No firewalling
Disables SUID status to the news server tools and DOSEMU
Setup password aging -- old unused accounts will be disabled, though the owners will be warned
Password protects single-user mode
Applies limits to any one program/user's resource usage, to block Denial of Service attacks.
Configures additional logging
Deactivate the DHCP Server daemon
Disable the SNMP daemons
Disable the VRFY/EXPN data mining commands in Sendmail
Deactivate the DNS server
Deactivate the Apache server
Deactivate Apache Server Side Includes (SSI)
Set umask to 022
Set security level to 2
Apply file permission level 2
Restrict "." from the PATH variable
Deactivate telnet
Deactivate ftp
Activate security checks
Moderate firewalling
Disables SUID status to dump, restore, cardctl, rsh, rlogin and rcp
Disables SUID status to the news server tools and DOSEMU
Disables rsh/rlogin access to this machine
Sets up password aging -- old unused accounts will be disabled, though the owners will be warned
Password protects single-user mode
Applies limits to any one program/user's resource usage, to block Denial of Service attacks.
Configures additional logging
Deactivates the APMd daemon
Disables NFS and Samba
Disables GPM
Deactivates the DHCP Server daemon
Disables the SNMP daemons
Deactivates Sendmail's network listening mode, so this WORKSTATION doesn't operate as a mail server
Disables the VRFY/EXPN data mining commands in Sendmail
Deactivates the DNS server
Deactivates the Apache server
Deactivates the Apache Server Side Includes (SSI)
Sets umask to 022
Sets security level to 3
Applies file permission level 3
Restricts "." from the PATH variable
Deactivates telnet
Deactivates ftp
Disables FTP's anonymous mode capability
Activates security checks
Applies TMPDIR protection
Tight firewalling
Disables SUID status to mount, umount, ping, at, usernetctl, and traceroute
Disables SUID status to dump, restore, cardctl, rsh, rlogin and rcp
Disables SUID status to the news server tools and DOSEMU
Disables rsh/rlogin access to this machine
Restricts use of cron to root account
Disables the pcmcia startup script
Sets up password aging -- old unused accounts will be disabled, though the owners will be warned
Password protects single-user mode
Applies limits to any one program/user's resource usage, to block Denial of Service attacks.
Configures additional logging
Deactivates the APMd daemon
Disables NFS and Samba
Disables GPM
Deactivates the DHCP Server daemon
Disables the SNMP daemons
Deactivates Sendmail's network listening mode, so this WORKSTATION doesn't operate as a mail server
Disables the VRFY/EXPN data mining commands in Sendmail
Deactivates the DNS server
Deactivates the Apache server
Deactivates the Apache Server Side Includes (SSI)
Deactivates the Apache Server follow-symbolic links behavior
Deactivates the Apache Server CGI's
Deactivates all remaining daemons, with the exception of crond, syslog, keytable, network, gpm, xfs and pcmcia
Sets umask to 077
Sets security level to 4
Applies file permission level 4
Restricts "." from the PATH variable
Deactivates telnet
Deactivates ftp
Disables FTP's anonymous mode capability
Disables FTP's user mode capability
Activates security checks
Applies TMPDIR protection
The server configurations include three security levels. They start with the following major servers turned off: DNS, Mail, web, FTP and DHCP. and then modify them, based on which of the five major server types the user asks for.
No firewalling
Disables SUID status from dump/restore, cardctl, dosemu, news server programs
Enforces password aging
Password protects single user mode
Adds additional logging
Disables apmd, NFS, Samba, pcmcia, DHCP server, news server, routing daemons, NIS, SNMPD
Disables VRFY/EXPN data mining commands in sendmail
Deactivates named (dns)
Deactivates apache (web)
Deactivates apache Server Side Includes (SSI)
Sets umask to 022
Sets security level to 2
Applies file permission level 2
Deactivates telnet
Deactivates ftp
Activates security checks
Moderate firewalling
Disables SUID status from dump/restore, cardctl, dosemu, news server programs
Disables SUID status from rsh, rlogin
Disables rhost-based authentication
Enforces password aging
Password protects single user mode
Adds additional logging
Disables apmd, NFS, Samba, pcmcia, DHCP server, news server, routing daemons, NIS, SNMPD
Disables gpm
Disables VRFY/EXPN data mining commands in sendmail
Deactivates named (dns)
Deactivates apache (web)
Deactivates apache Server Side Includes (SSI)
Deactivates apache CGI script execution
Disables FTP user mode
Disables FTP anonymous mode
Sets umask to 022
Sets security level to 3
Applies file permission level 3
Restricts "." from the PATH variable
Deactivates telnet
Deactivates ftp
Activates security checks
Strong firewalling
Disables SUID status from dump/restore, cardctl, dosemu, news server programs
Disables SUID status from rsh, rlogin
Disables SUID status for mount, umount, ping, at, usernetctl, traceroute
Disables rhost-based authentication
Disables cron use to everyone but root
Enforces password aging
Enforces limits on resources to prevent DoS attack
Password protects single user mode
Adds additional logging
Disables apmd, NFS, Samba, pcmcia, DHCP server, news server, routing daemons, NIS, SNMPD
Disables gpm
Disables VRFY/EXPN data mining commands in sendmail
Deactivates named (dns)
Deactivates apache (web)
Deactivates apache Server Side Includes (SSI)
Deactivates apache CGI script execution
Deactivates apache's following of symlinks
Disables printing
Disables FTP user mode
Disables FTP anonymous mode
Activates TMPDIR protection
Sets umask to 077
Sets security level to 4
Applies file permission level 4
Restricts "." from the PATH variable
Deactivates telnet
Deactivates ftp
Activates security checks