manualshive.com logo in svg

Skybox Securoty Appliance 7000, Quick Start Manual

Introducing the Skybox Security Appliance 7000 - a cutting-edge solution ensuring robust network protection. Get started effortlessly with our Quick Start Manual available for instant download, absolutely free. Experience top-notch security with ease. Don't forget to download your manual from manualshive.com and unlock the full potential of your Skybox device.

Share
Download
background image

Chapter 17

CIS benchmarks for CentOS 7

Skybox version 11.7.100

65

RECOMMENDATION

SCORED

DESCRIPTION

attempting to target specific exploits of a system.
Authorized users can get this information by running

uname -a

after they log in.

3.1.2

ü

Ensure that packet redirect sending is disabled.

Rationale: An attacker could use a compromised host to
send invalid ICMP redirects to other router devices in an
attempt to corrupt routing and have users access a system
set up by the attacker as opposed to a valid system.

3.2.1 – 3.2.3

ü

3.2.1: Ensure that source routed packets are not accepted.

Rationale: Setting

net.ipv4.conf.all.accept_

source_route

and

net.ipv4.conf.default.accept_source_route

to

0 disables the system from accepting source routed
packets. Assume that the system is capable of routing
packets to Internet routable addresses on one interface
and private addresses on another interface, and the
private addresses are not routable to the Internet routable
addresses and vice versa. Under normal routing
circumstances, an attacker from the Internet routable
addresses cannot use the system as a way to reach the
private address systems. If, however, source routed
packets are permitted, they can be used to gain access to
the private address systems as the route can be specified,
rather than relying on routing protocols that do not permit
this routing.

3.2.2: Ensure that ICMP redirects are not accepted.

Rationale: Attackers could use bogus ICMP redirect
messages to maliciously alter the system routing tables
and get them to send packets to incorrect networks and
permit your system packets to be captured.

3.2.3: Ensure that secure ICMP redirects are not accepted.

Rationale: Even known gateways can be compromised.
Setting

net.ipv4.conf.all.secure_redirects

to

0

protects the system from routing table updates by possibly
compromised known gateways.

3.2.4

ü

Ensure that suspicious packets are logged. When enabled,
this feature logs packets with un-routable source
addresses to the kernel log.

Rationale: Enabling this feature and logging these packets
enables administrators to investigate the possibility that an
attacker is sending spoofed packets to their system.

3.5.1 – 3.5.4

û

Ensure that DCCP, SCTP, RDS, and TIPC are disabled.

Rationale: If these protocols are not being used, it is
recommended that the kernel modules not be loaded,
disabling the services to reduce the potential attack
surface.

4.1.8 -4.1.9

ü

Ensure that login and logout events are collected; Ensure
that session initiation information is collected. The file

Summary of Contents for Appliance 7000

Page 1: ...Skybox Appliance 7000 Quick Start Guide 11 7 103 CentOS Linux release 7 9 2009 Core Skybox Security Inc 2077 Gateway Place Suite 200 San Jose CA 95110 USA 1 866 675 9269 skyboxsecurity com ...

Page 2: ... not warrant that this document is error free No part of this publication may be reproduced stored in a retrieval system or transmitted in any form or by any means electronic mechanical photocopying recording or otherwise without the prior written permission of Skybox Security Skybox Skybox Security Skybox Firewall Assurance Skybox Network Assurance Skybox Vulnerability Control Skybox Change Manag...

Page 3: ...12 Available Installation Processes 12 System configuration 13 What s next 16 Configuring Skybox Appliance 18 Configuration and management options 18 Setting up network interface bonding 19 Setting up SNMP configuration 21 RADIUS authentication 22 LDAP authentication 23 Changing the TLS version 25 Sending CentOS logs to a remote syslog server 27 Customizing the syslog server 28 Setting up TCP and ...

Page 4: ...certificate and private key from the Java keystore 51 Selecting the Skybox Appliance Installation 53 Overview 53 Modify the Skybox Server and Collector Parameters 54 Install only the Skybox Collector 55 Install Standalone Elasticsearch Node 56 Monitoring SNMP 57 Troubleshooting 60 Restoring Skybox Appliance to factory defaults 61 Wiping the hard disk drive 62 CIS benchmarks for CentOS 7 63 Regulat...

