skybox 6000 Quick Start Manual Download Page 67 | Manualshive

Page: 67 / 78

background image

Skybox Appliance 6000 Quick Start Guide

Skybox version 11.6.100

67

RECOMMENDATION

SCORED

DESCRIPTION

/var/log/lastlog

maintain records of the last time a

user successfully logged in. The

/var/run/failock

directory maintains records of login failures via the

pam_

faillock

module. The file

/var/run/utmp

file tracks all

currently logged in users. The

/var/log/wtmp

file tracks

logins, logouts, shutdown, and reboot events. All audit
records are tagged with the identifier ‘session’. The file

/var/log/btmp

keeps track of failed login attempts and

can be read by entering the command

/usr/bin/last

-f /var/log/btmp

. All audit records are tagged with

the identifier ‘logins’.

Rationale: Monitoring login and logout events could
provide a system administrator with information associated
with brute force attacks against user logins. Monitoring
session information files for changes could alert a system
administrator to logins occurring at unusual hours, which
could indicate intruder activity (for example, a user logging
in at a time when they do not normally log in).

4.1.13

ü

Ensure that successful file system mounts are collected.
Monitor the use of the mount system call. The

mount

(and

umount

) system call controls the mounting and

unmounting of file systems.

Rationale: It is highly unusual for a non-privileged user to
mount file systems to the system. Although tracking mount
commands gives the system administrator evidence that
external media may have been mounted (based on a
review of the source of the mount and confirming that it is
an external media type), it does not conclusively indicate
that data was exported to the media.

4.1.14

ü

Ensure that file deletion events by users are collected.
Monitor the use of system calls associated with the
deletion or renaming of files and file attributes. This
configuration statement sets up monitoring for

unlink

(remove a file),

unlinkat

(remove a file attribute),

rename

(rename a file) and

renameat

(rename a file

attribute) system calls and tags them with the identifier
‘delete’.

Rationale: Monitoring these calls from non-privileged
users could provide a system administrator with evidence
that inappropriate removal of files and file attributes
associated with protected files is occurring. This audit
option looks at all events; system administrators want to
look for specific privileged files that are being deleted or
altered.

4.1.15

ü

Ensure that changes to the system administration scope
(

sudoers

) are collected. Monitor scope changes for

system administrations. If the system has been properly
configured to force system administrators to log in as
themselves first and then use the

sudo

command to

execute privileged commands, it is possible to monitor

«
...
65
66
67
68
69
...
»

Summary of Contents for 6000

Page 1: ...Skybox Appliance 6000 Quick Start Guide 11 6 110 CentOS Linux release 7 9 2009 Core Skybox Security Inc 2077 Gateway Place Suite 200 San Jose CA 95110 USA 1 866 675 9269 skyboxsecurity com ...

Page 2: ... not warrant that this document is error free No part of this publication may be reproduced stored in a retrieval system or transmitted in any form or by any means electronic mechanical photocopying recording or otherwise without the prior written permission of Skybox Security Skybox Skybox Security Skybox Firewall Assurance Skybox Network Assurance Skybox Vulnerability Control Skybox Change Manag...

Page 3: ...13 Available Installation Processes 13 System configuration 14 What s next 18 Configuring Skybox Appliance 19 Configuration and management options 19 Setting up network interface bonding 20 Setting up SNMP configuration 22 RADIUS authentication 23 LDAP authentication 24 Changing the TLS version 26 Sending CentOS logs to a remote syslog server 28 Customizing the syslog server 29 Setting up TCP and ...

Page 4: ...the Server certificate and private key from the Java keystore 52 Restoring Skybox Appliance to factory defaults 54 Selecting the Server Installation 55 Modify the Skybox Server and Collector Parameters 55 Install only the Skybox Collector 56 Install Standalone Elasticsearch Node 57 Monitoring SNMP 59 Troubleshooting 62 Wiping the hard disk drive 63 CIS benchmarks for CentOS 7 64 Regulatory and saf...

Page 5: ...ox Server and Skybox Collector are preinstalled on Skybox Appliance and run at startup In this chapter Basic architecture 5 Related documentation 5 Basic architecture The Skybox platform consists of a 3 tiered architecture with a centralized server Skybox Server data collectors Skybox Collectors and a user interface Skybox Manager Skybox can be scaled to suit the complexity and size of any infrast...

