Installation guide
Chapter 3. Requirements Protogate Freeway Requirements Specification (SRS)
Notes If a user accesses the root account (or any account) using an unencrypted connection, the
password is passed over the network in clear text form and is subject to interception and
misuse. This is true even if recommended procedures are followed by logging on to a named
account and using the su command to access root.
3.8.9. GEN001120 - Direct Root Access
Summary The system must not permit root logins using remote access programs, such as SSH.
Notes Even though communications are encrypted, an additional layer of security may be gained by
extending the policy of not logging directly on as root. In addition, logging in with a
user-specific account preserves the audit trail.
3.8.10. GEN001640 - Run Control Scripts World Writable Programs
or Scripts
Summary Run control scripts must not execute world-writable programs or scripts.
Notes World-writable files could be modified accidentally or maliciously to compromise system
integrity.
3.8.11. GEN002040 - Access Control Files Documentation
Summary There must be no .rhosts, .shosts, hosts.equiv, or shosts.equiv files on the system.
Notes The .rhosts, .shosts, hosts.equiv, and shosts.equiv files are used to configure host-based
authentication for individual users or the system. Host-based authentication is not sufficient
for preventing unauthorized access to the system.
3.8.12. GEN002680 - Audit Logs Accessibility
Summary System audit logs must be owned by root.
Notes Failure to give ownership of system audit log files to root provides the designated owner and
unauthorized users with the potential to access sensitive information.
16 Protogate DC-900-2021A