skybox 6000 Скачать руководство пользователя страница 52

Страница: 52 / 78

Skybox Appliance 6000 Quick Start Guide

Skybox version 11.6.100

b. Transfer the concatenated file to

/etc/pki/tls/certs

5. Back up the file

/etc/httpd/conf.d/skyboxwebadmin.conf

6. Create a symbolic link to your certificate:

a. Backup the original Skybox certificate file:

mv /etc/pki/tls/certs/localhost.crt

/etc/pki/tls/certs/localhost.crt.old

b. Create a symbolic link to the new certificate file:

ln -s <customer_certificate_

file> /etc/pki/tls/certs/localhost.crt

where

<customer_certificate_

file>

is the full path and file name to your certificate

c. Change the permissions of the new certificate file:

chmod 600 <customer_

certificate_file>

7. If you are using an intermediate CA certificate, add the following line under the line

SSLCertificateKeyFile

SSLCertificateChainFile /etc/pki/tls/certs/ca-chain.cert.pem

Note: If you are using an intermediate certificate, you are required to add the above line
again after an upgrade.

8. Restart the Apache server:

systemctl restart httpd

9. Make sure that the root CA certificate is installed in your browser’s trusted CA certificate

repository.

10. Access Skybox Appliance Administration at

https://<common_name>:444

Exporting the Server certificate and private key from the Java
keystore

To export the server certificate and private key from the Java keystore

1. Log in to the Skybox Server or the Skybox Collector as the root user.

2. Navigate to

/opt/skyboxview/server/conf

3. Create a P12 keystore.

Replace

<alias>

with the alias that you chose when you generated the private key in the

Generating and installing a certificate using the Java keytool procedure.

Replace

<version#>

with the JDK version (for example,

1.8.0_242

../../thirdparty/jdk<version#>/bin/keytool -importkeystore -srckeystore

server.keystore -srcstorepass skyboxview -destkeystore

server.keystore.p12 -deststoretype PKCS12 -srcalias <alias> -

deststorepass skyboxview -destkeypass skyboxview

If you do not remember your alias:

a. Execute

../../thirdparty/jdk<version#>/bin/keytool -list -v -keystore

server.keystore -storepass skyboxview

b. Find your server certificate. Above it is the Alias name field; this is your alias.

4. Export the server certificate from the keystore:

openssl pkcs12 -in

server.keystore.p12 -nokeys -out /etc/pki/tls/certs/skybox_cert.pem

Содержание 6000

Страница 1: ...Skybox Appliance 6000 Quick Start Guide 11 6 110 CentOS Linux release 7 9 2009 Core Skybox Security Inc 2077 Gateway Place Suite 200 San Jose CA 95110 USA 1 866 675 9269 skyboxsecurity com ...

Страница 2: ... not warrant that this document is error free No part of this publication may be reproduced stored in a retrieval system or transmitted in any form or by any means electronic mechanical photocopying recording or otherwise without the prior written permission of Skybox Security Skybox Skybox Security Skybox Firewall Assurance Skybox Network Assurance Skybox Vulnerability Control Skybox Change Manag...

Страница 3: ...13 Available Installation Processes 13 System configuration 14 What s next 18 Configuring Skybox Appliance 19 Configuration and management options 19 Setting up network interface bonding 20 Setting up SNMP configuration 22 RADIUS authentication 23 LDAP authentication 24 Changing the TLS version 26 Sending CentOS logs to a remote syslog server 28 Customizing the syslog server 29 Setting up TCP and ...

Страница 4: ...the Server certificate and private key from the Java keystore 52 Restoring Skybox Appliance to factory defaults 54 Selecting the Server Installation 55 Modify the Skybox Server and Collector Parameters 55 Install only the Skybox Collector 56 Install Standalone Elasticsearch Node 57 Monitoring SNMP 59 Troubleshooting 62 Wiping the hard disk drive 63 CIS benchmarks for CentOS 7 64 Regulatory and saf...

Страница 5: ...ox Server and Skybox Collector are preinstalled on Skybox Appliance and run at startup In this chapter Basic architecture 5 Related documentation 5 Basic architecture The Skybox platform consists of a 3 tiered architecture with a centralized server Skybox Server data collectors Skybox Collectors and a user interface Skybox Manager Skybox can be scaled to suit the complexity and size of any infrast...