Page 5: ...ox Server and Skybox Collector are preinstalled on Skybox Appliance and run at startup In this chapter Basic architecture 5 Related documentation 5 Basic architecture The Skybox platform consists of a 3 tiered architecture with a centralized server Skybox Server data collectors Skybox Collectors and a user interface Skybox Manager Skybox can be scaled to suit the complexity and size of any infrast...

Page 6: ... verify that all tamper evident seals are intact Verify that the Skybox Appliance serial number purchase order number and FedEx tracking number match the information provided by Skybox Customer Support What s in the box The following items are in the shipping carton l Skybox Appliance l Rack mount kit l Front bezel l 2 AC power cords l RJ45 to DB9 serial console cable l Skybox Quick Start Guide l ...

Page 7: ... 0 3 0 connectors l DB 15 video connector l Bezel with lock support External I O connectors back panel l DB 15 video connector l Dedicated RJ45 server management NIC l 6 RJ 45 1000baseT network interfaces 1 GB Ethernet LAN l 2 USB 2 0 Ports l 2 USB 3 0 Ports Compliant standards CE UL VCCI BSMI GS ICES 003 FCC Part 15 IEC 60950 1 and more For detailed information see Regulatory and safety informati...

Page 8: ... BTU hour EMI operating Required to meet EMI emission requirements tested as part of system MTBF estimates for Skybox Appliance The estimated mean time between failures MTBF and Failures in Time FIT for Skybox Appliance 7000 are listed in the following table COMPONENT MTBF HOURS ESTIMATED FIT Hot Swap Backplane 9419052 107 1 Slot Riser Card per card 106005093 10 Standard Front Panel 16324108 62 In...

Page 9: ...equired for use C NIC1 and NIC2 activity LEDs D System cold reset button E System status LED F Power button with integrated LED G Hard drive activity LED Front panel LED functions LED COLOR STATE DESCRIPTION Power Sleep Green on Power on Green blinking Sleep Off Power off NIC LEDs Green on Network link but no network activity Green blinking Network activity Off No link ...

Page 10: ...edundant power module failure non critical temperature and voltage Off Power off System unplugged Power on System powered off and in standby no prior degraded non critical critical state Back panel connectors Skybox Appliance 7000 back panel includes the connectors shown in the following figure By default l eno1 is enabled and configured as DHCP l eno2 is enabled and configured as static with the ...

Page 11: ...all peripheral devices connected to Skybox Appliance 2 Turn off Skybox Appliance by pressing the Power button on the front of the chassis and then unplug the AC power cords from the chassis or wall outlet 3 Label and disconnect all peripheral cables and all telecommunications lines connected to I O connectors or ports on the back of the chassis 4 Provide electrostatic discharge ESD protection by w...

Page 12: ...r consults with Skybox Professional Services prior to selecting any of these installation options Advanced Installation Options Skybox Appliance by default boots from a local drive with predefined parameters and is installed as a Skybox Server including a local Collector Several options are available to modify the default installation process l Modify the Skybox Server and Collector parameters Ins...

Page 13: ...n your Skybox Appliance l A console mouse keyboard and screen connection l A network connection via static NIC Note To view a figure showing the connectors used in the following procedures see Back panel connectors Configuration via the RMM interface You can connect to Skybox Appliance via its RMM interface by connecting a network cable to the RMM port The RMM interface is preconfigured to obtain ...

Page 14: ...ion l If you are using DHCP The system assigns a name to the RMM interface and its IP address you can configure the name at the bottom of the page in BMC hostname l If you are using a Static address Provide the IP address netmask and gateway IP address 5 When you are finished press F10 to save and exit the configuration Skybox Appliance boots with the RMM interface configured with the user that yo...

Page 15: ...e Administration main page opens 4 Configure a network interface with an IP address netmask and default gateway Note Network Interfaces includes a tab for docker0 This tab is for an Appliance feature that is to be added in a future release Do not change the settings for docker0 a Navigate to the Network tab and select Network Configuration b Select a network interface to configure c Select the IP ...

