Installation guide
Chapter 4. Qualification Provisions Protogate Freeway Requirements Specification (SRS)
Section Requirement
Name
Qualification
Method
Notes
Section 3.8.17 GEN002800 -
Audit Login,
Logout, and
Session
Initiation
Check Login to the Freeway, su - shell to become a root-level user,
then execute the command grep flags
/etc/security/audit_control to verify that either ’lo’ or
’+lo’ and ’-lo’ are listed on the "flags" and "naflags" lines of
/etc/security/audit_control. See the Freeway User’s
Guide - DC-900-1333 and Freeway Security Features User’s
Guide (SFUG) - DC-908-3004 documents for details about the
Freeway auditing.
Section 3.8.18 GEN002820 -
Audit
Discretionary
Access Control
Permission
Modifications
Check Login to the Freeway, su - shell to become a root-level user,
then execute the command grep flags
/etc/security/audit_control and more
/etc/security/audit_user, to verify that either ’fm’ or
’+fm’ and ’-fm’ are listed on the "flags" line of
/etc/security/audit_control or before the second ":" for
all users other than the root or shell user, in
/etc/security/audit_user. See the Freeway User’s Guide -
DC-900-1333 and Freeway Security Features User’s Guide
(SFUG) - DC-908-3004 documents for details about the Freeway
auditing.
Section 3.8.19 GEN002860 -
Audit Logs
Rotation
Check Login to the Freeway, su - shell to become a root-level user,
then execute the command cat /etc/crontab and cat
/etc/security/audit_warn, to find scripts or "closefile"
commands which rotate audit log files to long-term storage. See
the Freeway User’s Guide - DC-900-1333 and Freeway Security
Features User’s Guide (SFUG) - DC-908-3004 documents for
details about the Freeway auditing.
Section 3.8.20 GEN003820 -
Remote Login
or Shell is
Enabled
Check Login to the Freeway, su - shell to become a root-level user,
then execute the command grep -v "^#" /etc/inetd.conf
|grep rlogind ; grep -v "^#" /etc/inetd.conf
|grep rshd to find any lines which enable the rlogind or rshd
daemons, to verify that neither rlogind nor rshd are enabled.
See the Freeway User’s Guide - DC-900-1333 and Freeway
Security Features User’s Guide (SFUG) - DC-908-3004
documents for details about telnet and rlogin access to a Freeway.
Section 3.8.21 GEN003840 -
rexec Service is
Enabled
Check Login to the Freeway, su - shell to become a root-level user,
then execute the command grep -v "^#" /etc/inetd.conf
|grep rexec to find any lines which enable the rexec daemon,
to verify that rexec is not enabled. See the Freeway User’s Guide
- DC-900-1333 and Freeway Security Features User’s Guide
(SFUG) - DC-908-3004 documents for details about telnet and
rlogin access to a Freeway.
Section 3.8.22 GEN004220 -
Root Account’s
Browser
Check Login to the Freeway, su - shell to become a root-level user,
then execute the command ls -la /root, to find any browser
configuration files for the root user, to verify that none exist.
28 Protogate DC-900-2021A