[Fed-Talk] Re: MAC OS X compliance with NISPOM Ch. 8
[Fed-Talk] Re: MAC OS X compliance with NISPOM Ch. 8
- Subject: [Fed-Talk] Re: MAC OS X compliance with NISPOM Ch. 8
- From: "Dan O'Donnell" <email@hidden>
- Date: Wed, 27 Apr 2005 12:48:39 -0700
Debbie,
We are just finishing our NISPOM Ch.8 compliance config and inspection.
In our case it was for all platforms - Solaris, Linux, Windows (2000, XP)
and OSX.
Shawn Geddis of Apple is frequently on this list and was most helpful.
You'll probably hear from his shortly, if you haven't already.
OSX 10.3.6 is the lowest version of the OS that will accommodate the
auditing that is required.
If you are already familiar with UNIX then you'll after some early poking
around you'll quickly learn that you can find your way around in OSX. It is
mostly Apple's implementation of FreeBSD and while that is not Solaris,
HP/UX or AIX it is still a very unix-like system. Go to
Applications/Terminal and it'll drop you into a shell (probably bash).
You'll find vi, and with those two you can find your way around the system.
You'll need these later for the implementation.
The Security Technology Brief you've mentioned is most likely the PowerPoint
file available at DSS' site. It is publicly available, and you can google
for it at the link below. The file itself is a download, available at:
<http://www.dss.mil/infoas/How_to_Manage_a_Contamination_091103.ppt>
I found the presentation was moderately useful. YMMV. You'll note that it
specifically states that they don't recommend certain tools, but then they
recommend certain tools. This is relevant because they call for Norton
Utilities for secure removal (sanitizing) of files from hard disks, and for
secure erasure of hard disks prior to moving a disk from classified to
unclassified (if you do this). We got approval for replacement of NUM by
using srm for files (man srm). It appears we'll be able to use the new Disk
Utility in 10.4 for secure reformat. (Check also man diskutil.)
The system auditor is basically BSM, as you're familiar with in Solaris.
Boot a machine in verbose mode (startup while holding Cmd-V) and you'll see
the BSM module load. You'll need the Common Criteria Tools suggested by
another poster. This includes a log file viewer - which is specifically what
you need to view audit logs. This is critical to NISPOM Ch.8. Read the PDF
that comes with the package for full info on: how to install and use the
audit logging functions; how to activate logging in the hostfile; and for
making OSX more secure (e.g. remove Classic).
Sysadmin magazine did an article last year on BSM in Solaris. It's not
exactly the same as in OSX, but it's helpful to read.
<http://www.samag.com/documents/s=9427/sam0414c/0414c.htm>
HTH,
Dan O'Donnell
--
Dan O'Donnell
Information Services, Macintosh Technology Lead
RAND Corporation
Phone 310.393.0411 x6637
Fax 310.260.8143
<http://www.google.com/search?as_q=DSS+how+to+manage+a+contamination&num=10&
hl=en&btnG=Google+Search&as_epq=&as_oq=&as_eq=&lr=&as_ft=i&as_filetype=&as_q
dr=all&as_occt=any&as_dt=i&as_sitesearch=&safe=images>
PS: Note that MAC is a three letter acronym for Media Access Control in
Layer 1 of the OSI model, and is a specific technical definition. Mac is the
commonly-used abbreviation for Macintosh.
On 4/27/05 12:05 PM, "email@hidden"
<email@hidden> wrote:
> Date: Tue, 26 Apr 2005 16:29:40 -0500
> From: Debbie Tropiano <email@hidden>
> Subject: [Fed-Talk] MAC OS X compliance with NISPOM Ch. 8
> To: email@hidden
> Message-ID: <email@hidden>
> Content-Type: text/plain; charset=us-ascii
>
> Hello -
>
> I administer a network of mostly Linux and Unix/Solaris systems that
> includes two MAC OS X systems. We have a need to be fully compliant
> with all of the NISPOM Ch. 8 requirements and have met them for the
> Linux/Unix systems, but not for the MAC OS X systems.
>
> In googling for solutions for our MAC OS X systems, I came across
> this list and have some questions.
>
> Is there a way to setup our MAC OS X systems such that they meet all of
> the NISPOM Ch. 8 requirements? And if so, how? I noted reference to
> the document "Security Technology Brief" which I was unable to locate.
>
> If there are any documents or links that I can use to setup these systems
> properly, I would greatly appreciate it (my background is mostly in Unix,
> so MAC OS X systems is rather alien to me at this point).
>
> Thanks for any assistance you can provide,
> Debbie
> --
> | Debbie Tropiano | email@hidden |
> | Environmental Sciences Laboratory | +1 512 835 3367 w |
> | Applied Research Laboratories of UT Austin | +1 512 835 3544 fax |
> | P.O. Box 8029, Austin, TX 78713-8029 | home email: email@hidden |
>
--------------------
This email message is for the sole use of the intended recipient(s) and
may contain privileged information. Any unauthorized review, use,
disclosure or distribution is prohibited. If you are not the intended
recipient, please contact the sender by reply email and destroy all copies
of the original message.
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden