Transcription
Symantec Enterprise Security Manager Policy Manual for FISMA (NIST 800-53)For UNIX and Linux
Symantec ESM Policy Manual for FISMA (NIST 80053) for UNIX and LinuxThe software described in this book is furnished under a license agreement and may beused only in accordance with the terms of the agreement.060320Copyright NoticeCopyright 2004 - 2006 Symantec Corporation.All Rights Reserved.Any technical documentation that is made available by Symantec Corporation is thecopyrighted work of Symantec Corporation and is owned by Symantec Corporation.NO WARRANTY. The technical documentation is being delivered to you AS-IS andSymantec Corporation makes no warranty as to its accuracy or use. Any use of thetechnical documentation or the information contained therein is at the risk of the user.Documentation may include technical or other inaccuracies or typographical errors.Symantec reserves the right to make changes without prior notice.No part of this publication may be copied without the express written permission ofSymantec Corporation, 20330 Stevens Creek Blvd., Cupertino, CA 95014.TrademarksSymantec, the Symantec logo, Symantec Enterprise Security Manager, LiveUpdate, andSymantec Security Response are trademarks of Symantec Corporation.Microsoft, MS-DOS, Windows, and Windows NT are registered trademarks of MicrosoftCorporation.Other product names mentioned in this manual may be trademarks or registeredtrademarks of their respective companies and are hereby acknowledged.Printed in the United States of America.
3Technical supportAs part of Symantec Security Response, the Symantec Global Technical Supportgroup maintains support centers throughout the world. The Technical Supportgroup’s primary role is to respond to specific questions on product feature/function, installation, and configuration, as well as to author content for ourWeb-accessible Knowledge Base. The Technical Support group workscollaboratively with the other functional areas within Symantec to answer yourquestions in a timely fashion. For example, the Technical Support group workswith Product Engineering as well as Symantec Security Response to provideAlerting Services and Virus Definition Updates for virus outbreaks and securityalerts.Symantec technical support offerings include: A range of support options that gives you the flexibility to select the rightamount of service for any size organization Telephone and Web support components that provide rapid response andup-to-the-minute information Upgrade insurance that delivers automatic software upgrade protection Content Updates for virus definitions and security signatures that ensurethe highest level of protection Global support from Symantec Security Response experts, which isavailable 24 hours a day, 7 days a week worldwide in a variety of languagesAdvanced features, such as the Symantec Alerting Service and TechnicalAccount Manager role, that offer enhanced response and proactive securitysupportPlease visit our Web site for current information on Support Programs. Thespecific features that are available may vary based on the level of supportpurchased and the specific product that you are using. Licensing and registrationIf the product that you are implementing requires registration and/or a licensekey, the fastest and easiest way to register your service is to access theSymantec licensing and registration site at www.symantec.com/certificate.Alternatively, you may go to t the product that you wish to register, and from the Product Home Page,select the Licensing and Registration link.Contacting Technical SupportCustomers with a current support agreement may contact the TechnicalSupport group by phone or online at www.symantec.com/techsupp.Customers with Platinum support agreements may contact Platinum TechnicalSupport by the Platinum Web site at www-secure.symantec.com/platinum/.
