Scribd Logo
Carica

Benvenuto in Scribd!

  • Manual Checklist Sudo Full Web Tier Tbased 1b 02

    Caricato da

    deepeshkumarpal5194
    100 visualizzazioni9 pagine
    hecklist Sudo Full Web Tier Tbased 1b 02

    Copyright

    © © All Rights Reserved

    Formati disponibili

    XLS, PDF, TXT o leggi online da Scribd

    Hai trovato utile questo documento?

    Questo contenuto è inappropriato?

    Segnala questo documento
    hecklist Sudo Full Web Tier Tbased 1b 02

    Copyright:

    © All Rights Reserved
    Scarica in formato XLS, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    100 visualizzazioni9 pagine

    Manual Checklist Sudo Full Web Tier Tbased 1b 02

    Caricato da

    deepeshkumarpal5194
    hecklist Sudo Full Web Tier Tbased 1b 02

    Copyright:

    © All Rights Reserved
    Scarica in formato XLS, PDF, TXT o leggi online su Scribd
    Segnala contenuti inappropriati
    di 9

    EoS / Manual HC Checklist fo

    Base Security Policy/Version CNX_ITSS_005

    Checklist Template Configured by Ashok Kumar Kodandan/India/Concentrix,

    Date Checklist Template Was


    1-Jul-2014
    Configured

    Checklist Template Verified By Pavan KS/India/Concentrix,

    Date Checklist Template Was


    1-Jul-2014
    Verified

    Final MHC Results Assessed By


    Date Final MHC Results
    Assessed

    Settings Checked by
    System Settings Required Setting
    TSCM / Manual

    4.1 Encryption
    Concentrix's encryption requirements
    are defined in CNX_ITSS_005
    Chapter 1.2 Authentication, Chapter
    1.4 Information Protection and
    Confidentiality, and Chapter 3
    Application Security. This Technical
    Specification defines encryption
    facilities that support the basic
    requirements. If there are no
    Manual encryption facilities specified,
    acceptable encryption algorhithms
    must be used. Other products can be
    used as long as they meet the
    Chapter 1.2, 1.4, and 3 requirements.

    Data Transmission Not Provided


    Manual

    File/Database Storage Encryption will be done by facilities provided by


    the operating system. See the operating system
    Manual Technical Specification.

    Add-on product options from None - handled by the host operating system.
    Concentrix (not a comprehensive list
    Manual or tested)
    File/Database Storage

    5.1 Operating System Resources


    /etc/sudoers File must be owned by root, and must not be
    (Or, the active sudoers file if it is worldwritable.
    TSCM stored elsewhere.)
    Sudo configuration file
    sudoers config file Files/scripts/commands listed in active entries
    must meet all the requirements below

    Exceptions:
    Files/commands executed that are OSR's and
    meet applicable OSR requirements are compliant
    and do not have to meet the requirements below.
    Shell bult-in commands executed do not have to
    TSCM meet the requirements below.
    Files/commands/scripts executed are not
    required to exist as long as all the existing
    directories in it's path meet all the requirements
    below.

    sudoers config file Each active entry must specify full path of the
    file/command/script to be executed.

    Note: Wildcards are allowed for active entries in


    TSCM sudoers file. All files and subdirectories returned
    by wildcard must be validated for all requirements
    below.

    sudoers config file Each active entry's file/command/script executed,


    and all directories in its path, must have settings
    TSCM for "other" of r-x or more stringent.

    sudoers config file Each active entry's file/command/script executed,


    and all existing directories in its path, must have
    settings for "group" of r-x or more stringent, if
    TSCM owned by groups considered to be default groups
    for general users.

    5.2 Security & system administrative authority


    Accesses Granted via Sudo All sudo access is considered "Security and
    System Administrative Authority", since it enables
    access beyond what is available to a general user
    as defined in CNX_ITSS_005 - 1.5.2.
    Providers of service are responsible for
    determining the appropriate level of sudo access
    TSCM to be granted to a user. They have the discretion
    to grant a user "full" sudo access, or access to a
    limited set of commands.

