6.1 Tru64 UNIX Security

This chapter describes several important aspects of Tru64 UNIX system security. As a system administrator, you are responsible for the overall security of your system, which includes both physical system security and Tru64 UNIX operating system security. By default, Tru64 UNIX is installed with a minimal security configuration, which may be sufficient for a noncritical, single-user workstation. For a system that supports a mission-critical application or is connected to the Internet, however, the default minimal security configuration may be inadequate. The purpose of this chapter is to address ways to improve system security with the goal of a more secure Tru64 UNIX system. The following topics will be covered:

• Physical security

• Resetting passwords

• Login controls

• The trusted host facility

• Enhanced security

• Auditing

• Access control lists

• Division of privileges

Prior to beginning our discussion, it is important to understand the history and implications of implementing security on a UNIX system. UNIX was originally developed in a research environment with little thought given to security. Scientists at Bell Labs created UNIX for their own use, and such facilities as passwords and file permissions were avoided. This was the origin of the belief that UNIX is an inherently insecure operating system. UNIX can be configured to be completely insecure, of course, but so can any other computer operating system. Conversely, most modern implementations of UNIX, including Tru64 UNIX, provide facilities and tools to secure the system as tightly as necessary.

6.2 Physical Security

The issue of physical security should...