4When contacting the Technical Support group, please have the following: Product release level Hardware information Available memory, disk space, NIC information Operating system Version and patch level Network topology Router, gateway, and IP address information Problem description Error messages/log files Troubleshooting performed prior to contacting Symantec Recent software configuration changes and/or network changesCustomer ServiceTo contact Enterprise Customer Service online, go to www.symantec.com, selectthe appropriate Global Site for your country, then choose Service and Support.Customer Service is available to assist with the following types of issues: Questions regarding product licensing or serialization Product registration updates such as address or name changes General product information (features, language availability, local dealers) Latest information on product updates and upgrades Information on upgrade insurance and maintenance contracts Information on Symantec Value License Program Advice on Symantec's technical support options Nontechnical presales questions Missing or defective CD-ROMs or manuals
Symantec Software License AgreementSymantec Enterprise Security Manager SYMANTEC CORPORATION AND/OR ITSSUBSIDIARIES (“SYMANTEC”) IS WILLING TOLICENSE THE SOFTWARE TO YOU AS ANINDIVIDUAL, THE COMPANY, OR THE LEGAL ENTITYTHAT WILL BE UTILIZING THE SOFTWARE(REFERENCED BELOW AS “YOU” OR “YOUR”) ONLYON THE CONDITION THAT YOU ACCEPT ALL OF THETERMS OF THIS LICENSE AGREEMENT. READ THETERMS AND CONDITIONS OF THIS LICENSEAGREEMENT CAREFULLY BEFORE USING THESOFTWARE. THIS IS A LEGAL AND ENFORCEABLECONTRACT BETWEEN YOU AND THE LICENSOR. BYOPENING THIS PACKAGE, BREAKING THE SEAL,CLICKING THE “AGREE”, “ACCEPT” OR “YES”BUTTON OR OTHERWISE INDICATING ASSENTELECTRONICALLY, OR LOADING THE SOFTWARE,YOU AGREE TO THE TERMS AND CONDITIONS OFTHIS AGREEMENT. IF YOU DO NOT AGREE TOTHESE TERMS AND CONDITIONS, CLICK THE “I DONOT AGREE”, “I DO NOT ACCEPT” OR “NO” BUTTONOR OTHERWISE INDICATE REFUSAL AND MAKE NOFURTHER USE OF THE SOFTWARE.1. License:The software and documentation that accompaniesthis license (collectively the “Software”) is theproprietary property of Symantec or its licensors andis protected by copyright law. While Symanteccontinues to own the Software, You will have certainrights to use the Software after Your acceptance of thislicense. This license governs any releases, revisions, orenhancements to the Software that the Licensor mayfurnish to You. Except as may be modified by anapplicable Symantec license certificate, licensecoupon, or license key (each a “License Module”) thataccompanies, precedes, or follows this license, and asmay be further defined in the user documentationaccompanying the Software, Your rights andobligations with respect to the use of this Software areas follows.You may:A. use the number of copies of the Software as havebeen licensed to You by Symantec under a LicenseModule. If the Software is part of a suite containingmultiple Software titles, the number of copies You mayuse may not exceed the aggregate number of copiesindicated in the License Module, as calculated by anycombination of licensed Software titles. Your LicenseModule shall constitute proof of Your right to makesuch copies. If no License Module accompanies,precedes, or follows this license, You may make onecopy of the Software You are authorized to use on asingle computer;B. make one copy of the Software for archivalpurposes, or copy the Software onto the hard disk ofYour computer and retain the original for archivalpurposes;C. use the Software on a network, provided that Youhave a licensed copy of the Software for each computerthat can access the Software over that network;D. use the Software in accordance with any writtenagreement between You and Symantec; andE. after written consent from Symantec, transfer theSoftware on a permanent basis to another person orentity, provided that You retain no copies of theSoftware and the transferee agrees in writing to theterms of this license.You may not:A. copy the printed documentation that accompaniesthe Software;B. sublicense, rent, or lease any portion of theSoftware; reverse engineer, decompile, disassemble,modify, translate, make any attempt to discover thesource code of the Software, or create derivative worksfrom the Software;C. use the Software as part of a facility management,timesharing, service provider, or service bureauarrangement;D. use a previous version or copy of the Software afterYou have received and installed a disk replacement setor an upgraded version. Upon upgrading the Software,all copies of the prior version must be destroyed;E. use a later version of the Software than is providedherewith unless You have purchased correspondingmaintenance and/or upgrade insurance or haveotherwise separately acquired the right to use suchlater version;F. use, if You received the software distributed onmedia containing multiple Symantec products, anySymantec software on the media for which You havenot received permission in a License