted group passwords set the mode to 600 or remove the file.
/etc/group.yp root staff 644 NIS distributed group database/file
/etc/security/group.adjunct root staff 640 Shadow group file.
/usr/include/grpadj.h root staff 444 Describes the format of /etc/security/group.adjunct.

ToTop


Tabelle 7: Netzwerk-Dateien

Datei/Verzeichnis Owner Gruppe Zugriffsart Beschreibung (original)
/etc/exports root staff 644 Local file systems and directories available for NFS support.
/etc/ftpusers root staff 644 List of unauthorized ftp users.
/etc/hosts root staff 644 Information about known hosts on the ... Internet. This file must not be writable by remote hosts.
/etc/hosts.equiv root staff 600 List of remote machines whose users can access the local system without password.
/etc/inetd root staff 755 Internet daemon. Link to /usr/etc/inetd.
/etc/inetd.conf root staff 644 Internet daemon configuration database.
/etc/remote root staff 644 Modem information for tip.
/etc/rexecd root staff 755 Remote execution daemon. Link to /usr/etc/rexecd.
/etc/services root staff 644 List of Internet services.
/etc/X*.hosts root staff 644 Contains server access control list for the workstation's display.
/usr/etc/automount root staff 755 Automatically mounts and unmounts NFS files system.
/usr/etc/in.ftpd root staff 755 Ftp daemon.
/usr/ucb/rcp root staff 4755 Remote copy program copies files between machines.
/usr/ucb/rdist root staff 4755 Remote file distribution program maintains identical copies of files on multiple hosts.
/usr/ucb/rlogin root staff 4755 Connects the terminal to a remote host.
usr/ucb/rsh root staff 4755 Shell for executing commands on remote hosts.
/usr/ucb/tftpd root staff 755 TFTP daemon.
/etc/rlogind bin bin 544 rlogin daemon
/etc/remshd bin bin 544 Remote shell (remsh) daemon

ToTop


Tabelle 8: Crash Dump Dateien

Datei/Verzeichnis Owner Gruppe Zugriffsart Beschreibung
/var/crash root staff 700 Directory for crash dump files.
/var/crash/vmcore.# root staff 700 Dump file for main memory.
/var/crash/vmunix.# root staff 700 Dump file for kernel image.

ToTop


Tabelle 9: Tabelle des Datei-Systems

Datei/Verzeichnis Owner Gruppe Zugriffsart Beschreibung
/etc/fstab root staff 644 Konfiguration des Datei-Systems

ToTop


Tabelle 10: Daten zur Terminal-Initialisierung

Datei/Verzeichnis Owner Gruppe Zugriffsart Beschreibung (original)
/etc/ttytab root staff 644 Terminal port initialization data.
/etc/ttys root staff 444 File derived from the /etc/ttytab and used for backward compatibility. Do not edit this file.

ToTop


Tabelle 11: Terminal-Konfigurations-Datenbank

Datei/Verzeichnis Owner Gruppe Zugriffsart Beschreibung (original)
/etc/gettytab root staff 44 Terminal configuration database.

ToTop


Tabelle 12: Terminal Capability Datenbank

Datei/Verzeichnis Owner Gruppe Zugriffsart Beschreibung
/etc/termcap root staff 644 Terminal capability Datenbank

ToTop


Tabelle 13: Scheduled Administrative Commands

Datei/Verzeichnis Owner Gruppe Zugriffsart Beschreibung (original)
/var/spool/cron/crontabs root staff 2755 Directory for scheduled system administration commands.
/var/spool/cron/crontabs/root root staff 600 Scheduled system administration commands executed by the cron command.

ToTop


Tabelle 14: System-Start Kommando-Prozeduren

Datei/Verzeichnis Owner Gruppe Zugriffsart Beschreibung (original)
/etc/rc root staff 640 Generic startup command script which is often made site specific.
/etc/rc.boot root staff 644 Startup file which sets the machine name and, if coming up in multiuser mode, runs fsck -p.
/etc/rc.local root staff 600 Site-specific startup command script.
/etc/rc.single root staff 755 Script invoked by rc.boot when the / file system is mounted read-only and write access is needed.

