Các bản vá lỗi Unix là không có khác biệt so với Windows NT trong sự tồn tại của các bản vá để sửa lỗi và các vấn đề an ninh với các phần mềm. Các bản vá lỗi nên được áp dụng trên cơ sở thường xuyên để loại bỏ các lỗ hổng. Một trong những mục cần lưu ý khi tải các bản vá lỗi cho hệ thống Solaris là CN nhiều nơi của các bản vá lỗi trong một cụm bản vá. | 297 Chapter 15 Unix Security Issues Patches Unix is no different than Windows NT in the existence of patches to correct bugs and security issues with software. Patches should be applied on a regular basis to remove these vulnerabilities. One item to note when downloading patches for Solaris systems is that Sun places many of the patches in a patch cluster. However the patch cluster may not include some security patches. These may have to be downloaded individually and installed manually. USER MANAGEMENT As with any type of computer system the management of the user community is critical to the overall security of the system. Your organization should have created a user management procedure that spells out in detail the procedure to follow when an employee requires access to a system see Chapter 5 . The procedure should also spell out the steps to take when an employee leaves the organization. The following sections of this chapter will provide some detailed recommendations for user management on Unix systems. Keep in mind that there are many variations of Unix systems. Tools that are used for user management change from vendor to vendor and from version to version. Adding Users to the System Most Unix versions provide tools for adding users to the system. The key tasks are Adding the user name to the password file Assigning an appropriate user ID number Assigning an appropriate group ID number Defining an appropriate shell for login some users may not get any shell at all Adding the user name to the shadow file Assigning an appropriate initial password Defining an appropriate electronic mail alias Creating a home directory for the user Adding the User Name to the Password File The etc passwd file contains a list of all of the user names belonging to users on the system. Each user should have a unique user name of eight characters or less. For each entry in the password file a real person should be identified as having responsibility for the account. This .