Refer to the Exhibit. A system administrator needs to minimize a freshly installed Solaris system. After verifying that the correct metacluster is installed, the administrator tries to further minimize the number of installed set-uid binaries. After inspection, the administrator finds a number of printing related binaries, reviewing the relevant contents of the /var/sadm/install/contents file. What is the correct command to remove these set-uid binaries in a supported way?
Refer to the Exhibit. One step in the hardening process is to examine the user accounts and determine what steps need to be taken to tighten access to the system. As part of this process, an administrator executes the command passwd -sa. Which three statements are true about the configured accounts? (Choose three.)
A company has activated auditing on all of their systems. The default destination directory for the audit trail is /var/audit on each system. In the past few weeks, they had problems with one of the systems acting as a print server. A user sent a large print job, which caused /var on the print server to become full. As a result, auditing was no longer working. They changed the /etc/security/audit_control file to include a second destination directory (using the dir: keyword). When will the audit subsystem switch from the first directory to the second configured directory?
Your organization wants to deploy a third party network monitoring tool. A requirement for deploying this tool is that it runs with as few privileges as possible. The tool needs access to /dev/ip which is listed as: crw-rw-rw- 1 root sys 3, 0 Jun 5 09:11 /dev/ip When the tool is run as the unprivileged user monitor, it fails to open /dev/ip. How do you find out what privileges are needed?
Refer to the Exhibit. You notice that the following line has been added to /etc/passwd: admin:x:0:0:Administrator:/:/bin/sh To figure out when this file was changed, you look at the file creation date, but based on that information, the file hasn’t been touched since the system was installed. You look at the audit logs for this system and find the three records that are shown in the Exhibit. What happened?
You have a legacy non-privilege aware program which runs as root to be able to open a privileged port. Now that you have upgraded the system to Solaris 10 you want to take advantage of privileges. You can either run the program as root with fewer privileges, or you can run the program as daemon with additional privileges. Why is it preferred to run the program as daemon with added privileges?
Refer to the Exhibit. What is the significance of
the output generated by the jass-check-sum command?
A web server administrator must configure an Apache 2 web server to start as the user webservd. The web server administrator has been assigned the "Service Operator" rights profile. While attempting to set the SMF service property start/user, the web server administrator receives the following error message:
$ /usr/sbin/svccfg -s svc:/network/http:apache2 svc:/network/http:apache2> setprop start/user = astring: webservd Permission Denied. Why does this error occur?
A security administrator has created these "Restricted Commands" rights profiles in the /etc/security/exec_attr file that will be assigned to a number of application developers: $ grep "^Restricted Commands" /etc/security/exec_attr Restricted Commands:solaris:cmd:::/my/bin/progA:uid=yadm;gid=yadm Restricted Commands:solaris:cmd:::/my/bin/progB:uid=vadm;gid=vadm Restricted Commands:solaris:cmd:::/my/bin/progC:uid=oamd;gid=aadm Restricted Commands:solaris:cmd:::/my/bin/progD:uid=nadm;gid=badm Restricted Commands:solaris:cmd:::/my/bin/progD:uid=nadm;gid=cadm Restricted Commands:solaris:cmd:::/my/bin/progD:uid=eadm;gid=eadm Restricted Commands:solaris:cmd:::/my/bin/progD: As what UID and GID will the command /my/bin/progD run when the command is executed as followed by an application developer who has been assigned the "Restricted Commands" rights profile?
The security group is testing software in a special lab which is configured in the same secure way as the production servers. Some of the tested code might even be malicious. Due to budget restrictions, the available lab systems for these tests have been reduced to only three remaining systems. The system administrator is responsible for quickly reinstalling these systems over and over again. What way is most efficient to reliably accomplish this task?