Canmove, confirm
937
edits
Changes
→Software Integrity Test
==Single Operator Mode of Operation==
The following explains how to configure a UNIX system for single user. The general idea is the same across all Unix variants.
* Remove all login accounts except "root" (the superuser).
* Disable NIS and other name services for users and groups.
* Turn off all remote login, remote command execution, and file transfer daemons.
The specific procedures for each of the UNIX variants are described below.
'''HP-UX'''
# Log in as the "root" user.
# Edit the system file <code>/etc/passwd</code> and remove all the users except "root" and the pseudo-users. Make sure the password fields for the pseudo-users are a star (*). This prevents login as the pseudo-users.
# Edit the system file <code>/etc/nsswitch.conf</code>. Make sure that <code>files</code> is the only option for <code>passwd</code> and <code>group</code>. This disables NIS and other name services for users and groups.
# Edit the system file <code>/etc/inetd.conf</code>. Remove or comment out the lines for remote login, remote command execution, and file transfer daemons such as <code>telnetd</code>, <code>rlogind</code>, <code>remshd</code>, <code>rexecd</code>, <code>ftpd</code>, and <code>tftpd</code>.
# Reboot the system for the changes to take effect.
'''Mac OS X'''
'''Red Hat Enterprise Linux'''
# Log in as the "root" user.
# Edit the system files <code>/etc/passwd</code> and <code>/etc/shadow</code> and remove all the users except "root" and the pseudo-users. Make sure the password fields in <code>/etc/shadow</code> for the pseudo-users are either a star (*) or double exclamation mark (!!). This prevents login as the pseudo-users.
# Edit the system file <code>/etc/nsswitch.conf</code> and make <code>files</code> the only option for <code>passwd</code>, <code>group</code>, and <code>shadow</code>. This disables NIS and other name services for users and groups.
# In the <code>/etc/xinetd.d</code> directory, edit the files <code>rexec</code>, <code>rlogin</code>, <code>rsh</code>, <code>rsync</code>, <code>telnet</code>, and <code>wu-ftpd</code>, and set the value of <code>disable</code> to <code>yes</code>.
# Reboot the system for the changes to take effect.
'''Solaris'''
==Software Integrity Test==