Страница 6: ... ensure that the packaging is not damaged and verify that all tamper evident seals are intact Verify that the Skybox Appliance serial number purchase order number and FedEx tracking number match the information provided by Skybox Customer Support What s in the box The following items are in the shipping carton l Skybox Appliance l Rack mount kit l Front bezel l 2 AC power cords l RJ45 to DB9 seria...

Страница 7: ... l 1 system status LED l 4 NIC LEDs l 1 HDD activity LED l 1 system cold reset button l 2 USB 2 0 connectors l 1 video connector l Bezel with lock support External I O connectors back panel l DB 15 video connector l RJ45 serial port A connector l 3 USB 2 0 Ports l 4 RJ 45 1000baseT network interfaces 1 GB Ethernet LAN Note Ports I O and RMM4 are not supported Compliant standards Ctick NRTL CE FCC ...

Страница 8: ...027 7 BTU hour EMI operating Required to meet EMI emission requirements tested as part of system MTBF estimates for Skybox Appliance The estimated mean time between failures MTBF and Failures in Time FIT for Skybox Appliance 6000 are listed in the following table COMPONENT MTBF HOURS ESTIMATED FIT Backplane board 935189 1069 PCI Riser Card 7303481 137 Front Panel board 8272282 121 Intel Server Boa...

Страница 9: ...tivity LED D NIC3 activity LED E System cold reset button F System status LED G Power button with integrated LED H Hard drive activity LED I NIC4 activity LED J NIC2 activity LED Front panel LED functions LED COLOR STATE DESCRIPTION Power Sleep Green on Power on Green blinking Sleep Off Power off NIC LEDs Green on Network link but no network activity Green blinking Network activity Off No link ...

Страница 10: ...cal Alarm Redundant fan failure redundant power module failure non critical temperature and voltage Off Power off System unplugged Power on System powered off and in standby no prior degraded non critical critical state Back panel connectors Skybox Appliance 6000 back panel includes the connectors shown in the following figure Port mapping The mappings between physical ports on the back panel of S...

Страница 11: ...values File system partitions By default the Skybox Appliance file system is partitioned as follows l tmp partition 5 l root partition 10 l var partition 30 l Swap partition The swap size is set to half the total RAM but no more than 8 of total storage l opt partition remainder of storage ...

Страница 12: ...all peripheral devices connected to Skybox Appliance 2 Turn off Skybox Appliance by pressing the Power button on the front of the chassis and then unplug the AC power cords from the chassis or wall outlet 3 Label and disconnect all peripheral cables and all telecommunications lines connected to I O connectors or ports on the back of the chassis 4 Provide electrostatic discharge ESD protection by w...

Страница 13: ... the user consults with Skybox Professional Services prior to selecting any of these installation options Advanced Installation Options Skybox Appliance by default boots from a local drive with predefined parameters and is installed as a Skybox Server including a local Collector Several options are available to modify the default installation process l Modify the Skybox Server and Collector Parame...

Страница 14: ...iance l A console mouse keyboard and screen connection l A serial port connection l A network connection via static NIC Note To view a figure showing the connectors used in the following procedures see Back panel connectors Configuration via the RMM interface You can connect to Skybox Appliance via its RMM interface by connecting a network cable to the RMM port The RMM interface is preconfigured t...

Страница 15: ...ement 4 Select BMC LAN configuration l If you are using DHCP The system assigns a name to the RMM interface and its IP address you can configure the name at the bottom of the page in the BMC hostname field l If you are using a Static address Provide the IP address netmask and gateway IP address 5 When you are finished press F10 to save and exit the configuration Skybox Appliance boots with the RMM...

Страница 16: ...e l If using PuTTY as your terminal emulator Character set translation on received data UTF 8 3 Press the Power button on the Skybox Appliance front panel and verify that the Power LED is green 4 Log in to your Skybox Appliance as the root user The default password for your 1st login is skyboxview On the initial log in you must change the default password 5 Configure a network interface with an IP...

Страница 17: ...Skybox Appliance You will need it later Configuring Skybox Appliance To configure Skybox Appliance 1 In a browser connect to Skybox Appliance Administration using the following URL https Appliance IP address 444 where Appliance IP address is the IP address that you configured in Configuring connection 2 The default user name is skyboxview the default password is skyboxview On the initial login you...