Module; norG. use the Software in any manner not authorized bythis license.2. Content Updates:Certain Software utilize content that is updated fromtime to time (including but not limited to the followingSoftware: antispam software utilize updated antispamrules; antivirus software utilize updated virusdefinitions; content filtering software utilize updatedURL lists; some firewall software utilize updatedfirewall rules; policy compliance software utilizeupdated policy compliance updates; and vulnerabilityassessment products utilize updated vulnerabilitysignatures; these updates are collectively referred to as“Content Updates”). You shall have the right to obtainContent Updates for any period for which You havepurchased maintenance, except for those ContentUpdates that Symantec elects to make available byseparate paid subscription, or for any period for whichYou have otherwise separately acquired the right to
obtain Content Updates. Symantec reserves the rightto designate specified Content Updates as requiringpurchase of a separate subscription at any time andwithout notice to You; provided, however, that if Youpurchase maintenance hereunder that includesparticular Content Updates on the date of purchase,You will not have to pay an additional fee to continuereceiving such Content Updates through the term ofsuch maintenance even if Symantec designates suchContent Updates as requiring separate purchase. ThisLicense does not otherwise permit the licensee toobtain and use Content Updates.3. Limited Warranty:Symantec warrants that the media on which theSoftware is distributed will be free from defects for aperiod of thirty (30) days from the date of delivery ofthe Software to You. Your sole remedy in the event of abreach of this warranty will be that Symantec will, atits option, replace any defective media returned toSymantec within the warranty period or refund themoney You paid for the Software. Symantec does notwarrant that the Software will meet Your requirementsor that operation of the Software will be uninterruptedor that the Software will be error-free.TO THE MAXIMUM EXTENT PERMITTED BYAPPLICABLE LAW, THE ABOVE WARRANTY ISEXCLUSIVE AND IN LIEU OF ALL OTHERWARRANTIES, WHETHER EXPRESS OR IMPLIED,INCLUDING THE IMPLIED WARRANTIES OFMERCHANTABILITY, FITNESS FOR A PARTICULARPURPOSE, AND NONINFRINGEMENT OFINTELLECTUAL PROPERTY RIGHTS. THISWARRANTY GIVES YOU SPECIFIC LEGAL RIGHTS.YOU MAY HAVE OTHER RIGHTS, WHICH VARYFROM STATE TO STATE AND COUNTRY TOCOUNTRY.4. Disclaimer of Damages:SOME STATES AND COUNTRIES, INCLUDINGMEMBER COUNTRIES OF THE EUROPEANECONOMIC AREA, DO NOT ALLOW THELIMITATION OR EXCLUSION OF LIABILITY FORINCIDENTAL OR CONSEQUENTIAL DAMAGES, SOTHE BELOW LIMITATION OR EXCLUSION MAYNOT APPLY TO YOU.TO THE MAXIMUM EXTENT PERMITTED BYAPPLICABLE LAW AND REGARDLESS OFWHETHER ANY REMEDY SET FORTH HEREINFAILS OF ITS ESSENTIAL PURPOSE, IN NO EVENTWILL SYMANTEC BE LIABLE TO YOU FOR ANYSPECIAL, CONSEQUENTIAL, INDIRECT, ORSIMILAR DAMAGES, INCLUDING ANY LOSTPROFITS OR LOST DATA ARISING OUT OF THE USEOR INABILITY TO USE THE SOFTWARE EVEN IFSYMANTEC HAS BEEN ADVISED OF THEPOSSIBILITY OF SUCH DAMAGES.IN NO CASE SHALL SYMANTEC’S LIABILITYEXCEED THE PURCHASE PRICE FOR THESOFTWARE. The disclaimers and limitations set forthabove will apply regardless of whether or not Youaccept the Software.5. U.S. Government Restricted Rights:RESTRICTED RIGHTS LEGEND. All Symantec productsand documentation are commercial in nature. Thesoftware and software documentation are“Commercial Items,” as that term is defined in 48C.F.R. section 2.101, consisting of “CommercialComputer Software” and “Commercial ComputerSoftware Documentation,” as such terms are defined in48 C.F.R. section 252.227-7014(a)(5) and 48 C.F.R.section 252.227-7014(a)(1), and used in 48 C.F.R.section 12.212 and 48 C.F.R. section 227.7202, asapplicable. Consistent with 48 C.F.R. section 12.212, 48C.F.R. section 252.227-7015, 48 C.F.R. section 227.7202through 227.7202-4, 48 C.F.R. section 52.227-14, andother relevant sections of the Code of FederalRegulations, as applicable, Symantec’s computersoftware and computer software documentation arelicensed to United States Government end users withonly those rights as granted to all other end users,according to the terms and conditions contained in thislicense agreement. Manufacturer is SymantecCorporation, 20330 Stevens Creek Blvd., Cupertino, CA95014, United States of America.6. Export Regulation:Certain Symantec products are subject to exportcontrols by the U.S. Department of Commerce (DOC),under the Export Administration Regulations (EAR)(see www.bxa.doc.gov). Violation of U.S. law is strictlyprohibited. Licensee agrees to comply with therequirements of the EAR and all applicableinternational, national, state, regional and local laws,and regulations, including any applicable import anduse restrictions. Symantec products are currentlyprohibited for export or re-export to Cuba, NorthKorea, Iran, Iraq, Libya, Syria and Sudan or to anycountry subject to applicable trade sanctions. Licenseeagrees not to export, or re-export, directly orindirectly, any product to any country outlined in theEAR, nor to any person or entity on the DOC DeniedPersons, Entities and Unverified Lists, the U.S.Department of State’s Debarred List, or on the U.S.Department of Treasury's lists of Specially DesignatedNationals, Specially Designated Narcotics Traffickers,or Specially Designated Terrorists. Furthermore,Licensee agrees not to export, or re-export, Symantecproducts to any military entity not approved under theEAR, or to any other entity for any military purpose,