Page 16: ... from NTP servers a Select Automatic Date and Time Configuration Using NTP Server b Click Change NTP Servers add the IP address or DNS of up to 3 NTP servers to use If you specify multiple NTP servers Skybox Appliance synchronizes to the average time of the servers c Click Change Time Zone set the time zone for the location of your Skybox Appliance so that reports and other data are timestamped co...

Page 17: ...e Skybox version 11 7 100 17 syslog server The syslog server on Skybox Appliance is preconfigured and is enabled by default Updates to the configuration files of the syslog server are included in Skybox Appliance operating system updates ...

Page 18: ...e Network Configuration Network Configuration Enables you to configure network settings connection method IP address netmask and gateway and bonding for each network interface connection and to configure the DNS servers Note For non virtual Appliances this pane includes a link to a figure showing the back panel to help you to understand the connections Note Network Interfaces includes a tab for do...

Page 19: ... SNMP configuration host configuration and sending traps see Setting up SNMP configuration You can also download the Skybox Appliance MIBs Security tab Appliance Passwords Enables you to change the root password for Skybox Appliance the password for Skybox Appliance Administration and the RMM password LDAP Enables you to set up Skybox Appliance to support authentication via LDAP see LDAP authentic...

Page 20: ...der from the 1st available slave to the last This mode provides load balancing and fault tolerance mode 1 active backup Active backup policy Only one slave in the bond is active A different slave becomes active if and only if the active slave fails The bond s MAC address is externally visible on a single port network adapter to avoid confusing the switch This mode provides fault tolerance The prim...

Page 21: ...uire special switch support The receive load balancing is achieved by ARP negotiation The bonding driver intercepts the ARP replies sent by the local system on their way out and overwrites the source hardware address with the unique hardware address of a slave in the bond such that different peers use different hardware addresses for the server Setting up SNMP configuration You can configure Skybo...

Page 22: ...users for Read Only Credentials and Read write credentials For each credential set the following values o Username A character string value o Password A string at least 8 character long can be left blank o Hashing Algorithm We recommend that you select MD5 default o Encryption Algorithm We recommend that you select DES default l On the Notification Traps tab o Destination Name or IP address in the...

Page 23: ...tion for your RADIUS server There are 3 fields per line in this file each line representing a RADIUS server Each line has the following format server port secret timeout Blank lines or lines beginning with are ignored l The port number is optional The default port is 1812 l The timeout field is optional The default timeout is 3 seconds The timeout field controls how many seconds the module waits b...

Page 24: ...d to certify the LDAP servers Start each certificate on a new line For example BEGIN CERTIFICATE END CERTIFICATE BEGIN CERTIFICATE END CERTIFICATE Note The certificates must be in PEM format LDAP Search Base The default base DN to use for performing LDAP search operations The syntax must be in DN format For example CN Users DC YOURDOMAIN DC LOCAL LDAP Schema Select the schema type used on the targ...

Page 25: ...r Security TLS protocols There are 3 configurations for TLS l Default High Security configuration for SSL TLS versions 1 2 and higher are enabled Supported browsers Firefox 27 Chrome 30 Internet Explorer 11 on Windows 7 Edge Opera 17 Safari 9 Android 5 0 Java 8 and higher l Medium Security configuration for SSL TLS versions 1 1 and higher are enabled Supported browsers Firefox 1 Chrome 1 Internet ...

Page 26: ...HA256 ECDHE ECDSA AES128 SHA ECDHE RSA AES256 SHA384 ECDHE RSA AES128 SHA ECDHE ECDSA AES256 SHA384 ECDHE ECDSA AES256 SHA ECDHE RSA AES256 SHA DHE RSA AES128 SHA256 DHE RSA AES128 SHA DHE RSA AES256 SHA256 DHE RSA AES256 SHA ECDHE ECDSA DES CBC3 SHA ECDHE RSA DES CBC3 SHA EDH RSA DES CBC3 SHA AES128 GCM SHA256 AES256 GCM SHA384 AES128 SHA256 AES256 SHA256 AES128 SHA AES256 SHA DES CBC3 SHA DSS Lo...