Страница 18: ...r installing and configuring Skybox Appliance you must install Skybox Manager on at least 1 remote machine see Skybox Manager Installation Skybox Manager is required to configure certain admin components in the product However almost all user functions are done in Skybox Web Client and not in Skybox Manager Skybox Manager is a Java client and should be installed on a Windows PC The Skybox Manager ...

Страница 19: ...nly saved after you click Save Network Configuration Network Configuration Enables you to configure network settings connection method IP address netmask and gateway and bonding for each network interface connection and to configure the DNS servers Note For non virtual Appliances this pane includes a link to a figure showing the back panel to help you to understand the connections Note Network Int...

Страница 20: ...elect Enable SNMP Service to set up SNMP configuration host configuration and sending traps see Setting up SNMP configuration You can also download the Skybox Appliance MIBs Security tab Appliance Passwords Enables you to change the root password for Skybox Appliance the password for Skybox Appliance Administration and the RMM password LDAP Enables you to set up Skybox Appliance to support authent...

Страница 21: ...rder from the 1st available slave to the last This mode provides load balancing and fault tolerance mode 1 active backup Active backup policy Only 1 slave in the bond is active A different slave becomes active if and only if the active slave fails The bond s MAC address is externally visible on a single port network adapter to avoid confusing the switch This mode provides fault tolerance The prima...

Страница 22: ...uire special switch support The receive load balancing is achieved by ARP negotiation The bonding driver intercepts the ARP replies sent by the local system on their way out and overwrites the source hardware address with the unique hardware address of a slave in the bond such that different peers use different hardware addresses for the server Setting up SNMP configuration Skybox Appliances can b...

Страница 23: ...users for Read Only Credentials and Read write credentials For each credential set the following values o Username A character string value o Password A string at least 8 character long can be left blank o Hashing Algorithm We recommend that you select MD5 default o Encryption Algorithm We recommend that you select DES default l On the Notification Traps tab o Destination Name or IP address in the...

Страница 24: ...tion for your RADIUS server There are 3 fields per line in this file each line representing a RADIUS server Each line has the following format server port secret timeout Blank lines or lines beginning with are ignored l The port number is optional The default port is 1812 l The timeout field is optional The default timeout is 3 seconds The timeout field controls how many seconds the module waits b...

Страница 25: ...ate on a new line Example BEGIN CERTIFICATE END CERTIFICATE BEGIN CERTIFICATE END CERTIFICATE Note The certificates must be in PEM format LDAP Search Base The default base DN to use for performing LDAP search operations The syntax must be in DN format Example CN Users DC YOURDOMAIN DC LOCAL LDAP Schema Select the schema type used on the target LDAP server The default attribute names retrieved from...

Страница 26: ...s for TLS l Default High Security configuration for SSL TLS versions 1 2 and higher are enabled Supported browsers Firefox 27 Chrome 30 Internet Explorer 11 on Windows 7 Edge Opera 17 Safari 9 Android 5 0 Java 8 and higher l Medium Security configuration for SSL TLS versions 1 1 and higher are enabled Supported browsers Firefox 1 Chrome 1 Internet Explorer 7 Opera 5 Safari 1 Windows XP Internet Ex...

Страница 27: ...ECDSA AES128 SHA ECDHE RSA AES256 SHA384 ECDHE RSA AES128 SHA ECDHE ECDSA AES256 SHA384 ECDHE ECDSA AES256 SHA ECDHE RSA AES256 SHA DHE RSA AES128 SHA256 DHE RSA AES128 SHA DHE RSA AES256 SHA256 DHE RSA AES256 SHA ECDHE ECDSA DES CBC3 SHA ECDHE RSA DES CBC3 SHA EDH RSA DES CBC3 SHA AES128 GCM SHA256 AES256 GCM SHA384 AES128 SHA256 AES256 SHA256 AES128 SHA AES256 SHA DES CBC3 SHA DSS Low Security c...

Страница 28: ...ntOS logs to a remote syslog server To send the Skybox Appliance CentOS logs to a remote syslog server 1 On the System tab click Syslog Server 2 Select Send System Logs to Remote Syslog Server 3 Fill in the remote syslog IP address and port to use and select the protocol to use ...

