MacWebHosting Configuration Quidance of Macintosh OS X Mac Hosting

Macintosh OS X Workstation STIG, V1R1

DISA Field Security Operations

15 June 2004

          Developed by DISA for the DOD

(OSX1026GEN0151: CAT II) The SA will ensure that world writable directories are only

allowed if they are public directories, such as /tmp, /var/tmp, or other documented

directories, and have the sticky bit set (Example:  1777).

(OSX1026GEN0152: CAT II) The SA will ensure that all daemons have permissions of 755,

or more restrictive.

(OSX1026GEN0153: CAT II) The SA will ensure that all system log files have permissions of

644, or more restrictive.

(OSX1026GEN0154: CAT II) The SA will ensure that all default/skeleton dot files have

permissions of 744, or more restrictive.

(OSX1026GEN0155: CAT II) The SA will ensure that all NIS/NIS+/yp files will be owned by

root, have a privileged group owner, and have permissions of 755, or more restrictive.

(OSX1026GEN0156: CAT II) The SA will ensure that all manpage files (i.e., files in the man

and cat directories) have permissions of 644, or more restrictive.

(OSX1026GEN0157: CAT II) The SA will ensure that all library files have permissions of

755, or more restrictive.

(OSX1026GEN0158: CAT II) The SA will ensure that all shells have permissions of 755, or

more restrictive.

(OSX1026GEN0159: CAT II) The SA will ensure that all system commands have permissions

of 755, or more restrictive.

(OSX1026GEN0160: CAT II) The SA will ensure that all system files, programs, and

directories are owned by a privileged account (i.e., an account with a uid less than 21).

(OSX1026GEN0161: CAT II) The SA will ensure that all system files, programs, and

directories belong to a privileged group (i.e., gid less than 20).

(OSX1026GEN0162: CAT II) The SA will ensure that root owns the password file.

(OSX1026GEN0163: CAT II) The SA will ensure that root is disabled from within Netinfo

Manager.

(OSX1026GEN0164: CAT II) The SA will ensure that the /etc/passwd file has permissions of

644, or more restrictive.

3.4.1.1  Home Directories

A home directory contains a user's files and exists for that user's exclusive use. The user has

access to all files in, and subordinate to, the directory (or by root in the case of startup or

configuration files).  Home directories should have an initial access permission of 700.  DAC

UNCLASSIFIED





  
    
      

    
    Home
    
    About
    
    Services
    
    Network
    
    Support
    
    FAQ
    
    Order
    
    Contact
    
    
         Mac Web Hosting

    
    
    
      Our partners:Jsp 
      Web Hosting
      Unlimited Web Hosting 
      Cheapest Web Hosting  Java 
      Web Hosting
      Web Templates
      Best Web Templates PHP Mysql Web Hosting
      
      Interland Web Hosting
      Cheap Web Hosting 
      PHP Web Hosting
      Tomcat Web Hosting
      Quality Web Hosting
      Best Web Hosting  Mac 
      Web Hosting  
      

      Lunarwebhost.net  Business web hosting 
      division of Vision Web Hosting Inc. All rights reserved


Home	About	Services	Network	Support	FAQ	Order	Contact
Mac Web Hosting
Our partners:Jsp Web Hosting Unlimited Web Hosting Cheapest Web Hosting Java Web Hosting Web Templates Best Web Templates PHP Mysql Web Hosting Interland Web Hosting Cheap Web Hosting PHP Web Hosting Tomcat Web Hosting Quality Web Hosting Best Web Hosting Mac Web Hosting Lunarwebhost.net Business web hosting division of Vision Web Hosting Inc. All rights reserved