MacWebHosting Configuration Quidance of Macintosh OS X Mac Hosting

Macintosh OS X Workstation STIG, V1R1

DISA Field Security Operations

15 June 2004

          Developed by DISA for the DOD

4.1.4  Finger

The finger command makes personal information available to users on the network.  Hackers use

this feature to obtain and exploit information about users and to help obtain unauthorized access

to accounts.  The syntax is simple finger user@host.  The output contains information about

the user.  This will have a permissions set of 000 on all Mac OS X workstations.

(OSX1026SVR0049:  CAT II):  The SA will ensure that finger has permissions of 000 on all

Mac OS X workstations.

4.1.5  Remote Host Printing

The /etc/hosts.lpd enables remote host printing on most systems.  It is possible for unauthorized

remote systems to print to hosts (as a print server) if the printer configuration files are not

configured properly.  In addition, the SA and IAO should know and document all systems that

are authorized to use a host as a print server.

 (OSX1026SVR0050:  CAT II) The SA will for all Mac OS X servers obtain the approval of

the IAO for all hosts that are implemented as clients to a print server.

(OSX1026SVR0051:  CAT II) The SA will for all Mac OS X servers supply all print server

client configuration documentation to the IAO.

(OSX1026SVR0052:  CAT II) The IAO will for all Mac OS X servers maintain documentation

clearly depicting all print server   client configurations.

(OSX1026SVR0053:  CAT II) The SA will for all Mac OS X servers ensure the local UNIX

host printer configuration file, if one exists, will not contain the     (minus) or  +

character.

 (OSX1026SVR0054:  CAT II) The SA will for all Mac OS X servers ensure the printer

configuration files will be owned by root, bin, sys, or lp.

(OSX1026SVR0055:  CAT II) The SA will for all Mac OS X servers ensure printer

configuration files will have permissions of 664, or more restrictive.

4.1.6  Traceroute

Traceroute is a utility used to determine the path a packet takes between two endpoints.

Sometimes when a packet filter firewall is configured incorrectly, an attacker can traceroute the

firewall, gaining knowledge of the network topology inside the firewall.  This information may

allow an attacker to determine trusted routers and other network information.  Traceroute is often

used by network management software, and this is acceptable as long as it is documented and

justified.

(OSX1026SVR0056:  CAT I) The SA will ensure that the traceroute of the Mac OS X server

command is owned by root.

UNCLASSIFIED





  
    
      

    
    Home
    
    About
    
    Services
    
    Network
    
    Support
    
    FAQ
    
    Order
    
    Contact
    
    
         Mac Web Hosting

    
    
    
      Our partners:Jsp 
      Web Hosting
      Unlimited Web Hosting 
      Cheapest Web Hosting  Java 
      Web Hosting
      Web Templates
      Best Web Templates PHP Mysql Web Hosting
      
      Interland Web Hosting
      Cheap Web Hosting 
      PHP Web Hosting
      Tomcat Web Hosting
      Quality Web Hosting
      Best Web Hosting  Mac 
      Web Hosting  
      

      Lunarwebhost.net  Business web hosting 
      division of Vision Web Hosting Inc. All rights reserved


Home	About	Services	Network	Support	FAQ	Order	Contact
Mac Web Hosting
Our partners:Jsp Web Hosting Unlimited Web Hosting Cheapest Web Hosting Java Web Hosting Web Templates Best Web Templates PHP Mysql Web Hosting Interland Web Hosting Cheap Web Hosting PHP Web Hosting Tomcat Web Hosting Quality Web Hosting Best Web Hosting Mac Web Hosting Lunarwebhost.net Business web hosting division of Vision Web Hosting Inc. All rights reserved