Страница 29: ...configuration files of the syslog server and to the syslog log rotation file are included when necessary as part of Skybox Appliance operating system updates Users can also modify the following files locally for local changes l syslog configuration file etc syslog ng syslog ng conf l cron file etc cron daily syslog ng archive How can I change where and for how long the logs are stored The followin...

Страница 30: ...rtigate var log syslog ng new fg All others var log syslog ng new What are the log files named A separate log is generated for each device Log file names have the format l New logs device name IP address _ time of creation log l Archived logs device name IP address _ time of creation zip How can the logs be imported into the Skybox model Device logs can be imported using the following tasks l Chan...

Страница 31: ...ems supported web based browsers and hardware requirements for Skybox Manager see Skybox Security System Requirements Installing Skybox Manager Note Skybox Manager runs on most Microsoft Windows operating systems For details see Skybox Manager system requirements Installing Skybox Manager requires administrator privileges To install Skybox Manager 1 Run the installation file SkyboxManager version ...

Страница 32: ...the old installation file This way when Skybox users install Skybox Manager from the Appliance they are installing the latest version To replace the Skybox Manager installation file 1 Copy the installation file SkyboxManager version build exe to your Skybox Appliance using PuTTY WinSCP or another client program Save the file at usr local skyboxwebadmin manager 2 Delete all other file in this direc...

Страница 33: ...of the update back them up manually before updating CentOS The backed up files are at var tmp appliance_update_ installed_ version backup appliance_backup To update the operating system Note The machine reboots as part of the update process 1 Download the following files to your machine not to the Skybox Appliance server where patch is the patch number l Skybox_ patch appliance_update l Skybox_ pa...

Страница 34: ... log appliance_update_ patch log 9 Optional If something went wrong with the update process you can l Restore settings files manually l Restore the files together overwriting the original files but preserving the original ownership and permissions for the files tar xpjf var tmp appliance_update_ patch backup Appliance_backup tar bz2 overwrite same owner P ...

Страница 35: ... fit on a standard DVD R We recommend that you use either a DVD R DL Dual Layer or a flash drive if you need to burn the ISO Note For flash drives we recommend using Rufus to burn the ISO https rufus ie To boot from the ISO l During startup select F6 and then select the device DVD or flash drive from which to boot ...

Страница 36: ...remote login via SSH to the root and skyboxview users only AllowUsers root skyboxview AllowGroups root skyboxview This configuration is implemented as part of hardening the operating system of Skybox Appliance Changing these settings is not recommended and may not persist through Appliance operating system updates ...

Страница 37: ...n all commands from the command line on the Skybox Appliance 1 Run get_appliance_details 2 Your Appliance model number is shown in the MODEL field 3 Run sudo ipmitool mc info grep Firmware Revision The result shows the firmware revision number for example Firmware Revision 1 16 To determine whether your Skybox Appliance requires a firmware update compare the Firmware Revision detected on your Appl...

Страница 38: ...g in to the RMM interface of Skybox Appliance from your local machine For instructions see Configuring Java for login To check the firmware revision on your Skybox Appliance 1 Open Microsoft Explorer 2 Enter the RMM address of Skybox Appliance as the URL 3 Authenticate using the user name and the password 4 If you are not sure of your model number a Click the FRU Information tab b In the Product I...

Страница 39: ...pdates for Skybox Appliance Skybox version 11 6 100 39 Important You must know the model number for the update 5 From the System Information tab on the Summary page check the firmware revision number in the field BMC FW Rev ...

Страница 40: ...al to the relevant version in this table no update is required If the version detected is lower than the version in this table continue with Preparing to update Preparing to update Important Contact Skybox support before upgrading the firmware on your Skybox Appliance Skybox Appliances are manufactured to use a specific Skybox approved version of the firmware Warning Do not attempt to upgrade to a...

Страница 41: ...ver stop l To shut down the Skybox Collector run service sbvcollector stop Updating via the console If you are not using RMM on your Skybox Appliance the following instructions explain how to perform the firmware update using the console To update the firmware 1 Open the ZIP file and copy the entire content of the package to the root directory of a USB flash drive 2 Insert the USB flash drive into...

