“About This Guide” includes brief descriptions of the contents of this guide and an explanation of typographical conventions used, and refers you to additional sources of information you might find helpful.
This guide is written for system and network administrators responsible for IRIX backups, security, or accounting. If you are responsible for your personal workstation only, refer to the Personal System Administrator's Guide first for this information.
IRIX Admin: Backup, Security, and Accounting documents data backup and recovery, host and network security, and host resource auditing and accounting for IRIX computer sites. It contains the following chapters:
Part I of this guide comprises three chapters on the following backup and recovery topics:
Chapter 1, “Planning a Backup Strategy”—discusses types of backup media, tools available, and ideas on implementing a backup strategy.
Chapter 2, “Backup and Recovery Procedures”—provides detailed information on each of the backup tools available and gives examples of their use.
Chapter 3, “Troubleshooting Backup and Recovery”—provides information on types of backup errors, and explains some common error messages.
Part II of this guide covers system and network security and contains two chapters:
Chapter 4, “System Security”—discusses how to implement local system security.
Chapter 5, “Network Security”—discusses how to implement local area network security and network firewalls.
Part III of this guide covers system accounting and auditing and contains the following two chapters:
Chapter 6, “Administering the System Audit Trail”—describes how to audit all events on an IRIX system.
Chapter 7, “System Accounting”—describes how to track system usage.
These type conventions and symbols are used in this guide:
| Bold | Keywords and literal command-line arguments (options/flags). | |
| Italics | Backus-Naur Form entries, command monitor commands, executable names, filenames, IRIX commands, manual/book titles, new terms, onscreen button names, tools, utilities, variable command-line arguments, and variables to be supplied by the user in examples, code, and syntax statements | |
| Fixed-width type |
| |
| Bold fixed-width type |
| |
| ALL CAPS | Environment variables. | |
| “” | (Double quotation marks) Onscreen menu items and references in text to document section titles | |
| () | (Parentheses) Following IRIX commands—surround reference page (man page) section number | |
| [] | (Brackets) Surrounding optional syntax statement arguments | |
| <> | (Angle brackets) Surrounding nonprinting keyboard keys, for example, <Esc>, <Ctrl-D> | |
| # | IRIX shell prompt for the superuser (root) | |
| % | IRIX shell prompt for users other than superuser | |
| >> | Command Monitor prompt |
You will probably use the parts of this document separately.
If you are responsible for backups, refer to Part I. Read Chapter 1 if you have yet to implement a backup policy, Chapter 2 to learn details on the use of a particular backup tool, and Chapter 3 if you are having trouble with backups.
If you are responsible for security, read Part II, Chapter 4 for details on configuring IRIX host security, and Chapter 5 if you are responsible for network security as well.
If you are responsible for system auditing, read Part III, Chapter 6.
If you are responsible for monitoring system usage, read Part III, Chapter 7.
The following the books, and network and product resources are available to help you establish system and network security.
The following books provide additional information on system and network security.
Steven Bellovin and William Cheswick. Firewalls and Internet Security. Addison-Wesley. ISBN 0-201-63357-4, 1994.
Douglas Comer. Internetworking with TCP/IP. Prentice-Hall, Inc. ISBN 0-13-468505-9, second edition, 1991
David A. Curry. UNIX System Security. Addison-Wesley. ISBN 0-201-56327-4, 1992.
Simson Garfinkle and Eugene Spafford. Practical UNIX Security. O-Reilly & Associates, Inc. ISBN 0-937175-72-2, 1991.
Various resources addressing security are provided on the Internet itself. Pointers (URLs) are provided here rather than including the information in full, as the material is frequently updated.
Internet resources relating to system security include answers to frequently asked questions (FAQs) from various newsgroups; documents concerning the history, practice, and theory of security; bulletins on new security issues; interactive mailing lists discussing security issues, and so on. Listed below are pointers to some of these resources.
Here are some URLs (universal resource locators) that can connect you to information to various sources of security information on the World Wide Web (WWW):
http://www.sgi.com/—Silicon Surf. A good starting point for finding information and products available for Silicon Graphics platforms.
ftp://sgi.sgigate.com:~ftp/security—Security patches for Silicon Graphics products.
ftp://ftp.uni-paderborn.de/doc/FAQ/comp.security.unix/—General UNIX security FAQs.
http://www.alw.nih.gov/Security/—Links to a wide variety of security-related resources.
http://www.telstra.com.au/info/security.html—Many links to general network security information including security-related mailing lists.
http://www.sei.cmu.edu/SEI/programs/cert.html—The Computer Emergency Response Team (CERT) Coordination Center was established by the Advanced Research Projects Agency to coordinate information regarding security threats for Internet users.
http://ciac.llnl.gov/—The U.S. Department of Energy Computer Incident Advisory Capability page has links to advisory bulletins, mailing lists, documents, and more.
ftp://ftp.tis.com/pub/firewalls/faq.current—Firewall FAQ. Frequently asked questions and answers concerning firewalls.
ftp://ftp.uni-paderborn.de/doc/FAQ/comp.security.unix/—General UNIX security FAQ.
http://www.alw.nih.gov/Security—Links to a wide variety of security-related resources including multiple FAQs.
http://www-ns.rutgers.edu/www-security/index.html—A home page for security issues related to the World Wide Web.
http://neptune.tis.com/Home/NetworkSecurity/Toolkit.html
A toolkit for network security including source code for proxies.
ftp://ftp.nec.com/pub/security/socks.cstc/
Where to begin for looking into SOCKS proxies. A FAQ, the proxies, and other information are accessible from this URL.
Note that URLs change and some of these may already be out of date. Use a good WWW search tool and search for various key words such as “security,” “network security,” and “firewall” to find others.
Here are some news groups you can subscribe to that can help you keep up-to-date on security issues:
comp.security.unix—General discussion of UNIX-related security issues.
comp.security.announce—Announcements regarding security-related products and services.
comp.sys.sgi.admin—Discussion of administration issues for users of Silicon Graphics products.
comp.sys.sgi.announce—Announcements of new products and services of interest to the users of Silicon Graphics products.
comp.security.firewalls—General discussion of network firewall issues for all platforms.
Contact your Silicon Graphics sales representative for information on the Gauntlet™ for IRIX and other security-related products. Silicon Graphics also has Netscape™ products, which support secure Internet access through encrypting and proxying servers.
Some additional products that are available are mentioned below, but note that mention here does not imply any endorsement by Silicon Graphics, and configuration and support of these products is either supplied by their vendors or by you.
http://neptune.tis.com/Home/NetworkSecurity/Toolkit.html
A toolkit for network security including source code for proxies.
ftp://ftp.nec.com/pub/security/socks.cstc/
Where to begin for looking into SOCKS proxies. A FAQ, the proxies, and other information are accessible from this URL.
The issues can be complex and confusing when trying to find the best way to connect to the Internet. Look at the Welcome page for the WebFORCE™ Netscape Navigator™ for the local link Connecting to the Internet, which provides basic information and pointers to help you if you have yet to establish an Internet connection.