Mailing Lists: Apple Mailing Lists
Image of Mac OS face in stamp
 
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Fed-Talk] CCC DSS Doc -Win to OS X Conversion - anyone???

Hello everyone,
    I'm in the midst of actually implementing the DSS required stuff on my 10.3.x box.

I have the document titled "Windows 2000/XP - How to Enable Security and Auditing Requirements" from our DSS person. (I'm 90% certain the doc came from here: http://www.dss.mil/infoas/index.htm  The last item on the right column in the "Guidance" section)

I'm wondering if anyone on the list has already distilled this document down into a quick cheat sheet guide for how I would set up my Mac 10.3 machine. - What'd be really dreamy would be for someone to write up a GUI frontend for the auditing SETUP - I have the audit reader (from Apple).


I'll admit that most of it is very straightforward - using the System Preferences for example. The Password Policy stuff seems easy too.

But how about the "new" auditing stuff? I understand the editing of the "audit_control" file - the "flags"

BUT

I'm trying to match up the Windows lingo in the DSS guide with the Mac/BSD lingo.

For example - in Windows language I need to Audit:

                 Logon Events - success and failures

                 Account Management - success and failures

                 Directory Service - failures only

                 Logon Events Directory Services - success and failures

                 Object Access - failures only

                 Policy Change - success and failures

                 Privilege Use - success and failures

                 Process Tracking - failures only

                 System Events - success and failures


In the Mac OS X Audit Even Class Structure (Page 77 of the "Common Criteria Configuration and Administration Guide" the nomenclature is different.

Some of the Mac ones line up with the Windows - "lo" for example - Login/Logout. But some of the others are questionable. - "Policy Change?  - what might that one be? How about the rest of them?

ok - Thanks - I'm just trying to not reinvent the wheel here. If anyone's done it already - I would love to get some advice on getting it right to make DSS happy.

Jason


email@hidden


_____________________________________

Jason C. Dickinson

Terahertz Scientist

Submillimeter-Wave Technology Laboratory

University of Massachusetts Lowell

______________________________________



 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:
http://lists.apple.com/mailman/options/fed-talk/email@hidden

This email sent to email@hidden


Visit the Apple Store online or at retail locations.
1-800-MY-APPLE

Contact Apple | Terms of Use | Privacy Policy

Copyright © 2007 Apple Inc. All rights reserved.