Страница 42: ...irmware 1 Open the ZIP file and copy the entire content of the package file to the root directory of a USB flash drive 2 Connect the USB flash drive to the back panel of the Skybox Appliance machine 3 Make sure that no other USB is connected 4 Connect to RMM as in steps 1 through 3 in Checking your firmware revision via RMM 5 Hover over Remote Control and select IKVM over HTML5 6 Log in as the roo...

Страница 43: ... version 11 6 100 43 a From the BMC Web Console click Server Power Control b Select Reset Server and select Force enter Bios Setup c Click Perform Action The machine reboots and the boot menu is displayed 9 From the menu select Boot Manager and press Enter ...

Страница 44: ...Skybox Appliance 6000 Quick Start Guide Skybox version 11 6 100 44 10 From the Boot Manager select Launch EFI Shell and press Enter After about 5 seconds the following screen appears ...

Страница 45: ...Chapter 10 Firmware updates for Skybox Appliance Skybox version 11 6 100 45 11 Press Enter When the procedure is almost finished the screen displays the following ...

Страница 46: ...Skybox Appliance 6000 Quick Start Guide Skybox version 11 6 100 46 12 Wait 2 minutes and log in again to the remote console 13 Press 5 to exit the update ...

Страница 47: ...dates for Skybox Appliance Skybox version 11 6 100 47 14 Press any key to continue Configuring Java for login This procedure enables you to log in to the RMM interface of the Skybox Appliance machine from your local machine ...

Страница 48: ...Skybox Appliance 6000 Quick Start Guide Skybox version 11 6 100 48 1 From the Windows Start menu select Configure Java 2 In the Java Control Panel click the Security tab ...

Страница 49: ...Chapter 10 Firmware updates for Skybox Appliance Skybox version 11 6 100 49 3 Click Edit Site List 4 Add the URL of the RMM interface of the Skybox Appliance machine ...

Страница 50: ...Skybox Appliance 6000 Quick Start Guide Skybox version 11 6 100 50 ...

Страница 51: ...8 asn1 encoding routines ASN1_CHECK_TLEN wrong tag Sun Nov 03 16 26 23 623006 2019 ssl error pid 10480 tid 140600437254272 SSL Library Error error 0D08303A asn1 encoding routines ASN1_TEMPLATE_NOEXP_D2I nested asn1 error Sun Nov 03 16 26 23 623012 2019 ssl error pid 10480 tid 140600437254272 SSL Library Error error 0D0680A8 asn1 encoding routines ASN1_CHECK_TLEN wrong tag Sun Nov 03 16 26 23 62301...

Страница 52: ...cate is installed in your browser s trusted CA certificate repository 10 Access Skybox Appliance Administration at https common_name 444 Exporting the Server certificate and private key from the Java keystore To export the server certificate and private key from the Java keystore 1 Log in to the Skybox Server or the Skybox Collector as the root user 2 Navigate to opt skyboxview server conf 3 Creat...

Страница 53: ...keystore openssl pkcs12 in server keystore p12 nodes nocerts out etc pki tls private skybox_key pem The private key is exported directly to etc pki tls private 7 When prompted Enter Import Password enter skyboxview 8 Remove the P12 keystore rm server keystore p12 Important Do not remove server keystore 9 Continue to Adding your own certificate and use the exported server certificate and private ke...

Страница 54: ...required Rufus settings are listed in the following table PROPERTY VALUE Partition scheme MBR Target system BIOS or UEFI Warning Restoring Skybox Appliance erases all data on the Appliance To restore Skybox Appliance to factory defaults 1 Insert the USB drive 2 Reboot the Appliance 3 When you see the Skybox Installation Menu window press any key to interrupt the boot process Note If the Skybox Ins...

Страница 55: ...ptimizes the partitioning scheme for Appliances to run as a Skybox Collector l Install Standalone Elasticsearch Node Enhances the scalability of the Elasticsearch based Skybox Web Client These options are available from the boot menu of the Skybox Appliance ISO Modify the Skybox Server and Collector Parameters To install the Skybox Server and Collector with modified parameters 1 Mount the ISO and ...

