Xerox 100 補足マニュアル
Security Guide
5
Enable and disable services
The following tables provide a list of the services that can be
enabled and disabled from the Xerox FreeFlow Print Server
“Setup > Security Profiles” menu options.
enabled and disabled from the Xerox FreeFlow Print Server
“Setup > Security Profiles” menu options.
NOTE: Services list may vary, depending on the product.
Table 2-2
“System” tab
System Service
Description
Allow_host.equiv_plus
Background: The /etc/hosts.equiv and /.rhosts files provide the remote
authentication database for rlogin, rsh, rcp, and rexec. The files
specify remote hosts and users that are considered to be trusted.
Trusted users are allowed to access the local system without
supplying a password. These files can be removed or modified to
enhance security. The Xerox FreeFlow Print Server is provided with
both of these files deleted entirely. The setting All_host.equiv_plus is
set to disabled, then anytime that security settings are applied, the +
will be removed from host.equiv. IMPORTANT NOTE: Removing the +
from the hosts.equiv file will prevent the use of the Xerox command
line client print from remote clients. An alternative would be to remove
the + and add the name of each trusted host that requires this
functionality. Leaving the + will allow a user from any remote host to
access the system with the same username
authentication database for rlogin, rsh, rcp, and rexec. The files
specify remote hosts and users that are considered to be trusted.
Trusted users are allowed to access the local system without
supplying a password. These files can be removed or modified to
enhance security. The Xerox FreeFlow Print Server is provided with
both of these files deleted entirely. The setting All_host.equiv_plus is
set to disabled, then anytime that security settings are applied, the +
will be removed from host.equiv. IMPORTANT NOTE: Removing the +
from the hosts.equiv file will prevent the use of the Xerox command
line client print from remote clients. An alternative would be to remove
the + and add the name of each trusted host that requires this
functionality. Leaving the + will allow a user from any remote host to
access the system with the same username
Anonymous FTP
BSM
Enable or disable the Basic Security Module (BSM) on Solaris
Executable Stacks
Some security exploits take advantage of the Solaris OE kernel
executable system stack to attack the system. Some of these exploits
can be avoided by making the system stack non-executable. The
following lines are added to /etc/system/fP file:set
noexec_user_stack=1set noexec_user_stack_log=1
executable system stack to attack the system. Some of these exploits
can be avoided by making the system stack non-executable. The
following lines are added to /etc/system/fP file:set
noexec_user_stack=1set noexec_user_stack_log=1
Hide Info Banners
Multicast Routing
Remote CDE Logins
Deny all remote access (direct/broadcast) to the X server running on
the Xerox FreeFlow Print Server by installing an appropriate /etc/dt/
config/Xaccess file.
the Xerox FreeFlow Print Server by installing an appropriate /etc/dt/
config/Xaccess file.
Restrict DFS tab
Restrict NFS Portmon
Router
Disable router mode by creating an empty the empty file: /etc/
notrouter.
notrouter.
Secure File
Permissions
Permissions