MacWebHosting Configuration Quidance of Macintosh OS X Mac Hosting

Macintosh OS X Workstation STIG, V1R1

DISA Field Security Operations

15 June 2004

          Developed by DISA for the DOD

(OSX1026GEN0060:  CAT II) The SA will ensure that system startup files only execute

programs owned by a privileged uid or an application default.

(OSX1026GEN0061:  CAT II) The SA will ensure that system startup files contain the

command mesg  n, where it is technically feasible.

3.4.2.4  User Files

User files are files owned by a user (except for the possibility of user startup files that may be

owned by root) and maintained by the user in the user's home directory tree.  A user's files will

have an initial access permission of 740 and will never be more permissive than 750 (for group

access).  All files in a user's directory will be owned by the user with the possible exception of

startup files that may be owned by root.

(OSX1026GEN0063:  CAT II) The user, application developers and the SA will ensure that

regular files (not startup files) in user home directory trees will have initial file permissions

of 700 and will not exceed 750.

3.4.2.5  Shells

A shell is a program that serves as the basic interface between user and operating system.  It is

essentially a command interpreter that talks with the user, finds out what is needed, and calls the

appropriate kernel functions to accomplish requests.  The shell also establishes the environment

that a user operates in, or controls the user's view of the system.  It may be modified to suit

almost any user, and it may run additional programs that serve as additional layered front end

interfaces.  Every system comes supplied with several shells (sh, ksh, jsh, csh, and others) that

may be defined as the default shell for users.  The IAO may define the default shells that users

are allowed to have in a file called /etc/shells.  If a user does not have a default shell authorized

through inclusion in this file, that user will not be able to log on.  The IAO will ensure the SFUG

instructs users not to change their default shell without authorization, and that it contains

instructions prohibiting the use of unauthorized shells.  The SA may use shells not listed in the

/etc/shells file to disable accounts.  These are /usr/bin/false, /bin/false, or /dev/null.  They will

not appear in the /etc/shells file because that could allow ftp to be logged on to and negate the

reasons for assigning a false shell.

(OSX1026GEN0070:  CAT II) The SA will list all authorized shells in the /etc/shells file.

(OSX1026GEN0071: CAT II)  The SA will ensure that the /usr/bin/false, /bin/false, and

/dev/null will be considered valid shells, and that they are not listed in the /etc/shells file.

UNCLASSIFIED





  
    
      

    
    Home
    
    About
    
    Services
    
    Network
    
    Support
    
    FAQ
    
    Order
    
    Contact
    
    
         Mac Web Hosting

    
    
    
      Our partners:Jsp 
      Web Hosting
      Unlimited Web Hosting 
      Cheapest Web Hosting  Java 
      Web Hosting
      Web Templates
      Best Web Templates PHP Mysql Web Hosting
      
      Interland Web Hosting
      Cheap Web Hosting 
      PHP Web Hosting
      Tomcat Web Hosting
      Quality Web Hosting
      Best Web Hosting  Mac 
      Web Hosting  
      

      Lunarwebhost.net  Business web hosting 
      division of Vision Web Hosting Inc. All rights reserved


Home	About	Services	Network	Support	FAQ	Order	Contact
Mac Web Hosting
Our partners:Jsp Web Hosting Unlimited Web Hosting Cheapest Web Hosting Java Web Hosting Web Templates Best Web Templates PHP Mysql Web Hosting Interland Web Hosting Cheap Web Hosting PHP Web Hosting Tomcat Web Hosting Quality Web Hosting Best Web Hosting Mac Web Hosting Lunarwebhost.net Business web hosting division of Vision Web Hosting Inc. All rights reserved