Page 6: ... ensure that the packaging is not damaged and verify that all tamper evident seals are intact Verify that the Skybox Appliance serial number purchase order number and FedEx tracking number match the information provided by Skybox Customer Support What s in the box The following items are in the shipping carton l Skybox Appliance l Rack mount kit l Front bezel l 2 AC power cords l RJ45 to DB9 seria...

Page 7: ... l 1 system status LED l 4 NIC LEDs l 1 HDD activity LED l 1 system cold reset button l 2 USB 2 0 connectors l 1 video connector l Bezel with lock support External I O connectors back panel l DB 15 video connector l RJ45 serial port A connector l 3 USB 2 0 Ports l 4 RJ 45 1000baseT network interfaces 1 GB Ethernet LAN Note Ports I O and RMM4 are not supported Compliant standards Ctick NRTL CE FCC ...

Page 8: ...027 7 BTU hour EMI operating Required to meet EMI emission requirements tested as part of system MTBF estimates for Skybox Appliance The estimated mean time between failures MTBF and Failures in Time FIT for Skybox Appliance 6000 are listed in the following table COMPONENT MTBF HOURS ESTIMATED FIT Backplane board 935189 1069 PCI Riser Card 7303481 137 Front Panel board 8272282 121 Intel Server Boa...

Page 9: ...tivity LED D NIC3 activity LED E System cold reset button F System status LED G Power button with integrated LED H Hard drive activity LED I NIC4 activity LED J NIC2 activity LED Front panel LED functions LED COLOR STATE DESCRIPTION Power Sleep Green on Power on Green blinking Sleep Off Power off NIC LEDs Green on Network link but no network activity Green blinking Network activity Off No link ...

Page 10: ...cal Alarm Redundant fan failure redundant power module failure non critical temperature and voltage Off Power off System unplugged Power on System powered off and in standby no prior degraded non critical critical state Back panel connectors Skybox Appliance 6000 back panel includes the connectors shown in the following figure Port mapping The mappings between physical ports on the back panel of S...

Page 11: ...values File system partitions By default the Skybox Appliance file system is partitioned as follows l tmp partition 5 l root partition 10 l var partition 30 l Swap partition The swap size is set to half the total RAM but no more than 8 of total storage l opt partition remainder of storage ...

Page 12: ...all peripheral devices connected to Skybox Appliance 2 Turn off Skybox Appliance by pressing the Power button on the front of the chassis and then unplug the AC power cords from the chassis or wall outlet 3 Label and disconnect all peripheral cables and all telecommunications lines connected to I O connectors or ports on the back of the chassis 4 Provide electrostatic discharge ESD protection by w...

Page 13: ... the user consults with Skybox Professional Services prior to selecting any of these installation options Advanced Installation Options Skybox Appliance by default boots from a local drive with predefined parameters and is installed as a Skybox Server including a local Collector Several options are available to modify the default installation process l Modify the Skybox Server and Collector Parame...

Page 14: ...iance l A console mouse keyboard and screen connection l A serial port connection l A network connection via static NIC Note To view a figure showing the connectors used in the following procedures see Back panel connectors Configuration via the RMM interface You can connect to Skybox Appliance via its RMM interface by connecting a network cable to the RMM port The RMM interface is preconfigured t...

Page 15: ...ement 4 Select BMC LAN configuration l If you are using DHCP The system assigns a name to the RMM interface and its IP address you can configure the name at the bottom of the page in the BMC hostname field l If you are using a Static address Provide the IP address netmask and gateway IP address 5 When you are finished press F10 to save and exit the configuration Skybox Appliance boots with the RMM...

Page 16: ...e l If using PuTTY as your terminal emulator Character set translation on received data UTF 8 3 Press the Power button on the Skybox Appliance front panel and verify that the Power LED is green 4 Log in to your Skybox Appliance as the root user The default password for your 1st login is skyboxview On the initial log in you must change the default password 5 Configure a network interface with an IP...

Page 17: ...Skybox Appliance You will need it later Configuring Skybox Appliance To configure Skybox Appliance 1 In a browser connect to Skybox Appliance Administration using the following URL https Appliance IP address 444 where Appliance IP address is the IP address that you configured in Configuring connection 2 The default user name is skyboxview the default password is skyboxview On the initial login you...