    CNX_ITSS_005 main body Sudo Access:


    requirements Must be assigned, revalidated, and removed as
    required by CNX_ITSS_005 - 1.5.2.
    Must be included in health checking as required
    TSCM
    by CNX_ITSS_005 - 1.7.1.
    6 Activity auditing
    Sudo Logging The following is NOT allowed in the sudo
    configuration file:
    TSCM !logfile

    TSCM Sudo Logging If a sudo-specific log file is used, the file must
    Sudo Log File exist
    If used, the file must exist
    Sudo logging may be accomplished
    several ways. If a sudo-specific log is
    kept, it must be retained as required
    by CNX_ITSS_005 - 1.6.

    TSCM Logging sudo activity to the OS log


    files is an acceptable alternative to
    using a dedicated sudo log.

    8 Network Settings
    Use of "NOPASSWORD' parameter in This parameter may be used, although it is not
    sudoers configuration file required.
    Manual

    Commands which allow shell escape Sudo access to commands which are able to
    escape to a shell is allowed.
    However, the provider of service should consider
    Manual this issue at the time access is granted.
    Examples of such commands: {vi, more}

    Specific commands/programs Any user that has the ability to modify


    executed via sudo: commands/programs called via sudo shall be
    (excludes "ALL" access) considered as having either security
    administrative authority or system authority, and
    is thus subject to the requirements in Section 5.2.
    Manual
    EoS / Manual HC Checklist for SUDO Unix (Linux & AIX)
    System Name
    web-tier-tbased-1b-02
    Account Name CNX

    Tech Spec Name &


    RHEL Legend
    Version
    Technical Team populates this field
    Version 7

    Release levels: 2 HC Perform Team populates this field

    Last day of vendor


    June 30, 2024
    Support

    Methodology
    Date Actual
    Health Checking Actual Values Used to
    Actual Value Values
    Requirement Yes/No Documented By Document Actual
    Documented
    Value

    No

    Visually reviewed
    vivek.grover@concentrix.com settings on the
    server.

    Value set as per


    CNX_ITSS_005 Policy 13-May-16
    No
    Visually reviewed
    vivek.grover@concentrix.com settings on the
    server.
    NA 13-May-16
    No NA
    Visually reviewed
    vivek.grover@concentrix.com settings on the
    server.
    13-May-16
    No NA
    Visually reviewed
    vivek.grover@concentrix.com settings on the
    server.
    13-May-16

    Yes
    Visually reviewed
    vivek.grover@concentrix.com settings on the
    Value set as per server.
    CNX_ITSS_005 Policy 13-May-16
    Yes

    Visually reviewed
    vivek.grover@concentrix.com settings on the
    server.

    Value set as per


    CNX_ITSS_005 Policy 13-May-16
    Yes

    Visually reviewed
    vivek.grover@concentrix.com settings on the
    server.

    Value set as per


    CNX_ITSS_005 Policy 13-May-16
    Yes
    Visually reviewed
    vivek.grover@concentrix.com settings on the
    Value set as per server.
    CNX_ITSS_005 Policy 13-May-16
    Yes

    Visually reviewed
    vivek.grover@concentrix.com settings on the
    server.
    Value set as per
    CNX_ITSS_005 Policy 13-May-16

    Yes

    Visually reviewed
    vivek.grover@concentrix.com settings on the
    server.

    Value set as per


    CNX_ITSS_005 Policy 13-May-16
    Yes

    Visually reviewed
    vivek.grover@concentrix.com settings on the
    server.
    Value set as per
    CNX_ITSS_005 Policy 13-May-16
    Yes
    Visually reviewed
    vivek.grover@concentrix.com settings on the
    Value set as per server.
    CNX_ITSS_005 Policy 13-May-16
    No
    Yes

    Visually reviewed
    vivek.grover@concentrix.com settings on the
    server.

    Value set as per


    CNX_ITSS_005 Policy 13-May-16

    No NA
    Visually reviewed
    vivek.grover@concentrix.com settings on the
    server.
    13-May-16
    No NA

    Visually reviewed
    vivek.grover@concentrix.com settings on the
    server.

    13-May-16
    No NA

    Visually reviewed
    vivek.grover@concentrix.com settings on the
    server.

    13-May-16
    If EoS fill all the raws. If it
    is for HC, filter it with
    Health Checking
    requirement Yes in column
    E
    Legend

    am populates this field

    Team populates this field

    Finding Level
    Final Value Must be
    "Compliant" or
    "Deviation"
    Remarks
    =IF(H16=I16,"Comp
    liant","Requires
    Assessment")

    Potrebbero piacerti anche