DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH PRINT BOOK
 
Tunable parameters

Security parameters

Audit parameters

Parameter Dflt Min Max
ADT_BSIZE 20480 10240 20480
ADT_LWP_BSIZE 256 256 20480
ADT_NBUF 2 0 5
ADT_NLVLS 4 1 4


ADT_BSIZE
This parameter controls the size, in bytes, of an audit buffer. A large audit buffer can improve system performance by allowing you to store more data in main memory and to reduce the number of disk writes. However, an overly large audit buffer can use space required for other data structures and, therefore, reduce performance.

ADT_LWP_BSIZE
This parameter controls the size of the buffer allocated for each lightweight process (LWP). Events generated by a particular LWP are placed in its own buffer, and this buffer is dumped into an audit buffer when it is full.

ADT_NBUF
This parameter controls the number of audit buffers available on the system.

ADT_NLVLS
This parameter controls the number of individual security levels that can be set for object level auditing. It is useful only when the Mandatory Access Control (MAC) feature is installed. If you want to audit more than four levels, you must change the value of this parameter.

Console security parameters

Parameter Dflt Min Max
CONSOLE_SECURITY 1 0 3A


CONSOLE_SECURITY
Bit mask value that determines the hot key sequences allowed on the console keyboard. Each bit corresponds to a hot key sequence. A value of ``0'' indicates that all sequences are disallowed. Bit 0 corresponds to the reboot key sequence. Bit 1 corresponds to the panic key sequence. The default value is ``1''.

General security parameters

Parameter Dflt Min Max
MAXACL 100 10 250
URETADDR_CHECK 0 0 2


MAXACL
Maximum number of ACL (Access Control List) entries per file or ipc object.

URETADDR_CHECK
Enables and disables buffer overflow attack checks in the kernel. By default, URETADDR_CHECK has a value of 0, which disables buffer overflow checks. If URETADDR_CHECK has a value of 1, a security message is logged to /var/adm/log/osmlog if a system call is issued from a memory area previously used as a stack by the calling process. A value of 2 will additionally cause the calling process to be terminated after having dumped core, whenever that is possible. The calling process must be a child of a process executing the bock command (see bock(1M)).

SUM privilege parameters

Parameter Dflt Min Max
PRIVID 0 0 60002


PRIVID
This is the ID of the privileged user, checked when propagating privileges. This parameter should not be modified.
Next topic: STREAMS parameters
Previous topic: Processor cache affinity parameters

© 2004 The SCO Group, Inc. All rights reserved.
UnixWare 7 Release 7.1.4 - 22 April 2004