Page 18: ...r installing and configuring Skybox Appliance you must install Skybox Manager on at least 1 remote machine see Skybox Manager Installation Skybox Manager is required to configure certain admin components in the product However almost all user functions are done in Skybox Web Client and not in Skybox Manager Skybox Manager is a Java client and should be installed on a Windows PC The Skybox Manager ...

Page 19: ...nly saved after you click Save Network Configuration Network Configuration Enables you to configure network settings connection method IP address netmask and gateway and bonding for each network interface connection and to configure the DNS servers Note For non virtual Appliances this pane includes a link to a figure showing the back panel to help you to understand the connections Note Network Int...

Page 20: ...elect Enable SNMP Service to set up SNMP configuration host configuration and sending traps see Setting up SNMP configuration You can also download the Skybox Appliance MIBs Security tab Appliance Passwords Enables you to change the root password for Skybox Appliance the password for Skybox Appliance Administration and the RMM password LDAP Enables you to set up Skybox Appliance to support authent...

Page 21: ...rder from the 1st available slave to the last This mode provides load balancing and fault tolerance mode 1 active backup Active backup policy Only 1 slave in the bond is active A different slave becomes active if and only if the active slave fails The bond s MAC address is externally visible on a single port network adapter to avoid confusing the switch This mode provides fault tolerance The prima...

Page 22: ...uire special switch support The receive load balancing is achieved by ARP negotiation The bonding driver intercepts the ARP replies sent by the local system on their way out and overwrites the source hardware address with the unique hardware address of a slave in the bond such that different peers use different hardware addresses for the server Setting up SNMP configuration Skybox Appliances can b...

Page 23: ...users for Read Only Credentials and Read write credentials For each credential set the following values o Username A character string value o Password A string at least 8 character long can be left blank o Hashing Algorithm We recommend that you select MD5 default o Encryption Algorithm We recommend that you select DES default l On the Notification Traps tab o Destination Name or IP address in the...

Page 24: ...tion for your RADIUS server There are 3 fields per line in this file each line representing a RADIUS server Each line has the following format server port secret timeout Blank lines or lines beginning with are ignored l The port number is optional The default port is 1812 l The timeout field is optional The default timeout is 3 seconds The timeout field controls how many seconds the module waits b...

Page 25: ...ate on a new line Example BEGIN CERTIFICATE END CERTIFICATE BEGIN CERTIFICATE END CERTIFICATE Note The certificates must be in PEM format LDAP Search Base The default base DN to use for performing LDAP search operations The syntax must be in DN format Example CN Users DC YOURDOMAIN DC LOCAL LDAP Schema Select the schema type used on the target LDAP server The default attribute names retrieved from...

Page 26: ...s for TLS l Default High Security configuration for SSL TLS versions 1 2 and higher are enabled Supported browsers Firefox 27 Chrome 30 Internet Explorer 11 on Windows 7 Edge Opera 17 Safari 9 Android 5 0 Java 8 and higher l Medium Security configuration for SSL TLS versions 1 1 and higher are enabled Supported browsers Firefox 1 Chrome 1 Internet Explorer 7 Opera 5 Safari 1 Windows XP Internet Ex...

Page 27: ...ECDSA AES128 SHA ECDHE RSA AES256 SHA384 ECDHE RSA AES128 SHA ECDHE ECDSA AES256 SHA384 ECDHE ECDSA AES256 SHA ECDHE RSA AES256 SHA DHE RSA AES128 SHA256 DHE RSA AES128 SHA DHE RSA AES256 SHA256 DHE RSA AES256 SHA ECDHE ECDSA DES CBC3 SHA ECDHE RSA DES CBC3 SHA EDH RSA DES CBC3 SHA AES128 GCM SHA256 AES256 GCM SHA384 AES128 SHA256 AES256 SHA256 AES128 SHA AES256 SHA DES CBC3 SHA DSS Low Security c...

Page 28: ...ntOS logs to a remote syslog server To send the Skybox Appliance CentOS logs to a remote syslog server 1 On the System tab click Syslog Server 2 Select Send System Logs to Remote Syslog Server 3 Fill in the remote syslog IP address and port to use and select the protocol to use ...

