⟦62280bfcb⟧

TextFile

.bp
.if e \{\
	\&
.	bp
.\}
.SH
APPENDIX A \- SECURITY CHECKLIST
.PP
This checklist summarizes the information presented in this paper,
and can be used to verify that you have implemented everything
described.
.sp .5i
.ta 1.0i
.in .5i
.nf
.ti -.5i
.B "Account Security"
\(sq	Password policy developed and distributed to all users
\(sq	All passwords checked against obvious choices
\(sq	Expiration dates on all accounts
\(sq	No ``idle'' guest accounts
\(sq	All accounts have passwords or ``*'' in the password field
\(sq	No group accounts
\(sq	``+'' lines in \fIpasswd\fP and \fIgroup\fP checked if running Yellow Pages
.sp
.ti -.5i
.B "Network Security"
\(sq	\fIhosts.equiv\fP contains only local hosts, and no ``+''
\(sq	No \fI\&.rhosts\fP files in users' home directories
\(sq	Only local hosts in ``root'' \fI\&.rhosts\fP file, if any
\(sq	Only ``console'' labeled as ``secure'' in \fIttytab\fP (servers only)
\(sq	No terminals labeled as ``secure'' in \fIttytab\fP (clients only)
\(sq	No \s-1NFS\s0 file systems exported to the world
\(sq	\fIftpd\fP version later than December, 1988
\(sq	No ``decode'' alias in the aliases file
\(sq	No ``wizard'' password in \fIsendmail.cf\fP
\(sq	No ``debug'' command in \fIsendmail\fP
\(sq	\fIfingerd\fP version later than November 5, 1988
\(sq	Modems and terminal servers handle hangups correctly
.sp
.ti -.5i
.B "File System Security"
\(sq	No setuid or setgid shell scripts
\(sq	Check all ``nonstandard'' setuid and setgid programs for security
\(sq	Setuid bit removed from \fI/usr/etc/restore\fP
\(sq	Sticky bits set on world-writable directories
\(sq	Proper umask value on ``root'' account
\(sq	Proper modes on devices in \fI/dev\fP
.sp
.ti -.5i
.B "Backups"
\(sq	Level 0 dumps at least monthly
\(sq	Incremental dumps at least bi-weekly
.in 0
.bp
DataMuseum.dk

DKUUG/EUUG Conference tapes

⟦62280bfcb⟧ TextFile

Derivation

TextFile
