|
Name |
UNIX Security Technical Implementation Guide, v5 Release
1
|
|
Version |
v5 Release 1
|
|
Status |
Final
|
| Creation
Date |
Not available.
|
| Revision
Date |
2006-04-04
|
| Product
Category |
Operating System
|
| Vendor |
Hewlett-Packard (HP)
International Business Machines (IBM)
Sun Microsystems (SUN)
Redhat Software
|
| Product |
HP-UX 10.20 and later
AIX 4.3 and later
Solaris 2.5.1 and later
Redhat Linux 6.2 and later
|
| Product
Version |
HP-UX 10.20 and later
AIX 4.3 and later
Solaris 2.5.1 and later
Redhat Linux 6.2 and later
|
| Product
Role |
Operating System
|
|
Checklist
Summary |
This STIG document provides assistance with protecting
UNIX systems, software, data integrity, availability,
and reliability. It supports the war
fighter by assisting the different sites in
achieving a high state of UNIX system security
readiness. This document is a requirement
for all DISA administered systems and all
systems connected to DISA networks.
It is to be used as a “strongly recommended”
guide for other DISA customers and the DOD.
These requirements are designed to assist
Security Managers (SMs), Information Assurance
Managers (IAMs), Information Assurance Officers
(IAOs), and System Administrators (SAs) with
configuring and maintaining security controls
in a UNIX environment. This document
is limited to the UNIX systems presently in
use at DISA sites, although additional system
support will be included as necessary.
DISA customers use several different UNIX platforms that
support different versions of UNIX.
All UNIX systems share some common characteristics.
They implement features differently, do not
all implement the same features, and use different
methods for implementing some of the same
features. This document addresses the
UNIX platforms and versions, as listed: HP-UX
10.20 and later, AIX 4.3 and later, Solaris
2.5.1 and later, and Redhat Linux 6.2 and
later.
|
| Known
Issues |
This UNIX STIG presents the known security configuration
items, vulnerabilities, and issues required
to be addressed by DoD policy. In addition
to this STIG, compliance validation tools
and checklists are available to .mil and .gov
customers to assist in the efforts to implement
the required configuration. The guidelines
specified should be evaluated in a local,
representative test environment before implementation
within large user populations. The extensive
variety of environments makes it impossible
to test these guidelines for all potential
software configurations. For some environments,
failure to test before implementation will
lead to a loss of required functionality.
|
| Target
Audience |
Developped for the DOD.
The requirements set forth in this document
are designed to assist Information Systems
Security Officers (IAOs) and System Administrators
(SAs) in support of protecting DOD network
infrastructures and resources. This document
assumes that the reader has experience installing
and administering the UNIX operating system.
|
| Target
Operational Environment |
Enterprise and Specialized
Security-Limited Functionality.
|
| Checklist
Installation Tools |
Not available.
|
| Rollback
Capability |
A daily backup of all changeable data, and proper storage,
is recommended in restoring data once a compromise
has been detected and traced to the time it
first occurred. Without daily backups,
recovery procedures will not be reliable.
Consistent and accurate backup is also the
only way a Continuity of Operations Plan (COOP)
can be implemented during catastrophe, natural
disaster, hardware failures, and other circumstances.
In all cases, the quality and depth of backups
and the security of backup storage will have
a direct impact on the quality and depth of
restorative operations and COOP. It
is the only path back to confidentiality,
integrity, and availability of data once there
has been a compromise, a natural disaster,
or a catastrophe.
|
| Testing
Information |
Not available.
|
| NIAP/CMVP
Status |
Not available.
|
| Regulatory
Compliance |
DOD Directive 8500.
|
Comments,
Warnings, Disclaimer, Miscellaneous
|
Refer to Known Issues.
|
| Disclaimer |
Not available.
|
| Product
Support |
It should be noted that FSO Support for the STIGs, Checklists,
and Tools is only available to DOD Customers.
|
| Submitting
Organization/Authors |
Defense Information Systems Agency
|
| Point
of Contact |
Not available.
|
| Sponsor |
Not available.
|
| Licensing |
Not available.
|
| Checklist
Homepage |
http://iase.disa.mil/stigs/stig/index.html
|
| Download
Package |
http://iase.disa.mil/stigs/stig/
unix-stig-v5r1.pdf
|
| Integrity |
SHA1 Digest (unix-stig-v5r1.pdf) =
c04a2fe5c3c4e4b14d8ede1fed60c69a861c7513
SHA256 Digest (unix-stig-v5r1.pdf)
=
a368d63c4d48d30e5eb1ab54feb4ce6140828129
d6924458cd152aa1da9d4f11
|
| Change
History |
v4
Release 3: 2003-08-15
v4
Release 4: 2003-09-15
v5 Release 1: 2006-04-04
|
| Dependency/Requirement |
UNIX Security Checklist, v4r4
|
| References |
Not available.
|
| NIST
Identifier |
1079
|
