Installation guide
Chapter 4. Qualification Provisions Protogate Freeway Requirements Specification (SRS)
Section Requirement
Name
Qualification
Method
Notes
Section 3.8.6 GEN000560 -
Password
Protect Enabled
Accounts
Check Login to the Freeway, su - shell to become a root-level user,
and execute the command awk -F’:’ ’{ if ( $2 == NULL
) print $0; }’ < /etc/master.passwd to verify that there
are no users with empty passwords. See the Freeway User’s Guide
- DC-900-1333 and Freeway Security Features User’s Guide
(SFUG) - DC-908-3004 documents for details about user
accounts.
Section 3.8.7 GEN001060 -
Log Root
Access
Attempts
Check Login to the Freeway, su - shell to become a root-level user,
then execute the command tail -f /var/log/all.log, then
on another login shell execute the command su - shell, and
verify that a log entry for that appears in the file being displayed in
the first shell. See the Freeway User’s Guide - DC-900-1333 and
Freeway Security Features User’s Guide (SFUG) - DC-908-3004
documents for details about user accounts.
Section 3.8.8 GEN001100 -
Encrypting Root
Access
Check Login to the Freeway, su - shell to become a root-level user,
then execute the command last | grep "^\(root\|shell\)
" | egrep -v "ttyu" | more; to verify that root has not
logged in over the network, and then the command ps -axww
|grep sshd to verify that the sshd daemon is running. See the
Freeway User’s Guide - DC-900-1333 and Freeway Security
Features User’s Guide (SFUG) - DC-908-3004 documents for
details about user accounts.
Section 3.8.9 GEN001120 -
Direct Root
Access
Check Login to the Freeway, su - shell to become a root-level user,
then execute the command find / -name sshd_config
-print ; grep -v "^#" /tmp/etc/ssh/sshd_config
|grep -i permitrootlogin to verify that there is no
"permitrootlogin yes" line, and therefore that root is not permitted
to login directly across the network. See the Freeway User’s Guide
- DC-900-1333 and Freeway Security Features User’s Guide
(SFUG) - DC-908-3004 documents for details about user
accounts.
Section 3.8.10 GEN001640 -
Run Control
Scripts World
Writable
Programs or
Scripts
Check Login to the Freeway, su - shell to become a root-level user,
then execute the command ls -l /tmp/boot/rc
*
; ls -l
/tmp/
*
sh, to verify that none are world- or other- writeable. See
the Freeway User’s Guide - DC-900-1333 and Freeway Security
Features User’s Guide (SFUG) - DC-908-3004 documents for
details about user accounts.
Section 3.8.11 GEN002040 -
Access Control
Files
Documentation
Check Login to the Freeway, su - shell to become a root-level user,
then execute the command find / -name .rhosts ; find /
-name .shosts ; find / -name hosts.equiv ; find /
-name shosts.equiv, to verify that none of those files exist.
See the Freeway User’s Guide - DC-900-1333 and Freeway
Security Features User’s Guide (SFUG) - DC-908-3004
documents for details about user accounts.
26 Protogate DC-900-2021A