Страница 56: ...ld not be used for an Appliance intended to run the Skybox Server Install only the Skybox Collector You can install Skybox Appliance as a Skybox Collector without installing the Skybox Server This option optimizes the partitioning scheme for Appliances to run as a Collector A collector only installation results in the following configuration l The operating system is installed from scratch Skybox ...

Страница 57: ...tallation It waits 60 seconds for a response l If the response is Yes or if no response is provided within 60 seconds the default installation starts which configures Skybox Appliance as a Skybox Collector l If the response is No the following dialog appears explaining the various installation options and allows the user to customize the installation Install Standalone Elasticsearch Node You can i...

Страница 58: ...oning l No AIDE l No FIPS140 compliance l Install the Skybox Server in Standalone Elasticsearch mode A standalone Elasticsearch node must be connected to the master Skybox Server node If you are using a 3 node cluster all 3 nodes must be connected to the master Skybox Server node ...

Страница 59: ...f idle CPU time 1 3 6 1 4 1 2021 11 11 0 l Raw idle CPU time 1 3 6 1 4 1 2021 11 53 0 l Raw nice CPU time 1 3 6 1 4 1 2021 11 51 0 Memory statistics l Total swap size 1 3 6 1 4 1 2021 4 3 0 l Available swap space 1 3 6 1 4 1 2021 4 4 0 l Total RAM in machine 1 3 6 1 4 1 2021 4 5 0 l Total RAM used 1 3 6 1 4 1 2021 4 6 0 l Total RAM free 1 3 6 1 4 1 2021 4 11 0 l Total RAM shared 1 3 6 1 4 1 2021 4...

Страница 60: ...ector status commands o Return codes statuses 0 Running 2 Partially running currently in the process of starting or stopping 3 Stopped l Get Appliance mode 1 3 6 1 4 1 8072 1 3 2 4 1 2 19 49 46 51 46 54 46 49 46 52 46 49 46 49 5 7 55 54 56 46 51 o Outputs include MODE SERVER MODE COLLECTOR MODE ELASTIC Examples l For Skybox Server status snmpget v2c c skyboxview 127 0 0 1 1 3 6 1 4 1 8072 1 3 2 3 ...

Страница 61: ...endOutputFull 1 3 6 1 4 1 19768 4 STRING server is up pid 1570 jstat gcutil output S0 S1 E O M CCS YGC YGCT FGC FGCT GCT 97 02 0 00 79 80 86 18 93 60 216 11 808 13 18 205 30 014 collector is up pid 2075 jstat gcutil output S0 S1 E O M CCS YGC YGCT FGC FGCT GCT 75 00 0 00 65 97 18 63 95 59 93 18 28 0 567 3 0 320 0 888 ...

Страница 62: ... 103 7 1 11 CORES 2 MODE SERVER MODEL RAM 32014 MB SERIAL_NUMBER SKYBOXVIEW 10 0 513 Hardware issues If there is a hardware issue on Skybox Appliance usually indicated by the system status LED turning amber or blinking a directory LogFiles is created at the location that the sysinfo command is invoked from This directory contains the diagnostic log files 1 As the root user not sudo run the command...

Страница 63: ...e destroying the data on it for example if you are sending the Skybox Appliance back to Skybox for replacement Warning This procedure wipes the SDD completely it will not be bootable or function at all The following command overwrites all partitions master boot records and data dd if dev urandom of dev sda bs 1M ...

Страница 64: ...By monitoring the file system state compromised files can be detected to prevent or limit the exposure of accidental or malicious misconfigurations or modified binaries 1 3 2 ü Ensure that file system integrity is regularly checked Periodic checking of the file system integrity is needed to detect changes to the file system Rationale Periodic file checking enables the system administrator to deter...

Страница 65: ...lation Service mcstrans is not installed The mcstransd daemon provides category label information to client processes requesting information The label translations are defined in etc selinux targeted setrans conf Rationale Because this service is not used very often remove it to reduce the amount of potentially vulnerable code running on the system 1 7 1 3 ü Ensure that the remote login warning ba...

Страница 66: ...uted packets are permitted they can be used to gain access to the private address systems as the route can be specified rather than relying on routing protocols that do not permit this routing 3 2 2 Ensure that ICMP redirects are not accepted Rationale Attackers could use bogus ICMP redirect messages to maliciously alter the system routing tables and get them to send packets to incorrect networks ...

