User`s guide
Chapter 6. Hardening a Freeway Protogate Freeway Security Features User’s Guide (SFUG)
cp -p /ro/etc/ssh/sshd_config /etc/ssh/
# sample banner
echo "WARNING WARNING WARNING" > /ro/etc/motd
echo "" >> /ro/etc/motd
echo " You are accessing an information system that" >> /ro/etc/motd
echo " is for authorized users only. If you are not" >> /ro/etc/motd
echo " authorized, log off now." >> /ro/etc/motd
echo "" >> /ro/etc/motd
echo "WARNING WARNING WARNING" >> /ro/etc/motd
if [ -f /read_only_mounts ]; then
mount -u -o ro / 2>/dev/null
fi
/bin/kill -HUP ‘head -1 /var/run/sshd.pid‘
fi
6.4. NTP (Network Time Protocol)
Figure 6-4 shows one way of setting up NTP on a Freeway.
Figure 6-4. Enabling NTP
export NTP_SERVER=192.168.1.1
export NTP_SERVERB=192.168.1.2
## to synchronize with an NTP (Network Time Protocol) timeserver at powerup
if [ -n "${NTP_SERVER}" ] ; then
## /usr/bin2/ntpdate ${NTP_SERVER}
## to create an NTP configuration file
echo "server ${NTP_SERVER} prefer" > /tmp/ntp.conf
if [ -n "${NTP_SERVERB}" ] ; then
echo "server ${NTP_SERVERB}" >> /tmp/ntp.conf
fi
echo "driftfile /var/run/ntpd.driftfile" >> /tmp/ntp.conf
## to start an ntpd daemon (see "man ntpd" for details)
/usr/bin2/ntpd -g -p /tmp/ntpd.pid -c /tmp/ntp.conf
fi
6.5. SNMP (Simple Network Management Protocol)
SNMP (Simple Network Management Protocol) can serve as a useful way of checking a Freeway server across the
network, but if you don’t use it, it should be disabled.
Figure 6-5 shows how to disable SNMP.
20 Protogate DC-908-3004A