File: workstation_configurations.txt

package info (click to toggle)
bastille 1:1.3.0-2.1
  • links: PTS
  • area: main
  • in suites: woody
  • size: 1,576 kB
  • ctags: 397
  • sloc: perl: 8,407; sh: 1,879; ansic: 638; makefile: 203; csh: 17
file content (101 lines) | stat: -rw-r--r-- 3,352 bytes parent folder | download | duplicates (4)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
Workstation configuration in Lax security level:

No firewalling
Disables SUID status to the news server tools and DOSEMU 
Setup password aging -- old unused accounts will be disabled, though the owners
		        will be warned
Password protects single-user mode
Apply limits to any one program/user's resource usage, to block Denial of 
  Service attacks.
Configure additional logging
Deactivates the DHCP Server daemon
Disable the SNMP daemons
Disable the VRFY/EXPN data mining commands in Sendmail
Deactivate DNS server
Deactivate Apache server
Deactivate Apache Server Side Includes (SSI)
Set umask to 022
Set security level to 2
Apply file permission level 2
Restrict "." from the PATH variable
Deactivate telnet
Deactivate ftp
Activate security checks


Workstation configuration in Moderate Security level

Moderate firewalling
Disables SUID status to dump, restore, cardctl, rsh, rlogin and rcp
Disables SUID status to the news server tools and DOSEMU 
Disable rsh/rlogin access to this machine
Setup password aging -- old unused accounts will be disabled, though the owners
		        will be warned
Password protects single-user mode
Apply limits to any one program/user's resource usage, to block Denial of 
  Service attacks.
Configure additional logging
Deactivates the APMd daemon
Disables NFS and Samba
Disables GPM
Deactivates the DHCP Server daemon
Disable the SNMP daemons
Deactivates Sendmail's network listening mode, so this WORKSTATION doesn't
   serve as a mail server
Disable the VRFY/EXPN data mining commands in Sendmail
Deactivate DNS server
Deactivate Apache server
Deactivate Apache Server Side Includes (SSI)
Set umask to 022
Set security level to 3
Apply file permission level 3
Restrict "." from the PATH variable
Deactivate telnet
Deactivate ftp
Disable FTP's anonymous mode capability
Activate security checks
Apply TMPDIR protection


Workstation configuration in Paranoia Security level

Tight firewalling
Disables SUID status to mount, umount, ping, at usernetctl, and traceroute
Disables SUID status to dump, restore, cardctl, rsh, rlogin and rcp
Disables SUID status to the news server tools and DOSEMU 
Disable rsh/rlogin access to this machine
Restrict use to cron to root account
Disable pcmcia startup script
Setup password aging -- old unused accounts will be disabled, though the owners
		        will be warned
Password protects single-user mode
Apply limits to any one program/user's resource usage, to block Denial of 
  Service attacks.
Configure additional logging
Deactivates the APMd daemon
Disables NFS and Samba
Disables GPM
Deactivates the DHCP Server daemon
Disable the SNMP daemons
Deactivates Sendmail's network listening mode, so this WORKSTATION doesn't
   serve as a mail server
Disable the VRFY/EXPN data mining commands in Sendmail
Deactivate DNS server
Deactivate Apache server
Deactivate Apache Server Side Includes (SSI)
Deactivate Apache Server follow-symbolic links behavior
Deactivate Apache Server CGI's
Deactivate all remaining daemons, with the exception of crond, syslog, 
  keytable, network, gpm, xfs and pcmcia
Set umask to 077
Set security level to 4
Apply file permission level 4
Restrict "." from the PATH variable
Deactivate telnet
Deactivate ftp
Disable FTP's anonymous mode capability
Disable FTP's user mode capability
Activate security checks
Apply TMPDIR protection