Page 27: ...d Sending CentOS logs to a remote syslog server To send the Skybox Appliance CentOS logs to a remote syslog server 1 On the System tab click Syslog Server 2 Select Send System Logs to Remote Syslog Server 3 Fill in the remote syslog IP address and port to use and select the protocol to use ...

Page 28: ...configuration files of the syslog server and to the syslog log rotation file are included when necessary as part of Skybox Appliance operating system updates Users can also modify the following files locally for local changes l syslog configuration file etc syslog ng syslog ng conf l cron file etc cron daily syslog ng archive How can I change where and for how long the logs are stored You can chan...

Page 29: ...rtigate var log syslog ng new fg All others var log syslog ng new What are the log files named A separate log is generated for each device Log file names have the format l New logs device name IP address _ time of creation log l Archived logs device name IP address _ time of creation zip How can the logs be imported into the Skybox model Device logs can be imported using the following tasks l Chan...

Page 30: ...systems supported web based browsers and hardware requirements for Skybox Manager see Skybox Security System Requirements Installing Skybox Manager Note Skybox Manager runs on most Microsoft Windows operating systems For details see Skybox Manager system requirements Installing Skybox Manager requires administrator privileges To install Skybox Manager 1 Run the installation file SkyboxManager vers...

Page 31: ...the old installation file This way when Skybox users install Skybox Manager from the Appliance they are installing the latest version To replace the Skybox Manager installation file 1 Copy the installation file SkyboxManager version build exe to your Skybox Appliance using PuTTY WinSCP or another client program Save the file at usr local skyboxwebadmin manager 2 Delete all other files in this dire...

Page 32: ... update procedure or you can save them manually Changes that you made in Skybox settings files are not saved as part of the update back them up manually before updating CentOS The backed up files are at var tmp appliance_update_ installed_ version backup appliance_backup To update the operating system Note The machine reboots as part of the update process 1 Download the following files to your mac...

Page 33: ...liance_update_ patch backup Note After the update finishes a log of the process details is at opt skyboxview utility log appliance_update_ patch log 9 Optional If something went wrong with the update process you can l Restore settings files manually l Restore the files together overwriting the original files but preserving the original ownership and permissions for the files tar xpjf var tmp appli...

Page 34: ...n a standard DVD R We recommend that you use either a DVD R DL Dual Layer or a flash drive if you need to burn the ISO Note For flash drives we recommend using Rufus to burn the ISO https rufus ie To boot from the ISO l During startup select F6 and then select the device DVD or flash drive from which to boot ...

Page 35: ...remote login via SSH to the root and skyboxview users only AllowUsers root skyboxview AllowGroups root skyboxview This configuration is implemented as part of hardening the operating system of Skybox Appliance Changing these settings is not recommended and may not persist through Appliance operating system updates ...

Page 36: ...To check the firmware revision on your Skybox Appliance Note Run all commands from the command line on the Skybox Appliance 1 Run get_appliance_details Your Appliance model number is shown in the MODEL field 2 Run sudo ipmitool mc info grep Firmware Revision The result shows the firmware revision number for example Firmware Revision 1 16 To determine whether your Skybox Appliance requires a firmwa...

Page 37: ...are revision via RMM Before you start You must have permission to log in to the RMM interface of Skybox Appliance from your local machine For instructions see Configuring Java for login To check the firmware revision on your Skybox Appliance 1 Open Microsoft Explorer 2 Enter the RMM address of Skybox Appliance as the URL 3 Authenticate using the user name and the password 4 If you are not sure of ...

Page 38: ...are updates for Skybox Appliance Skybox version 11 7 100 38 Important You must know the model number for the update 5 From the System Information tab on the Summary page check the firmware revision number in BMC FW Rev ...

Page 39: ...l to the relevant version in this table no update is required If the version detected is lower than the version in this table continue with Preparing to update Preparing to update Important Contact Skybox support before upgrading the firmware on your Skybox Appliance Skybox Appliances are manufactured to use a specific Skybox approved version of the firmware Warning Do not attempt to upgrade to an...