nor will it sell any Symantec product for use inconnection with chemical, biological, or nuclearweapons or missiles capable of delivering suchweapons.7. General:If You are located in North America or Latin America,this Agreement will be governed by the laws of theState of California, United States of America.Otherwise, this Agreement will be governed by thelaws of England and Wales. This Agreement and anyrelated License Module is the entire agreementbetween You and Symantec relating to the Softwareand: (i) supersedes all prior or contemporaneous oralor written communications, proposals, andrepresentations with respect to its subject matter; and(ii) prevails over any conflicting or additional terms ofany quote, order, acknowledgment, or similarcommunications between the parties. This Agreementshall terminate upon Your breach of any termcontained herein and You shall cease use of anddestroy all copies of the Software. The disclaimers ofwarranties and damages and limitations on liabilityshall survive termination. Software anddocumentation is delivered Ex Works California,U.S.A. or Dublin, Ireland respectively (ICC INCOTERMS2000). This Agreement may only be modified by aLicense Module that accompanies this license or by awritten document that has been signed by both Youand Symantec. Should You have any questionsconcerning this Agreement, or if You desire to contactSymantec for any reason, please write to: (i) SymantecCustomer Service, 555 International Way, Springfield,OR 97477, U.S.A., (ii) Symantec Customer ServiceCenter, PO BOX 5689, Dublin 15, Ireland , or (iii)Symantec Customer Service, 1 Julius Ave, North Ryde,NSW 2113, Australia.1. Permission to use the software to assess Desktop,Server, or Network devices does not constitutepermission to make additional copies of the Software.2. You may use the Software to assess up to the numberof Desktop computers, on which a host-based agent isinstalled, as set forth under a License Module,.“Desktop” means a computer for a single end user.3. You may use the Software to assess up to the numberof Servers, on which a host-based agent is installed, asset forth under a License Module,. “Server” means acomputer that is used to provide services to othercomputers via a network.4. You may use the Software to assess up to the numberof Virtual Machines, on which a host-based agent isinstalled, as set forth under a License Module. “VirtualMachine” means a machine completely defined andimplemented in software rather than hardware.Virtual Machines are run on a hosting Server and canfunction as a Server or Desktop.5. You may use the Software to assess up to the numberof unique Network Devices set forth under a LicenseModule, which can be assessed by a network scanagent. “Network Devices” means an interconnectedsystem of computers and devices.C. If the Software you have licensed includes Cognos Report Studio You may use the single (1) user license ofCognos Report Studio that is received with theSoftware only. Additional Cognos Report Studiolicenses must be purchased separately.8. Additional Uses and Restrictions:A. Required Software Installation and Activation:There may be technological measures in this Softwarethat are designed to prevent unlicensed or illegal use ofthe Software. You agree that Symantec may use thesemeasures. You must register the Software functionsand any associated maintenance and support that arecontrolled by these technological measures throughthe use of the Internet. Symantec cannot guaranteethat use of the Internet will be uninterrupted.Symantec will maintain your registration details.B. If the Software You have licensed is SymantecEnterprise Security Manager, notwithstanding any ofthe terms and conditions contained herein, thefollowing additional terms apply to the Software:02.03.05ENT.GLBL.EULA.ESM6.5
8
ContentsSymantec ESM Policy Manual for FISMA (NIST 800-53) for UNIX and LinuxIntroducing the policy .12About the policy .12About the Federal Information Security Management Act of 2002 .13Where to get more information .13Installing the policy .14Before you install .14Installing the policy .14Policy modules .17Account Integrity .17Discovery .20File Access .21File Attributes .21File Find .23File Watch .24Integrated Command Engine .
symantec enterprise security manager symantec corporation and/or its subsidiaries (“symantec”) is willing to license the software to you as an individual, the company, or the legal entity that will be utilizing the software (referenced below as “you” or