ToTop


Tabelle 15: Schutz der Benutzer-Account-Dateien

Datei/Verzeichnis Owner Gruppe Zugriffsart Beschreibung (original)
/etc/passwd root staff 644 Basic user-account information used in conjunction with shadow password file.
/etc/passwd.bak root staff 600 Backup password file created by C2conv with mode 644. Either maintain at mode 600 or remove this file.
/etc/passwd.yp root staff 644 NIS distributed password database/file.
/etc/security/passwd.adjunct root staff 600 Shadow password file.
usr/include/pwdadj.h root staff 444 Description of the format of /etc/security/passwd.adjunct.

ToTop


Tabelle 16: Weitere Dateien im Verzeichnis /usr/etc

Datei/Verzeichnis Owner Gruppe Zugriffsart
/usr/etc/dchek root staff 755
/usr/etc/eeprom root kmem 755
/usr/etc/htable root taff 755
/usr/etc/init root staff 755
/usr/etc/ncheck oot staff 755
/usr/etc/pac root staff 755
usr/etc/zdump root staff 755
/usr/etc/zic root staff 755
/usr/etc/portmap root staff 755
/etc/sendmail.fc root staff 600
/etc/sendmail.cf root staff 644
/etc/sm root staff 755
/etc/sm.bak root staff 755

ToTop


Tabelle 17: Weitere System-Dateien

Datei/Verzeichnis Owner Gruppe Zugriffsart Beschreibung (original)
bin/passwd root staff 755 Change password command.
/usr/lib/preserve root staff 755 Preserves vi backup files.
/usr/lib/recover root staff 755 Recovers vi backup files.
/usr/lib/sendmail root staff 4711 Network mailer program.
/usr/ucb/lprm root staff 6711 Removes jobs from a printer queue.
/vmunix root staff 755 SunOS operating system boot file image.Write protection of this file is critical.
/etc/sm root staff 777 Directory of machines monitored by the statd status monitor.
etc/sm.bak root staff 777 Directory of machines notified of the recovery of the in.statd daemon.

ToTop


Tabelle 18: "wall"-Befehl

Datei/Verzeichnis Owner Gruppe Zugriffsart Beschreibung
/bin/wall root tty 2550 Bildschirm-Meldungen für alle angemeldeten Benutzer.

ToTop


Tabelle 19: "uudecode"-Befehl

Datei/Verzeichnis Owner Gruppe Zugriffsart Beschreibung
/usr/bin/uudecode root staff 111 Entschlüsselt Dateien, die durch /usr/bin/uuencode verschlüsselt wurden


Tabelle 20: "chroot"-Befehl

Datei/Verzeichnis Owner Gruppe Zugriffsart Beschreibung
/usr/etc/chroot root staff 700 Ändert das "root"-Verzeichnis für einen Befehl

ToTop


Tabelle 21: System-Verzeichnisse

Datei/Verzeichnis Owner Gruppe Zugriffsart Beschreibung (original)

root staff 2755 Root of all file systems and home directory of the superuser.
/bin root staff 2755 Single user commands. Link to /usr/bin.
/etc bin staff 2755 System management commands.
/etc/sm root staff 2777 Status daemon statd and lock daemon lockd files.
/etc/sm.bak root staff 2777 Status daemon statd and lock daemon lockd files.
/etc/security root staff 2711 C2 security file.
/usr root wheel 755 A file system hierarchy.
/usr/adm oder var/adm root wheel 755 Administrative information.
/usr/bin root staff 2755 Additional user commands.
/usr/etc bin staff 2755 More system management commands.
/usr/kits/[prodnnn]/bin und /usr/kits/[prodnnn]/lib root staff 755 Recommended directories for layered product commands.
/usr/kvm bin staff 2755 Directory for kernel VM library functions.
/usr/lib bin bin 2755 Many system executables, such as the compiler and system libraries.
/usr/local bin staff 2755 Commands with a local origin.
/usr/ucb bin staff 2755 Certain Berkeley extension commands.
/usr/spool bin bin 2755 Directory for communication programs. Link to var/spool.
/usr/sys root staff 755 System files.
/var bin staff 2755 Directory of variable length files.
/vmunix root staff 755 Operating system boot file image. Write protection of this file is critical.

