MacWebHosting Configuration Quidance of Macintosh OS X Mac Hosting

Macintosh OS X Workstation STIG, V1R1

DISA Field Security Operations

15 June 2004

          Developed by DISA for the DOD

4.6  System Logging Daemon (syslogd)

The system logging daemon (syslogd) reads and forwards system messages to the log files

and/or users.  Malicious users can flood the logging daemon with unauthorized messages unless

syslogd is configured to accept messages only from designated hosts.  System logging normally

takes place over port 514.  Services to this port should be restricted to local hosts at the firewall

or premise router.

If syslogd is required to log system messages to the local machine, ensure that the system name

in /etc/hosts contains the alias loghost.  If the /etc/hosts file shows the loghost as some other

system, then system log messages will be sent to that host instead of being logged on the local

host.  The IAO will maintain documentation of the machines using a non local loghost.  Local

hosts will not be permitted to act as loghosts for systems outside the local network.  Some

messages need to be reviewed immediately by responsible parties such as root.  Use the

following example (or one similar) in the /etc/syslog.conf file to ensure alerts are written to the

terminal screen of root or operator if they are logged on:

 *.alert

root,operator

Some systems are vulnerable to a syslog denial of service (flood) attack.  If you are not using

remote logging, use the   r  option (or   l  in BSDI) to turn remote logging off in your syslog

daemon.  You must then recompile the daemon.  Contact your vendor or refer to your vendor s

documentation for more information.

(OSX1026DNS0001:  CAT II) The SA will ensure the /etc/syslog.conf file is owned by root

with access permissions of 640, or more restrictive.

(OSX1026DNS0002:  CAT II) The SA will ensure the group owner of the /etc/syslog.conf file

is a privileged uid.

(OSX1026DNS0003:  CAT II) The IAO will maintain documentation of the machines using a

non local loghost.

(OSX1026DNS0004:  CAT III) The IAO will maintain documentation of log servers and the

machines that are permitted to log to them.

4.7  Secure Shell (ssh)

Secure Shell (ssh) is communications software that uses encrypted communications to log on to

and perform jobs on another computer through a network.  It can also be used to execute remote

commands and to move files between machines.  Ssh communicates using encryption to protect

data and passwords.  It provides strong authentication and secure communications over insecure

channels.  Ssh also provides rlogin, rsh, rcp, and rdist services, but since the communications are

encrypted, it is done in a much more secure manner than the traditional services.

UNCLASSIFIED





  
    
      

    
    Home
    
    About
    
    Services
    
    Network
    
    Support
    
    FAQ
    
    Order
    
    Contact
    
    
         Mac Web Hosting

    
    
    
      Our partners:Jsp 
      Web Hosting
      Unlimited Web Hosting 
      Cheapest Web Hosting  Java 
      Web Hosting
      Web Templates
      Best Web Templates PHP Mysql Web Hosting
      
      Interland Web Hosting
      Cheap Web Hosting 
      PHP Web Hosting
      Tomcat Web Hosting
      Quality Web Hosting
      Best Web Hosting  Mac 
      Web Hosting  
      

      Lunarwebhost.net  Business web hosting 
      division of Vision Web Hosting Inc. All rights reserved


Home	About	Services	Network	Support	FAQ	Order	Contact
Mac Web Hosting
Our partners:Jsp Web Hosting Unlimited Web Hosting Cheapest Web Hosting Java Web Hosting Web Templates Best Web Templates PHP Mysql Web Hosting Interland Web Hosting Cheap Web Hosting PHP Web Hosting Tomcat Web Hosting Quality Web Hosting Best Web Hosting Mac Web Hosting Lunarwebhost.net Business web hosting division of Vision Web Hosting Inc. All rights reserved