Installation guide
Protogate Freeway Requirements Specification (SRS) Chapter 3. Requirements
3.8.22. GEN004220 - The root Account’s Browser
Summary Administrative accounts must not run a web browser, except as needed for local service
administration.
Notes If a web browser flaw is exploited while running as a privileged user, the entire system could
be compromised. Specific exceptions for local service administration should be documented
in site-defined policy. These exceptions may include HTTP(S)-based tools used for the
administration of the local system, services, or attached devices. Examples of possible
exceptions are HP’s System Management Homepage (SMH), the CUPS administrative
interface, and Sun’s StorageTek Common Array Manager (CAM) when these services are
running on the local system.
3.8.23. GEN004400 - File Executed Through Aliases Accessibility
Summary Files executed through a mail aliases file must be owned by root and must reside within a
directory owned and writable only by root.
Notes If a file executed through a mail aliases file is not owned and writable only by root, it may be
subject to unauthorized modification. Unauthorized modification of files executed through
aliases may allow unauthorized users to attain root privileges.
3.8.24. GEN004580 - .forward Files
Summary The system must not use .forward files.
Notes The .forward file allows users to automatically forward mail to another system. Use of
.forward files could allow the unauthorized forwarding of mail and could potentially create
mail loops which could degrade system performance.
3.8.25. GEN004600 - Sendmail Version
Summary The SMTP service must be an up-to-date version.
Notes The SMTP service version on the system must be current to avoid exposing vulnerabilities
present in unpatched versions.
3.8.26. GEN004620 - Sendmail DEBUG Command
Summary The Sendmail server must have the debug feature disabled.
Protogate DC-900-2021A 19