Page 29: ...configuration files of the syslog server and to the syslog log rotation file are included when necessary as part of Skybox Appliance operating system updates Users can also modify the following files locally for local changes l syslog configuration file etc syslog ng syslog ng conf l cron file etc cron daily syslog ng archive How can I change where and for how long the logs are stored The followin...

Page 30: ...rtigate var log syslog ng new fg All others var log syslog ng new What are the log files named A separate log is generated for each device Log file names have the format l New logs device name IP address _ time of creation log l Archived logs device name IP address _ time of creation zip How can the logs be imported into the Skybox model Device logs can be imported using the following tasks l Chan...

Page 31: ...ems supported web based browsers and hardware requirements for Skybox Manager see Skybox Security System Requirements Installing Skybox Manager Note Skybox Manager runs on most Microsoft Windows operating systems For details see Skybox Manager system requirements Installing Skybox Manager requires administrator privileges To install Skybox Manager 1 Run the installation file SkyboxManager version ...

Page 32: ...the old installation file This way when Skybox users install Skybox Manager from the Appliance they are installing the latest version To replace the Skybox Manager installation file 1 Copy the installation file SkyboxManager version build exe to your Skybox Appliance using PuTTY WinSCP or another client program Save the file at usr local skyboxwebadmin manager 2 Delete all other file in this direc...

Page 33: ...of the update back them up manually before updating CentOS The backed up files are at var tmp appliance_update_ installed_ version backup appliance_backup To update the operating system Note The machine reboots as part of the update process 1 Download the following files to your machine not to the Skybox Appliance server where patch is the patch number l Skybox_ patch appliance_update l Skybox_ pa...

Page 34: ... log appliance_update_ patch log 9 Optional If something went wrong with the update process you can l Restore settings files manually l Restore the files together overwriting the original files but preserving the original ownership and permissions for the files tar xpjf var tmp appliance_update_ patch backup Appliance_backup tar bz2 overwrite same owner P ...

Page 35: ... fit on a standard DVD R We recommend that you use either a DVD R DL Dual Layer or a flash drive if you need to burn the ISO Note For flash drives we recommend using Rufus to burn the ISO https rufus ie To boot from the ISO l During startup select F6 and then select the device DVD or flash drive from which to boot ...

Page 36: ...remote login via SSH to the root and skyboxview users only AllowUsers root skyboxview AllowGroups root skyboxview This configuration is implemented as part of hardening the operating system of Skybox Appliance Changing these settings is not recommended and may not persist through Appliance operating system updates ...

Page 37: ...n all commands from the command line on the Skybox Appliance 1 Run get_appliance_details 2 Your Appliance model number is shown in the MODEL field 3 Run sudo ipmitool mc info grep Firmware Revision The result shows the firmware revision number for example Firmware Revision 1 16 To determine whether your Skybox Appliance requires a firmware update compare the Firmware Revision detected on your Appl...

Page 38: ...g in to the RMM interface of Skybox Appliance from your local machine For instructions see Configuring Java for login To check the firmware revision on your Skybox Appliance 1 Open Microsoft Explorer 2 Enter the RMM address of Skybox Appliance as the URL 3 Authenticate using the user name and the password 4 If you are not sure of your model number a Click the FRU Information tab b In the Product I...

Page 39: ...pdates for Skybox Appliance Skybox version 11 6 100 39 Important You must know the model number for the update 5 From the System Information tab on the Summary page check the firmware revision number in the field BMC FW Rev ...

Page 40: ...al to the relevant version in this table no update is required If the version detected is lower than the version in this table continue with Preparing to update Preparing to update Important Contact Skybox support before upgrading the firmware on your Skybox Appliance Skybox Appliances are manufactured to use a specific Skybox approved version of the firmware Warning Do not attempt to upgrade to a...

Page 41: ...ver stop l To shut down the Skybox Collector run service sbvcollector stop Updating via the console If you are not using RMM on your Skybox Appliance the following instructions explain how to perform the firmware update using the console To update the firmware 1 Open the ZIP file and copy the entire content of the package to the root directory of a USB flash drive 2 Insert the USB flash drive into...

Page 42: ...irmware 1 Open the ZIP file and copy the entire content of the package file to the root directory of a USB flash drive 2 Connect the USB flash drive to the back panel of the Skybox Appliance machine 3 Make sure that no other USB is connected 4 Connect to RMM as in steps 1 through 3 in Checking your firmware revision via RMM 5 Hover over Remote Control and select IKVM over HTML5 6 Log in as the roo...

