[ Previous | Next | Table of Contents | Index | Library Home | Legal | Search ]

Commands Reference, Volume 3


lssec Command

Purpose

Lists attributes in the security stanza files.

Syntax

lssec [ -c ] [ -f File ] [ -s Stanza ] [ -a Attribute ... ]

Description

The lssec command lists attributes stored in the security configuration stanza files. The following security configuration files contain attributes that you can specify with the Attribute parameter:

When listing attributes in the /etc/security/environ, /etc/security/lastlog, /etc/security/limits, /etc/security/passwd, and /etc/security/user files, the stanza name specified by the Stanza parameter must be either a valid user name or default. When listing attributes in the /etc/security/group file, the stanza name specified by the Stanza parameter must be either a valid group name or default. When listing attributes in the /usr/lib/security/mkuser.default file, the Stanza parameter must be either admin or user. When listing attributes in the /etc/security/portlog file, the Stanza parameter must be a valid port name. When listing attributes in the /etc/security/login.cfg file, the Stanza parameter must be either a valid port name, a method name, or the usw attribute.

You cannot list the password attribute of the /etc/security/passwd file with the lssec command.

Only the root user or a user with PasswdAdmin authorization can list the lastupdate and flags attributes for administrative users.

Flags


-c Specifies that the output should be in colon-separated format.
-f File Specifies the name of the stanza file to list.
-s Stanza Specifies the name of the stanza to list.
-a Attribute Specifies the attribute to list.

Security

Access Control: This command grants execute access only to the root user and the security group. The command has the trusted computing base attribute and runs the setuid subroutine for the root user to access the security databases.

Files Accessed:

Mode File
r /etc/security/environ
r /etc/security/group
r /etc/security/lastlog
r /etc/security/limits
r /etc/security/login.cfg
r /usr/lib/security/mkuser.default
r /etc/security/passwd
r /etc/security/portlog
r /etc/security/user

Examples

  1. To list the number of unsuccessful login attempts by the root user since the last successful login of the root user, enter:

    lssec -f /etc/security/lastlog -s root -a unsuccessful_login_count
    

    The system displays the result as follows:

    root unsuccessful_login_count=15
    
  2. To list the times that logins are allowed on the /dev/tty2 port, enter:

    lssec -f /etc/security/login.cfg -s /dev/tty2 -a logintimes
    

    The system displays the result as follows:

    /dev/tty0 logintimes=!january1,!july4,!december25
    
  3. To list the default setting for the tpath attribute and the ttys attribute in colon format,
  4. enter:

    lssec -c -f /etc/security/user -s default -a tpath -a ttys
    

    The system displays the result as follows:

    #name:tpath:ttys
    default:nosak:ALL
    

Files


/usr/bin/lssec Specifies the path to the lssec command.
/etc/security/environ Contains the environment attributes of users.
/etc/security/group Contains extended attributes of groups.
/etc/security/lastlog Defines the last login attributes for users.
/etc/security/limits Defines resource quotas and limits for each user.
/etc/security/login.cfg Contains port configuration information.
/usr/lib/security/mkuser.default Contains the defaults values for new users.

Contains password information.
/etc/security/portlog Contains unsuccessful login attempt information for each port.
/etc/security/user Contains the extended attributes of users.

Related Information

The chgroup command, chsec command, chuser command, grpck command, login command, lsgroup command, lsuser command, mkgroup command, mkuser command, passwd command, pwdck command, rmgroup command, rmuser command, su command, usrck command.

The getgroupattr subroutine, getportattr subroutine, getuserattr subroutine, getuserpw subroutine, putgroupattr subroutine, putportattr subroutine, putuserattr subroutine, putuserpw subroutine.

List of Security and Auditing Subroutines in AIX 5L Version 5.1 General Programming Concepts: Writing and Debugging Programs.


[ Previous | Next | Table of Contents | Index | Library Home | Legal | Search ]