Page 40: ...ning on the Skybox Appliance machine before performing the update l Shut down the Skybox Server service sbvserver stop l Shut down the Skybox Collector service sbvcollector stop Updating via the console If you are not using RMM on your Skybox Appliance the following instructions explain how to perform the firmware update using the console To update the firmware 1 Open the ZIP file and copy the ent...

Page 41: ... to the RMM interface of Skybox Appliance from your local machine For instructions see Configuring Java for login To update the firmware 1 Open the ZIP file and copy the entire content of the package file to the root directory of a USB flash drive 2 Connect the USB flash drive to the back panel of the Skybox Appliance machine 3 Make sure that no other USB is connected 4 Connect to RMM as in steps ...

Page 42: ... service sbvcollector stop 8 Reboot the machine using the BMC Web Console a From the BMC Web Console click Server Power Control b Select Reset Server and select Force enter Bios Setup c Click Perform Action The machine reboots and the boot menu is displayed 9 From the menu select Boot Manager and press Enter ...

Page 43: ...Skybox Appliance 7000 Quick Start Guide Skybox version 11 7 100 43 10 From the Boot Manager select Launch EFI Shell and press Enter After about 5 seconds the following screen appears ...

Page 44: ...Chapter 10 Firmware updates for Skybox Appliance Skybox version 11 7 100 44 11 Press Enter When the procedure is almost finished the screen displays the following ...

Page 45: ...Skybox Appliance 7000 Quick Start Guide Skybox version 11 7 100 45 12 Wait 2 minutes and log in again to the remote console 13 Press 5 to exit the update ...

Page 46: ...dates for Skybox Appliance Skybox version 11 7 100 46 14 Press any key to continue Configuring Java for login This procedure enables you to log in to the RMM interface of the Skybox Appliance machine from your local machine ...

Page 47: ...Skybox Appliance 7000 Quick Start Guide Skybox version 11 7 100 47 1 From the Windows Start menu select Configure Java 2 In the Java Control Panel click the Security tab ...

Page 48: ...Chapter 10 Firmware updates for Skybox Appliance Skybox version 11 7 100 48 3 Click Edit Site List 4 Add the URL of the RMM interface of the Skybox Appliance machine ...

Page 49: ...Skybox Appliance 7000 Quick Start Guide Skybox version 11 7 100 49 ...

Page 50: ...pid 10480 tid 140600437254272 SSL Library Error error 0D0680A8 asn1 encoding routines ASN1_CHECK_TLEN wrong tag Sun Nov 03 16 26 23 623006 2019 ssl error pid 10480 tid 140600437254272 SSL Library Error error 0D08303A asn1 encoding routines ASN1_TEMPLATE_NOEXP_D2I nested asn1 error Sun Nov 03 16 26 23 623012 2019 ssl error pid 10480 tid 140600437254272 SSL Library Error error 0D0680A8 asn1 encoding...

Page 51: ...LCertificateKeyFile SSLCertificateChainFile etc pki tls certs ca chain cert pem Note If you are using an intermediate certificate you are required to add the above line again after an upgrade 8 Restart the Apache server systemctl restart httpd 9 Make sure that the root CA certificate is installed in your browser s trusted CA certificate repository 10 Access Skybox Appliance Administration at https...

Page 52: ...kcs12 in server keystore p12 nokeys out etc pki tls certs skybox_cert pem The certificate is exported directly to etc pki tls certs 5 When prompted Enter Import Password enter skyboxview 6 Export the private key from the keystore openssl pkcs12 in server keystore p12 nodes nocerts out etc pki tls private skybox_key pem The private key is exported directly to etc pki tls private 7 When prompted Ent...

Page 53: ...to select a different option before the boot You can install Skybox Appliance with modified parameters or as a specific type of server l Modify the Skybox Server and Collector Parameters Installing Skybox Server with Collector is the typical Appliance configuration This option allows you to modify several of the parameters in the installation process l Install only the Skybox Collector Optimizes t...

Page 54: ... appears asking whether to run the default collector only installation It waits 60 seconds for a response l If the response is Yes or if no response is provided within 60 seconds the default installation starts which configures Skybox Appliance as a Skybox Server with Collector l If the response is No the following dialog appears explaining the various installation parameters and allows the user t...

