About This Manual

This manual describes how to use, administer, and write programs for the Digital UNIX® operating system with the optional enhanced security subsets installed. It also provides information about traditional UNIX security.

Audience

Part 1 is directed toward general users. It is not intended for users of secure programs, because such programs typically hide the secure interface after the login has been completed.

Part 2 is directed toward experienced system administrators and is not appropriate for novice administrators. System administrators should be familiar with security concepts and procedures.

Part 3 is intended for programmers who are modifying or creating security-relevant programs (trusted programs) and anyone who modifies or adds to the trusted computing base. You should be familiar with programming in C on UNIX systems.

New and Changed Features

This release of Digital UNIX adds access control lists (ACLs) to improve the security capabilities of the operating system. Chapters in the User, Administration, and Programming sections are added to document this new feature. Several reference pages that document the ACL commands and routines are also available on line. Use the man -k acl command to get a listing of the ACL-specific reference pages.

Object selection and deselection features are added to the audit subsystem. See Section 10.3.2 for more information.

Several authentication programming interfaces are added and changed in this release. The new APIs allow the authentication data structures to be extended. See Section 18.1 for more information.

Organization

The manual is divided into three parts as follows:

Part 1: User's Guide to Security

This part describes the enhanced security features of the Digital UNIX system that relate to the general user. It also includes general information about connecting to other systems and using a windows environment.

Part 2: Administrator's Guide to Security

This part explains concepts that are fundamental to administering a trusted Digital UNIX operating system and describes tools and procedures for administrative tasks. It is both task-oriented and conceptual.

Part 3: Programmer's Guide to Security

This part describes the Digital UNIX security features to those who must modify or add security-relevant programs (trusted programs). It presents guidelines and practices for writing these programs and describes specific Digital UNIX interfaces. This part also describes the use of the Digital UNIX security facilities: system calls, libraries, and databases.

This manual has 21 chapters, 5 appendixes, a glossary, and an index:

Chapter 1: Introduces the enhanced security features of the Digital UNIX system from a user's point of view and defines the areas in which trusted Digital UNIX expands the traditional UNIX system for security.

Chapter 2: Describes how to log in to the system and change passwords. It also discusses some common problems associated with passwords and logging in and how to avoid them.

Chapter 3: Discusses the security risks and security procedures for logging into remote systems. Protecting files from remote copies is also discussed.

Chapter 4: Discusses the DECwindows Motif features that enhance the security of a workstation. This chapter does not explain how to use DECwindows.

Chapter 5: Describes the ACL (access control lists) features of system and how users can most effectively use them.

Chapter 6: Defines a trusted system and security concepts fundamental to system security. It also summarizes the trusted administrative roles, protected subsystems, and security databases.

Chapter 7: Describes how to set up the security databases and parameters for system operation and how to customize the system for your own site.

Chapter 8: Describes how to create and modify secure terminals.

Chapter 9: Describes how to use the Account Manager (or the DECwindows dxaccounts) programs to create and maintain accounts. It also describes the authentication subsystem and centralized account management.

Chapter 10: Describes the audit subsystem and how it is configured and maintained. Summarizes audit record formats and presents guidelines for effective and high-performance audit administration. This chapter also summarizes the formats of the records written to the audit trail by the audit subsystem.

Chapter 11: Describes the installation and administration of the ACLs (access control lists) feature.

Chapter 12: Describes the operations that check for system and database integrity.

Chapter 13: Describes the Security Integration Architecture (SIA) and the associated matrix.conf files. The installation and deletion of layered security products is also discussed.

Chapter 14: Lists problems that can occur during system operation and suggests resolutions.

Chapter 15: Describes the approach to examples used throughout this part and provides information about the trusted computing base.

Chapter 16: Provides specific techniques for designing trusted programs, such as whether the program is to be a directly executed command or a daemon.

Chapter 17: Describes the structure of the authentication database and the techniques for querying it.

Chapter 18: Presents the various user and group identities of the Digital UNIX operating system and how you should use them, particularly the audit ID that is not a part of traditional UNIX systems. It also describes the contents of the protected password database.

Chapter 19: Presents guidelines for when trusted programs should make entries in the audit logs and the mechanisms for doing so.

Chapter 20: Documents the Security Integration Architecture (SIA) programming interfaces.

Chapter 21: This chapter provides the programmer with the information needed to use ACLs (access control lists) in applications that run on Digital UNIX.

Appendix A: Lists the files provided in the system's trusted computing base (TCB).

Appendix B: Contains the default auditable events (/etc/sec/audit_events) and the default audit-event aliases (/etc/sec/event_aliases) files.

Appendix C: Explains the issues encountered when moving applications and accounts from ULTRIX systems to Digital UNIX systems.

Appendix D: Provides the programmer with extended coding examples for trusted Digital UNIX systems.

Appendix E: Explains the naming convention used to keep Digital UNIX compliant with ANSI C.

Reader's Comments

Digital welcomes any comments and suggestions you have on this and other Digital UNIX manuals.

You can send your comments in the following ways:

Fax: 603-881-0120 Attn: UEG Publications, ZK03-3/Y32
Internet electronic mail: readers_comment@zk3.dec.com
A Reader's Comment form is located on your system in the following location:
```
/usr/doc/readers_comment.txt
```
Mail:
Digital Equipment Corporation
UEG Publications Manager
ZK03-3/Y32
110 Spit Brook Road
Nashua, NH 03062-9987
A Reader's Comment form is located in the back of each printed manual. The form is postage paid if you mail it in the United States.

Please include the following information along with your comments:

The full title of the book and the order number. (The order number is printed on the title page of this book and on its back cover.)
The section numbers and page numbers of the information on which you are commenting.
The version of Digital UNIX that you are using.
If known, the type of processor that is running the Digital UNIX software.

The Digital UNIX Publications group cannot respond to system problems or technical support inquiries. Please address technical questions to your local system vendor or to the appropriate Digital technical support office. Information provided with the software media explains how to send problem reports to Digital.

Conventions

This document uses the following typographic conventions:

%
$ A percent sign represents the C shell system prompt. A dollar sign represents the system prompt for the Bourne and Korn shells.

# A number sign represents the superuser prompt.

% cat Boldface type in interactive examples indicates typed user input.

file Italic (slanted) type indicates variable values, placeholders, and function argument names.

[ | ]
{ | } In syntax definitions, brackets indicate items that are optional and braces indicate items that are required. Vertical bars separating items inside brackets or braces indicate that you choose one item from among those listed.

. . . In syntax definitions, a horizontal ellipsis indicates that the preceding item can be repeated one or more times.

cat(1) A cross-reference to a reference page includes the appropriate section number in parentheses. For example, cat(1) indicates that you can find information on the cat command in Section 1 of the reference pages.

[Return] In an example, a key name enclosed in a box indicates that you press that key.

Ctrl/x This symbol indicates that you hold down the first named key while pressing the key or mouse button that follows the slash. In examples, this key combination is enclosed in a box (for example, [Ctrl/C]).

Alt x Multiple key or mouse button names separated by spaces indicate that you press and release each in sequence. In examples, each key in the sequence is enclosed in a box (for example, [Alt] [Q]).

Menu->Option->
Submenu Option The right arrow indicates an abbreviated instruction for choosing a menu option or submenu option. The following example means pulldown the Modify menu, move the pointer to pull down the Image submenu, and choose the Clear option:
Choose Modify->Image->Clear

Audience	Icon	Color Code
General users	G	Blue
System and network administrators	S	Red
Programmers	P	Purple
Device driver writers	D	Orange
Reference page users	R	Green