Page 43: ... version 11 6 100 43 a From the BMC Web Console click Server Power Control b Select Reset Server and select Force enter Bios Setup c Click Perform Action The machine reboots and the boot menu is displayed 9 From the menu select Boot Manager and press Enter ...

Page 44: ...Skybox Appliance 6000 Quick Start Guide Skybox version 11 6 100 44 10 From the Boot Manager select Launch EFI Shell and press Enter After about 5 seconds the following screen appears ...

Page 45: ...Chapter 10 Firmware updates for Skybox Appliance Skybox version 11 6 100 45 11 Press Enter When the procedure is almost finished the screen displays the following ...

Page 46: ...Skybox Appliance 6000 Quick Start Guide Skybox version 11 6 100 46 12 Wait 2 minutes and log in again to the remote console 13 Press 5 to exit the update ...

Page 47: ...dates for Skybox Appliance Skybox version 11 6 100 47 14 Press any key to continue Configuring Java for login This procedure enables you to log in to the RMM interface of the Skybox Appliance machine from your local machine ...

Page 48: ...Skybox Appliance 6000 Quick Start Guide Skybox version 11 6 100 48 1 From the Windows Start menu select Configure Java 2 In the Java Control Panel click the Security tab ...

Page 49: ...Chapter 10 Firmware updates for Skybox Appliance Skybox version 11 6 100 49 3 Click Edit Site List 4 Add the URL of the RMM interface of the Skybox Appliance machine ...

Page 50: ...Skybox Appliance 6000 Quick Start Guide Skybox version 11 6 100 50 ...

Page 51: ...8 asn1 encoding routines ASN1_CHECK_TLEN wrong tag Sun Nov 03 16 26 23 623006 2019 ssl error pid 10480 tid 140600437254272 SSL Library Error error 0D08303A asn1 encoding routines ASN1_TEMPLATE_NOEXP_D2I nested asn1 error Sun Nov 03 16 26 23 623012 2019 ssl error pid 10480 tid 140600437254272 SSL Library Error error 0D0680A8 asn1 encoding routines ASN1_CHECK_TLEN wrong tag Sun Nov 03 16 26 23 62301...

Page 52: ...cate is installed in your browser s trusted CA certificate repository 10 Access Skybox Appliance Administration at https common_name 444 Exporting the Server certificate and private key from the Java keystore To export the server certificate and private key from the Java keystore 1 Log in to the Skybox Server or the Skybox Collector as the root user 2 Navigate to opt skyboxview server conf 3 Creat...

Page 53: ...keystore openssl pkcs12 in server keystore p12 nodes nocerts out etc pki tls private skybox_key pem The private key is exported directly to etc pki tls private 7 When prompted Enter Import Password enter skyboxview 8 Remove the P12 keystore rm server keystore p12 Important Do not remove server keystore 9 Continue to Adding your own certificate and use the exported server certificate and private ke...

Page 54: ...required Rufus settings are listed in the following table PROPERTY VALUE Partition scheme MBR Target system BIOS or UEFI Warning Restoring Skybox Appliance erases all data on the Appliance To restore Skybox Appliance to factory defaults 1 Insert the USB drive 2 Reboot the Appliance 3 When you see the Skybox Installation Menu window press any key to interrupt the boot process Note If the Skybox Ins...

Page 55: ...ptimizes the partitioning scheme for Appliances to run as a Skybox Collector l Install Standalone Elasticsearch Node Enhances the scalability of the Elasticsearch based Skybox Web Client These options are available from the boot menu of the Skybox Appliance ISO Modify the Skybox Server and Collector Parameters To install the Skybox Server and Collector with modified parameters 1 Mount the ISO and ...

Page 56: ...ld not be used for an Appliance intended to run the Skybox Server Install only the Skybox Collector You can install Skybox Appliance as a Skybox Collector without installing the Skybox Server This option optimizes the partitioning scheme for Appliances to run as a Collector A collector only installation results in the following configuration l The operating system is installed from scratch Skybox ...

Page 57: ...tallation It waits 60 seconds for a response l If the response is Yes or if no response is provided within 60 seconds the default installation starts which configures Skybox Appliance as a Skybox Collector l If the response is No the following dialog appears explaining the various installation options and allows the user to customize the installation Install Standalone Elasticsearch Node You can i...