Page 55: ... with a size of 100 GB The remaining disk space is allocated primarily to var This leaves considerable space for the syslog records To install only the Skybox Collector 1 Mount the ISO and start the server 2 From the boot menu of the Skybox Appliance ISO select Skybox Collector Installation 3 The installation dialog appears asking whether to run the default collector only installation It waits 60 ...

Page 56: ...the new Elasticsearch based Skybox Web Client Selecting this option in the boot menu skips the interactive installation dialog and selects the following options l No partitioning l No AIDE l No FIPS 140 compliance l Install the Skybox Server in Standalone Elasticsearch mode A standalone Elasticsearch node must be connected to the master Skybox Server node If you are using a 3 node cluster all 3 no...

Page 57: ...f idle CPU time 1 3 6 1 4 1 2021 11 11 0 l Raw idle CPU time 1 3 6 1 4 1 2021 11 53 0 l Raw nice CPU time 1 3 6 1 4 1 2021 11 51 0 Memory statistics l Total swap size 1 3 6 1 4 1 2021 4 3 0 l Available swap space 1 3 6 1 4 1 2021 4 4 0 l Total RAM in machine 1 3 6 1 4 1 2021 4 5 0 l Total RAM used 1 3 6 1 4 1 2021 4 6 0 l Total RAM free 1 3 6 1 4 1 2021 4 11 0 l Total RAM shared 1 3 6 1 4 1 2021 4...

Page 58: ...ector status commands o Return codes statuses 0 Running 2 Partially running currently in the process of starting or stopping 3 Stopped l Get Appliance mode 1 3 6 1 4 1 8072 1 3 2 4 1 2 19 49 46 51 46 54 46 49 46 52 46 49 46 49 5 7 55 54 56 46 51 o Outputs include MODE SERVER MODE COLLECTOR MODE ELASTIC Examples l For Skybox Server status snmpget v2c c skyboxview 127 0 0 1 1 3 6 1 4 1 8072 1 3 2 3 ...

Page 59: ...endOutputFull 1 3 6 1 4 1 19768 4 STRING server is up pid 1570 jstat gcutil output S0 S1 E O M CCS YGC YGCT FGC FGCT GCT 97 02 0 00 79 80 86 18 93 60 216 11 808 13 18 205 30 014 collector is up pid 2075 jstat gcutil output S0 S1 E O M CCS YGC YGCT FGC FGCT GCT 75 00 0 00 65 97 18 63 95 59 93 18 28 0 567 3 0 320 0 888 ...

Page 60: ...103 7 1 11 CORES 2 MODE SERVER MODEL RAM 32014 MB SERIAL_NUMBER SKYBOXVIEW 10 0 513 Hardware issues If there is a hardware issue on Skybox Appliance usually indicated by the system status LED turning amber or blinking a directory LogFiles is created at the location from which the sysinfo command is invoked This directory contains the diagnostic log files 1 As the root user not sudo run the command...

Page 61: ...required Rufus settings are listed in the following table PROPERTY VALUE Partition scheme MBR Target system BIOS or UEFI Warning Restoring Skybox Appliance erases all data on the Appliance To restore Skybox Appliance to factory defaults 1 Insert the USB drive 2 Reboot the Appliance 3 When you see the Skybox Installation Menu window press any key to interrupt the boot process Note If the Skybox Ins...

Page 62: ...e destroying the data on it for example if you are sending the Skybox Appliance back to Skybox for replacement Warning This procedure wipes the SDD completely it will not be bootable or function at all The following command overwrites all partitions master boot records and data dd if dev urandom of dev sda bs 1M ...

Page 63: ...By monitoring the file system state compromised files can be detected to prevent or limit the exposure of accidental or malicious misconfigurations or modified binaries 1 3 2 ü Ensure that file system integrity is regularly checked Periodic checking of the file system integrity is needed to detect changes to the file system Rationale Periodic file checking enables the system administrator to deter...

Page 64: ...lation Service mcstrans is not installed The mcstransd daemon provides category label information to client processes requesting information The label translations are defined in etc selinux targeted setrans conf Rationale Because this service is not used very often remove it to reduce the amount of potentially vulnerable code running on the system 1 7 1 3 ü Ensure that the remote login warning ba...

