Open X displays allow an attacker to capture keystrokes and to execute commands remotely. X displays must not be exported to the world. The service is unencrypted and does not require authentication of requests. TFTP is a file transfer protocol often used by embedded systems to obtain configuration data or software. If the service is running with the default authenticators, then anyone can gather data.Īny active TFTP daemon must be authorized and approved in the system accreditation package. Whether active or not, default SNMP passwords, users, and passphrases must be changed to maintain security. SNMP communities, users, and passphrases must be changed from the default. The telnet daemon provides a typically unencrypted remote access service which does not provide for the confidentiality and integrity of user passwords or the remote session. If special privilege accounts are compromised, the accounts could provide privileges to execute malicious commands on a system. The system must not have special privilege accounts, such as shutdown and halt. Exploits of the SSH daemon could provide immediate root access to the system. SSHv1 is not a DoD-approved protocol and has many well-known vulnerability exploits. The SSH daemon must be configured to only use the SSHv2 protocol. Such reboots may cause a loss of data or loss of access to critical information. Undesirable reboots can occur if the CTRL-ALT-DELETE key sequence is not disabled. The x86 CTRL-ALT-DELETE key sequence must be disabled. Implementing Network Information Service (NIS) or NIS+ under UDP may make the system more susceptible to a Denial of Service attack and does not provide the same quality of service as TCP. The system must not use UDP for NIS/NIS+. This ability could allow a malicious user to boot the system.
The ability to boot from removable media is the same as being able to boot into single user, or maintenance, mode without a password. The system must be configured to only boot from the system boot device. Shells with world/group write permissions give the ability to maliciously modify the shell to obtain unauthorized access.
If TFTP is not running in secure mode, it may be able to write to any file or directory and may seriously impair system integrity.Īll shell files must have mode 0755 or less permissive. Secure mode limits TFTP requests to a specific directory. The TFTP daemon must operate in "secure mode" which provides access only to a single directory on the host file system. Insecure file locking could allow for sensitive data to be viewed or edited by an unauthorized user. The Linux NFS Server must not have the insecure file locking option. If TFTP runs with the setuid or setgid bit set, it may be able to write to any file or directory and may seriously impair system integrity, confidentiality, and availability. The TFTP daemon must have mode 0755 or less permissive. Malicious users with removable boot media can gain access to a system configured to use removable media as the boot loader. The system must not use removable media as the boot loader. GRUB is a versatile boot loader used by several platforms that can provide authentication for access to the system or boot loader. If the system's boot loader does not require authentication, users with console access to the system may be able to alter the system boot configuration or boot the system into single user or.įor systems capable of using GRUB, the system must be configured with GRUB as the default boot loader unless another boot loader has been authorized, justified, and documented using site-defined procedures. The system boot loader must require authentication. Specific exceptions for local service administration should be documented in.
If a web browser flaw is exploited while running as a privileged user, the entire system could be compromised. If an anonymous FTP account has been configured to use a functional shell, attackers could gain access to the shell if the account is compromised.Īdministrative accounts must not run a web browser, except as needed for local service administration. This is.Īnonymous FTP accounts must not have a functional shell.
Red hat enterprise linux 5 password#
If a user accesses the root account (or any account) using an unencrypted connection, the password is passed over the network in clear text form and is subject to interception and misuse. Root passwords must never be passed over a network in clear text form. Findings (MAC III - Administrative Sensitive) Finding ID