Page 58: ...oning l No AIDE l No FIPS140 compliance l Install the Skybox Server in Standalone Elasticsearch mode A standalone Elasticsearch node must be connected to the master Skybox Server node If you are using a 3 node cluster all 3 nodes must be connected to the master Skybox Server node ...

Page 59: ...f idle CPU time 1 3 6 1 4 1 2021 11 11 0 l Raw idle CPU time 1 3 6 1 4 1 2021 11 53 0 l Raw nice CPU time 1 3 6 1 4 1 2021 11 51 0 Memory statistics l Total swap size 1 3 6 1 4 1 2021 4 3 0 l Available swap space 1 3 6 1 4 1 2021 4 4 0 l Total RAM in machine 1 3 6 1 4 1 2021 4 5 0 l Total RAM used 1 3 6 1 4 1 2021 4 6 0 l Total RAM free 1 3 6 1 4 1 2021 4 11 0 l Total RAM shared 1 3 6 1 4 1 2021 4...

Page 60: ...ector status commands o Return codes statuses 0 Running 2 Partially running currently in the process of starting or stopping 3 Stopped l Get Appliance mode 1 3 6 1 4 1 8072 1 3 2 4 1 2 19 49 46 51 46 54 46 49 46 52 46 49 46 49 5 7 55 54 56 46 51 o Outputs include MODE SERVER MODE COLLECTOR MODE ELASTIC Examples l For Skybox Server status snmpget v2c c skyboxview 127 0 0 1 1 3 6 1 4 1 8072 1 3 2 3 ...

Page 61: ...endOutputFull 1 3 6 1 4 1 19768 4 STRING server is up pid 1570 jstat gcutil output S0 S1 E O M CCS YGC YGCT FGC FGCT GCT 97 02 0 00 79 80 86 18 93 60 216 11 808 13 18 205 30 014 collector is up pid 2075 jstat gcutil output S0 S1 E O M CCS YGC YGCT FGC FGCT GCT 75 00 0 00 65 97 18 63 95 59 93 18 28 0 567 3 0 320 0 888 ...

Page 62: ... 103 7 1 11 CORES 2 MODE SERVER MODEL RAM 32014 MB SERIAL_NUMBER SKYBOXVIEW 10 0 513 Hardware issues If there is a hardware issue on Skybox Appliance usually indicated by the system status LED turning amber or blinking a directory LogFiles is created at the location that the sysinfo command is invoked from This directory contains the diagnostic log files 1 As the root user not sudo run the command...

Page 63: ...e destroying the data on it for example if you are sending the Skybox Appliance back to Skybox for replacement Warning This procedure wipes the SDD completely it will not be bootable or function at all The following command overwrites all partitions master boot records and data dd if dev urandom of dev sda bs 1M ...

Page 64: ...By monitoring the file system state compromised files can be detected to prevent or limit the exposure of accidental or malicious misconfigurations or modified binaries 1 3 2 ü Ensure that file system integrity is regularly checked Periodic checking of the file system integrity is needed to detect changes to the file system Rationale Periodic file checking enables the system administrator to deter...

Page 65: ...lation Service mcstrans is not installed The mcstransd daemon provides category label information to client processes requesting information The label translations are defined in etc selinux targeted setrans conf Rationale Because this service is not used very often remove it to reduce the amount of potentially vulnerable code running on the system 1 7 1 3 ü Ensure that the remote login warning ba...

Page 66: ...uted packets are permitted they can be used to gain access to the private address systems as the route can be specified rather than relying on routing protocols that do not permit this routing 3 2 2 Ensure that ICMP redirects are not accepted Rationale Attackers could use bogus ICMP redirect messages to maliciously alter the system routing tables and get them to send packets to incorrect networks ...

Page 67: ... Rationale It is highly unusual for a non privileged user to mount file systems to the system Although tracking mount commands gives the system administrator evidence that external media may have been mounted based on a review of the source of the mount and confirming that it is an external media type it does not conclusively indicate that data was exported to the media 4 1 14 ü Ensure that file d...