Page 65: ...uted packets are permitted they can be used to gain access to the private address systems as the route can be specified rather than relying on routing protocols that do not permit this routing 3 2 2 Ensure that ICMP redirects are not accepted Rationale Attackers could use bogus ICMP redirect messages to maliciously alter the system routing tables and get them to send packets to incorrect networks ...

Page 66: ... Rationale It is highly unusual for a non privileged user to mount file systems to the system Although tracking mount commands gives the system administrator evidence that external media may have been mounted based on a review of the source of the mount and confirming that it is an external media type it does not conclusively indicate that data was exported to the media 4 1 14 ü Ensure that file d...

Page 67: ...rmissions on etc cron daily are configured l Ensure that permissions on etc cron weekly are configured l Ensure that permissions on etc cron monthly are configured l Ensure that permissions on etc cron d are configured Rationale Granting write access to these directories for non privileged users could provide them the means for gaining unauthorized elevated privileges Granting read access to these...

Page 68: ...user access further by only permitting these users to log in from a particular host the entry can be specified in the form of user host l AllowGroups The AllowGroups variable gives the system administrator the option of permitting specific groups of users to SSH into the system The list consists of space separated group names Numeric group IDs are not recognized with this variable Rationale Restri...

Page 69: ...and Users who want to permit their files and directories to be readable by others by default may choose a different default umask by inserting the umask command into the standard shell configuration files profile bashrc and so on in their home directories Rationale Setting a very secure default value for umask ensures that users make a conscious choice about their file permissions A default umask ...

Page 70: ...les may also indicate an incorrectly written script or program that could potentially be the cause of a larger compromise to the system s integrity 6 1 11 ü Ensure that no unowned files or directories exist Sometimes when administrators delete users from the password file they neglect to remove all files owned by those users from the system Rationale A new user who is assigned the deleted user s u...

Page 71: ...her product certification categories and environments such as medical industrial telecommunications NEBS residential alarm systems test equipment and so on other than an ITE application may require further evaluation Safety compliance l UL60950 CSA 60950 USA Canada l EN60950 Europe l IEC60950 International l CB Certificate Report IEC60950 report to include all country national deviations l CE Low ...

Page 72: ...d banned substances are noted below o Quantity limit of 0 1 by mass 1000 PPM for Lead Mercury Hexavalent Chromium Polybrominated Biphenyls Diphenyl Ethers PBB PBDE o Quantity limit of 0 01 by mass 100 PPM for Cadmium l California Code of Regulations Title 22 Division 4 5 Chapter 33 Best Management Practices for Perchlorate Materials l China Restriction of Hazardous Substances China RoHS l WEEE Dir...

Page 73: ...tions 1 This device may not cause harmful interference and 2 This device must accept interference receive including interference that may cause undesired operation Nordic Ground Multiple Line 1 WARNING Swedish on line 2 Apparaten skall anslutas till jordat uttag när den ansluts till ett nätverk Finnish on line 3 Laite on liitettävä suojamaadoituskoskettimilla varustettuun pistorasiaan English on l...

Page 74: ...alifornia Code of Regulations Title 22 Division 4 5 Chapter 33 Best Management Practices for Perchlorate Materials This product part includes a battery which contains Perchlorate material Safety Multiple Power Cord International English This unit has more than one power supply cord To reduce the risk of electrical shock disconnect 2 two power supply cords before servicing German Dieses Geräte hat ...

Page 75: ...r relocate the receiving antenna l Increase the separation between the equipment and the receiver l Connect the equipment to an outlet on a circuit different from that to which the receiver is connected l Consult the dealer or an experienced radio TV technician for help Any changes or modifications not expressly approved by the grantee of this device could void the user s authority to operate the ...

Page 76: ... Certification Marking and EMC warning is located on the outside rear area of the product KC Korea Korea EMC Certification requires additional information on the product If there is no room to place the information it is provided in the product literature 1 Type of Equipment Model Name Model name is on KC certificate on product 2 Certification No Certification number is on KC certificate on produc...

Reviews:

No comments

Related manuals for Appliance 7000

Brands by name

Popular brands

Load more brands