IT Baseline Protection Manual - The Information Warfare Site

Safeguard Catalogue - Hardware & Software Remarks
____________________________________________________________________ .........................................
under which the s bit is ignored for the relevant file system. When
exchangeable data media are used, consideration should be given as to
whether to use this option.
When sharing directories which can be mounted by other computers, the
restrictions mentioned in S 5.17 Use of NFS security mechanisms must be
observed. In particular, no directories with root rights should be shared;
directories with write authority should only be shared when this is necessary.
This measure is complemented by the following:
- S 1.32 Adequate siting of the console, devices with exchangeable data
media, and printers
- S 4.18 Administrative and technical means to control access to the systemmonitor
and single-user mode
Additional controls:
- Can the su command be executed only by the Administrator?
- Is use of the su command automatically logged?
- Who has write access to the relevant configuration files?
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000