MacWebHosting Configuration Quidance of Macintosh OS X Mac Hosting

Macintosh OS X Workstation STIG, V1R1

DISA Field Security Operations

15 June 2004

          Developed by DISA for the DOD

4.4  Trivial File Transfer Protocol (tftp)

Tftp is a file transfer program that requires no I&A.  On all Mac OS X workstations the tftp will

not run due to the blank inetd.conf file.  In addition, the tftpd will have its permissions set to 000.

(OSX1026WEB0001: CAT I)  The SA will ensure that the tftpd file permissions are 000 on all

Mac OS X workstations.

4.5  Domain Name Service (DNS)

BIND and named are equivalent.  The name daemon, named, is the software that implements

BIND.  There are others, but the BIND DNS server is used on the vast majority of name serving

machines on the Internet.  The resolver library included in the BIND distribution provides the

standard application programmer interfaces (APIs) for translation between domain names and

Internet addresses.  The resolver library is used for linking with applications requiring domain

name service.  Most implementations of BIND use a daemon called named.  BIND has

encountered some security problems.  It is very important, therefore, to ensure that the latest

version is being used.  The minimum version that is allowable at this time is the newest version

supported by the vendor.  In general, BIND Version 8.2.2, Patch Level 7, is the latest and most

trustworthy version at this time.  To examine the version number of named for HP systems, use

the command what /usr/sbin/named.  The easiest way to examine the version number of named

for Sun Solaris systems is to use the command strings /usr/sbin/in.named | grep  i version.

The BIND program will be removed from all Mac OS X Workstations.  To accomplish this refer

to APPENDIX C. PROCEDURES FOR BRINGING A MAC OS X SYSTEM INTO STIG

COMPLIANCE :  Removing BIND from Mac OS X.

(OSX1026GEN000 CAT II) The SA will ensure that BIND has been removed from all Mac

OS X workstations.

The configuration files associated with BIND are as follows:

/etc/resolv.conf

Contains the domain and the server to use for address

lookups

/etc/named.boot or named.conf

Configuration boot file (contains locations of other

files/tables)

The DNS translation tables defined in named.boot or named.conf

/var/run/named.pid

Process ID of the named process

/var/tmp/named.run

Debug output file

/var/tmp/named_dump.db

Dump of name server database

/var/tmp/named.stats Nameserver

statistics

data

Configuration files will be owned by root with a group owner of root, bin, or sys.  Configuration

file access permissions will be 600, or more restrictive.

UNCLASSIFIED





  
    
      

    
    Home
    
    About
    
    Services
    
    Network
    
    Support
    
    FAQ
    
    Order
    
    Contact
    
    
         Mac Web Hosting

    
    
    
      Our partners:Jsp 
      Web Hosting
      Unlimited Web Hosting 
      Cheapest Web Hosting  Java 
      Web Hosting
      Web Templates
      Best Web Templates PHP Mysql Web Hosting
      
      Interland Web Hosting
      Cheap Web Hosting 
      PHP Web Hosting
      Tomcat Web Hosting
      Quality Web Hosting
      Best Web Hosting  Mac 
      Web Hosting  
      

      Lunarwebhost.net  Business web hosting 
      division of Vision Web Hosting Inc. All rights reserved


Home	About	Services	Network	Support	FAQ	Order	Contact
Mac Web Hosting
Our partners:Jsp Web Hosting Unlimited Web Hosting Cheapest Web Hosting Java Web Hosting Web Templates Best Web Templates PHP Mysql Web Hosting Interland Web Hosting Cheap Web Hosting PHP Web Hosting Tomcat Web Hosting Quality Web Hosting Best Web Hosting Mac Web Hosting Lunarwebhost.net Business web hosting division of Vision Web Hosting Inc. All rights reserved