Page 68: ...rmissions on etc cron daily are configured l Ensure that permissions on etc cron weekly are configured l Ensure that permissions on etc cron monthly are configured l Ensure that permissions on etc cron d are configured Rationale Granting write access to these directories for non privileged users could provide them the means for gaining unauthorized elevated privileges Granting read access to these...

Page 69: ...user access further by only permitting these users to log in from a particular host the entry can be specified in the form of user host l AllowGroups The AllowGroups variable gives the system administrator the option of permitting specific groups of users to SSH into the system The list consists of space separated group names Numeric group IDs are not recognized with this variable Rationale Restri...

Page 70: ...and Users who want to permit their files and directories to be readable by others by default may choose a different default umask by inserting the umask command into the standard shell configuration files profile bashrc and so on in their home directories Rationale Setting a very secure default value for umask ensures that users make a conscious choice about their file permissions A default umask ...

Page 71: ...les may also indicate an incorrectly written script or program that could potentially be the cause of a larger compromise to the system s integrity 6 1 11 ü Ensure that no unowned files or directories exist Sometimes when administrators delete users from the password file they neglect to remove all files owned by those users from the system Rationale A new user who is assigned the deleted user s u...

Page 72: ...systems test equipment and so on other than an ITE application will require further evaluation and may require additional regulatory approvals Note The use and or integration of telecommunication devices such as modems and or wireless devices have not been planned for with respect to these systems If there is any change of plan to use such devices then telecommunication type certifications will re...

Page 73: ...uirements A Material Declaration Data Sheet is available for Intel products For more reference on material restrictions and compliance you can view Intel s Environmental Product Content Specification at http supplier intel com ehs environmental htm l Europe European Directive 2002 95 EC Restriction of Hazardous Substances RoHS Threshold limits and banned substances are noted below o Quantity limit...

Page 74: ...tions Commission Korea CU Russia Ukraine Certification Ukraine BSMI Certification RPC Number Class A Warning Taiwan FCC Marking Class A USA This device complies with Part 15 of the FCC Rules Operation of this device is subject to the following two conditions 1 This device may not cause harmful interference and 2 This device must accept interference receive including interference that may cause und...

Page 75: ...ackage Marks China Will be added on Package label Other Recycling Package Marks International Will be added on Package label Battery Perchlorate Warning Information USA CA Perchlorate Material Special handling may apply See www dtsc ca gov hazardouswaste perchlorate This notice is required by California Code of Regulations Title 22 Division 4 5 Chapter 33 Best Management Practices for Perchlorate ...

Page 76: ...d and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference in a residential installation This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instructions may cause harmful interference to radio com...

Page 77: ...on of this notice This digital apparatus does not exceed the Class B limits for radio noise emissions from digital apparatus set out in the interference causing equipment standard entitled Digital Apparatus ICES 003 of the Canadian Department of Communications Europe CE Declaration of Conformity This product has been tested in accordance to and complies with the Low Voltage Directive 2005 96 EC an...

Page 78: ...License and Product 2 Certification No On RRL certificate Obtain certificate from local Intel representative 3 Name of Certification Recipient Intel Corporation 4 Date of Manufacturer Refer to date code on product 5 Manufacturer Nation Intel Corporation Refer to country of origin marked on product CNCA CCC China The CCC Certification Marking and EMC warning is located on the outside rear area of t...

Reviews:

No comments

Related manuals for 6000

3CR860-95 - OfficeConnect Secure Router

Brand: 3Com Pages: 2

Brand: 3Com Pages: 26

Brand: B2 Pages: 52

Brand: VAF instruments Pages: 56

Brand: Ubiquiti Pages: 22

Brand: Ublox Pages: 17

ZyXEL EES-1024AF

Brand: ZyXEL Communications Pages: 99

Brand: Conceptronic Pages: 2

Linear SCP-LT8362-S-EVALZ

Brand: Analog Devices Pages: 8

Brand: process-informatik Pages: 8

Brand: Acces I/O products Pages: 5

SINUS H PROFInet

Brand: Enertronica Santerno Pages: 34

Brand: Altera Pages: 42

Duinotech Lilypad Plus XC3920

Brand: Jaycar Electronics Pages: 2

Brand: Baicells Pages: 10

Brand: Kaptia Pages: 14

Brand: X-Micro Pages: 49

Brand: Airlink101 Pages: 13

Brands by name

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Popular brands

Load more brands