Security parameters
Audit parameters
|
Parameter
|
Dflt
|
Min
|
Max
|
|---|
|
ADT_BSIZE
|
20480
|
10240
|
20480
|
|
ADT_LWP_BSIZE
|
256
|
256
|
20480
|
|
ADT_NBUF
|
2
|
0
|
5
|
|
ADT_NLVLS
|
4
|
1
|
4
|
ADT_BSIZE-
This parameter controls the size, in bytes, of an audit buffer.
A large audit buffer can improve system performance by allowing you to
store more data in main memory and to reduce the number of disk writes.
However, an overly large audit buffer can use space required for other
data structures and, therefore, reduce performance.
ADT_LWP_BSIZE-
This parameter controls the size of the buffer allocated for each
lightweight process (LWP).
Events generated by a particular LWP
are placed in its own buffer, and this buffer is dumped into
an audit buffer when it is full.
ADT_NBUF-
This parameter controls the number of audit buffers
available on the system.
ADT_NLVLS-
This parameter controls the number of individual security levels
that can be set for object level auditing.
It is useful only when the Mandatory Access Control (MAC) feature
is installed.
If you want to audit more than four levels, you must
change the value of this parameter.
Console security parameters
|
Parameter
|
Dflt
|
Min
|
Max
|
|---|
|
CONSOLE_SECURITY
|
1
|
0
|
3A
|
CONSOLE_SECURITY-
Bit mask value that determines the hot key sequences
allowed on the console keyboard.
Each bit corresponds to a hot key sequence.
A value of ``0'' indicates that all sequences are disallowed.
Bit 0 corresponds to the reboot key sequence.
Bit 1 corresponds to the panic key sequence.
The default value is ``1''.
General security parameters
|
Parameter
|
Dflt
|
Min
|
Max
|
|---|
|
MAXACL
|
100
|
10
|
250
|
|
URETADDR_CHECK
|
0
|
0
|
2
|
MAXACL-
Maximum number of ACL (Access Control List) entries per
file or ipc object.
URETADDR_CHECK-
Enables and disables buffer overflow attack checks in the kernel.
By default, URETADDR_CHECK has a value of 0, which disables buffer
overflow checks.
If URETADDR_CHECK has a value of 1, a security message is logged to
/var/adm/log/osmlog if a system call is issued from a memory
area previously used as a stack by the calling process.
A value of 2 will additionally cause the calling process to be terminated
after having dumped core, whenever that is possible.
SUM privilege parameters
|
Parameter
|
Dflt
|
Min
|
Max
|
|---|
|
PRIVID
|
0
|
0
|
60002
|
PRIVID-
This is the ID of the privileged user, checked when
propagating privileges.
This parameter should not be modified.
Next topic:
STREAMS parameters
Previous topic:
Processor cache affinity parameters
© 2007 The SCO Group, Inc. All rights reserved.
SCO OpenServer Release 6.0.0 -- 05 June 2007