ToTop


Tabelle 22: Temporäre System-Verzeichnisse

Datei/Verzeichnis Owner Gruppe Zugriffsart Beschreibung
/tmp bin staff 3777 World writable directory for temporary files.
/var/tmp bin staff 3777 World writable directory for temporary files.
/usr/tmp bin staff 3777 World writable directory for temporary files.
/usr/var/tmp bin staff 3777 World writable directory for temporary files.

ToTop


Tabelle 23: Empfehlungen zum Datei-Schutz der Benutzer-Umgebungen

Datei/Verzeichnis Owner Gruppe Zugriffsart Beschreibung (original)
. cshrc user's name user's group 640 Environment file for C shell.
. forward user's name user's group 640 Mail forwarding address.Use for temporary forwarding only.Write access allows an attacker to redirect mail or specify that a malicious /tmp program be run upon receipt of mail.
.kshrc user's name user's group 640 Environment file for KornShell.
.login user's name user's group 640 Environment file for csh shell.
.logout user's name user's group 640 Environment file for csh shell.
.mailrc user's name user's group 640 Environment file for mail.
.netrc user's name user's group 600 Information used for ftp auto-login.
.plan user's name user's group 644 Message displayed by the finger command.
.profile user's name user's group 640 Environment file for the sh, sh5, ksh shells.
.project user's name user's group 644 Message text displayed by the finger command. See related guideline in Section 2.2.3.4.
.rhosts user's name user's group 600 Remote users who can access the local account without a password.
. sunview user's name user's group 640 Environment file for the Sunview window environment.
Xauthority user's name user's group 640 Access control list for the workstation display.
Xdefaults user's name user's group 640 Xwindows default file.
.X11startup user's name user's group 640 Workstation startup file.
.Xinitrc user's name user's group 640
.wastebasket user's name user's group 640
.* user's name user's group 640 All other files in the user's directory.

ToTop


Tabelle 24: Mail-Dateien des Benutzers

Datei/Verzeichnis Owner Gruppe Zugriffsart Beschreibung (original)
/usr/spool/mail/ [username] or /var/spool/mail/ username] [user] staff 600 User mail file.
/usr/spool/mail or /var/spool/mail root staff 377 Directory of user mail files.
/var/spool/secretmail bin bin 3777 Secret mail directory.

ToTop


Tabelle 25: Datei der Mail-Alias-Namen

Datei/Verzeichnis Owner Gruppe Zugriffsart Beschreibung (original)
/etc/aliases root staff 644 Mail aliases file.
/etc/aliases.dir root staff 664 Along with aliases.pag, this file is the actual binary implementation of /etc/aliases. Link to /usr/lib/aliases.dir.
/etc/aliases.pag oot staff 664 Along with aliases.dir this file is the actual binary implementation of /usr/lib/aliases.
/var/yp/src/ mail.aliases root staff 755 Source file for send mail/NIS mapping. Link to /etc/aliases.

ToTop


Tabelle 26 : ftp Verzeichnisse

Directory Owner Group Mode Description (original)
~ftp ftp ftp 555 Home directory for anonymous ftp.
~ftp/bin root ser 111 Directory for the ls command.
~ftp/etc root user 111 Directory for the ftp group and passwd files.
~ftp/pub ftp ftp 1775 Public directory for files accessible to anonymous ftp users.

ToTop


Tabelle 27 : ftp Dateien

File Owner Group Mode Description (original)
~ftp/bin/ls ftp staff 555 Supports the ftp list commands.
~ftp/etc/group root staff 444 Group file for ftp account.
~ftp/etc/passwd root staff 444 Password file for ftp account.

ToTop


Tabelle 28: Schutz der Dateien für die Batch-Verarbeitung

Datei/Verzeichnis Owner Gruppe Zugriffsart Beschreibung (original)
/var/spool/cron/at.deny root staff 644 Users denied use of the at batch commands.
/var/spool/cron/at.allow root staff 644 Users allowed use of the at batch command.
/var/spool/cron/crontabs/[username] root staff 400 Commands executed by root on behalf of the specified user.
/var/spool/cron/cron.allow root staff 644 List of users allowed to use cron. If this file does not exist, cron checks cron.deny.
/var/spool/cron/cron.deny root staff 644 List of users denied use of cron. If this file is empty and cron.allow does not exist, any user can use cron. If neither cron.allow or cron.deny exist, only superusers can use cron.

ToTop


Zurück zu den Unix-Systemen.

Stand 05.03.1998