Страница 67: ... Rationale It is highly unusual for a non privileged user to mount file systems to the system Although tracking mount commands gives the system administrator evidence that external media may have been mounted based on a review of the source of the mount and confirming that it is an external media type it does not conclusively indicate that data was exported to the media 4 1 14 ü Ensure that file d...

Страница 68: ...rmissions on etc cron daily are configured l Ensure that permissions on etc cron weekly are configured l Ensure that permissions on etc cron monthly are configured l Ensure that permissions on etc cron d are configured Rationale Granting write access to these directories for non privileged users could provide them the means for gaining unauthorized elevated privileges Granting read access to these...

Страница 69: ...user access further by only permitting these users to log in from a particular host the entry can be specified in the form of user host l AllowGroups The AllowGroups variable gives the system administrator the option of permitting specific groups of users to SSH into the system The list consists of space separated group names Numeric group IDs are not recognized with this variable Rationale Restri...

Страница 70: ...and Users who want to permit their files and directories to be readable by others by default may choose a different default umask by inserting the umask command into the standard shell configuration files profile bashrc and so on in their home directories Rationale Setting a very secure default value for umask ensures that users make a conscious choice about their file permissions A default umask ...

Страница 71: ...les may also indicate an incorrectly written script or program that could potentially be the cause of a larger compromise to the system s integrity 6 1 11 ü Ensure that no unowned files or directories exist Sometimes when administrators delete users from the password file they neglect to remove all files owned by those users from the system Rationale A new user who is assigned the deleted user s u...

Страница 72: ...systems test equipment and so on other than an ITE application will require further evaluation and may require additional regulatory approvals Note The use and or integration of telecommunication devices such as modems and or wireless devices have not been planned for with respect to these systems If there is any change of plan to use such devices then telecommunication type certifications will re...

Страница 73: ...uirements A Material Declaration Data Sheet is available for Intel products For more reference on material restrictions and compliance you can view Intel s Environmental Product Content Specification at http supplier intel com ehs environmental htm l Europe European Directive 2002 95 EC Restriction of Hazardous Substances RoHS Threshold limits and banned substances are noted below o Quantity limit...

Страница 74: ...tions Commission Korea CU Russia Ukraine Certification Ukraine BSMI Certification RPC Number Class A Warning Taiwan FCC Marking Class A USA This device complies with Part 15 of the FCC Rules Operation of this device is subject to the following two conditions 1 This device may not cause harmful interference and 2 This device must accept interference receive including interference that may cause und...

Страница 75: ...ackage Marks China Will be added on Package label Other Recycling Package Marks International Will be added on Package label Battery Perchlorate Warning Information USA CA Perchlorate Material Special handling may apply See www dtsc ca gov hazardouswaste perchlorate This notice is required by California Code of Regulations Title 22 Division 4 5 Chapter 33 Best Management Practices for Perchlorate ...

Страница 76: ...d and found to comply with the limits for a Class B digital device pursuant to Part 15 of the FCC Rules These limits are designed to provide reasonable protection against harmful interference in a residential installation This equipment generates uses and can radiate radio frequency energy and if not installed and used in accordance with the instructions may cause harmful interference to radio com...

Страница 77: ...on of this notice This digital apparatus does not exceed the Class B limits for radio noise emissions from digital apparatus set out in the interference causing equipment standard entitled Digital Apparatus ICES 003 of the Canadian Department of Communications Europe CE Declaration of Conformity This product has been tested in accordance to and complies with the Low Voltage Directive 2005 96 EC an...

Страница 78: ...License and Product 2 Certification No On RRL certificate Obtain certificate from local Intel representative 3 Name of Certification Recipient Intel Corporation 4 Date of Manufacturer Refer to date code on product 5 Manufacturer Nation Intel Corporation Refer to country of origin marked on product CNCA CCC China The CCC Certification Marking and EMC warning is located on the outside rear area of t...

Результаты поиска

Содержание 6000

Отзывы:

Похожие инструкции для 6000

Бренды по названию

Популярные бренды

skybox 6000, Быстрый старт

Результаты поиска

Содержание 6000

Отзывы:

Похожие инструкции для 6000

Бренды по названию

Популярные бренды