Documente Academic
Documente Profesional
Documente Cultură
Title page
Alcatel-Lucent 9959
Network Performance Optimizer | M5
Security Guide
9YZ-04669-0202-USZZA
Issue 3 | July 2012
Alcatel-Lucent Proprietary
Use pursuant to applicable agreements
Alcatel, Lucent, Alcatel-Lucent and the Alcatel-Lucent logo are trademarks of Alcatel-Lucent. All other trademarks are the property of their respective
owners.
The information presented is subject to change without notice. Alcatel-Lucent assumes no responsibility for inaccuracies contained herein.
Copyright 2012 Alcatel-Lucent. All rights reserved.
Contains proprietary/trade secret information which is the property of Alcatel-Lucent and must not be made available to, or copied or used by anyone outside
Alcatel-Lucent without its written authorization.
Not to be used or disclosed except in accordance with applicable agreements.
Not to be used or disclosed except in accordance with applicable agreements.
Alcatel-Lucent Proprietary
Use pursuant to applicable agreements
Contents
.............................................................................................................................................................................................. v
v
.......................................................................................................................................................................... v
v
Document pertinence
Audience
.................................................................................................................................................................... v
v
........................................................................................................................................................................................... v
v
................................................................................................................................................................................... vi
vi
Overview
Overview ...................................................................................................................................................................................... 1-1
1-1
Introduction ................................................................................................................................................................................. 1-1
1-1
Common industry best practices
......................................................................................................................................... 1-2
1-2
......................................................................................................................................................... 2-8
2-8
....................................................................................................................................................... 3-1
3-1
....................................................................................................................................................................................................................................
Alcatel-Lucent 9959 NPO
Alcatel-Lucent Proprietary
iii
9YZ-04669-0202-USZZA M5
Use pursuant to applicable agreements
Issue 3 July 2012
Contents
....................................................................................................................................................................................................................................
....................................................................................................................................................... 4-4
4-4
....................................................................................................................................................................................................................................
Alcatel-Lucent Proprietary
Alcatel-Lucent 9959 NPO
iv
Use pursuant to applicable agreements
9YZ-04669-0202-USZZA M5
Issue 3 July 2012
Purpose
The purpose of this document is to list the ports used between NPO servers on one side
and external applications (mainly PC clients) on the other side, and describe the NPO
product security assessment.
Reason for reissue
Refer to the following Editions for a list of technical and editorial updates to the current
guide.
In Edition 03
NPO required port table updated, NPO port differences between M5 and M4 updated and
NPO Aux required port table added.
In Edition 01
...................................................................................................................................................................................................................................
Alcatel-Lucent 9959 NPO
Alcatel-Lucent Proprietary
v
9YZ-04669-0202-USZZA M5
Use pursuant to applicable agreements
Issue 3 July 2012
Assumed knowledge
Alcatel-Lucent operations and maintenance concepts for the BSS and RNS
NPO operations
Installation tools and materials
IP and IP networks
UNIX commands
RMAN to put in place the Backup/Restore mechanism.
Product names
This document uses the following NPO naming convention: 9959 NPO and the generic
term NPO refer to the Alcatel-Lucent 9959 Network Performance Optimizer.
Prerequisites
None.
Technical support
For technical support, contact your local Alcatel-Lucent customer support team. See the
Alcatel-Lucent Support web site (http://www.alcatel-lucent.com/support/) for contact
information.
How to order
To order Alcatel-Lucent documents, contact your local sales representative or use Online
Customer Support (OLCS) (http://support.alcatel-lucent.com)
How to comment
To comment on this document, go to the Online Comment Form (http://infodoc.alcatellucent.com/comments/) or e-mail your comments to the Comments Hotline
(comments@alcatel-lucent.com).
....................................................................................................................................................................................................................................
Alcatel-Lucent Proprietary
Alcatel-Lucent 9959 NPO
vi
Use pursuant to applicable agreements
9YZ-04669-0202-USZZA M5
Issue 3 July 2012
Overview
1
Overview
Purpose
This Overview gives information needed by project managers and foremen, for
presentation to the customer and for site planning.
Contents
Introduction
1-1
1-2
Introduction
Overview
This document presents the security of the NPO platform when it runs on Solaris or Red
Hat Linux. The scope of this document is to provide the information on the expected
security level of the NPO product.
There are a number of reasons for testing products, including:
At the same time, this document provides guidelines on security feature customizations
on the NPO. This document also supports external use when configuring firewalls.
...................................................................................................................................................................................................................................
Alcatel-Lucent 9959 NPO
Alcatel-Lucent Proprietary
1-1
9YZ-04669-0202-USZZA M5
Use pursuant to applicable agreements
Issue 3 July 2012
Overview
....................................................................................................................................................................................................................................
As a best practice, appropriate security mechanisms must be integrated into all phases of
the product development lifecycle in order to mitigate security breaches. The risks should
be understood and product development itself must minimize the introduction of security
vulnerabilities.
OS Platform hardening mainly consists of removing all unused components and disabling
any service/feature that are not required for the product that makes use of that OS
platform. CIS bench marks and other product security requirements should be followed
for OS hardening. Backdoors are methods that enable an attacker to bypass normal
authentication or to obtain remote access to the system, while intended to remain hidden
to casual inspection. Backdoors may take the form of an installed program or could be a
modification to a legitimate program/application.
....................................................................................................................................................................................................................................
Alcatel-Lucent Proprietary
Alcatel-Lucent 9959 NPO
1-2
Use pursuant to applicable agreements
9YZ-04669-0202-USZZA M5
Issue 3 July 2012
2 PO specific needs
N
related to security
compliance
Overview
Purpose
This section provides an overview of NPO specific needs related to security compliance.
Contents
NPO required port list
2-1
2-8
Secured
Network
connections
TCP/UDP
Port range
Note
SUN-RPC
No
TCP
111
portmapper
SUN-RPC
No
UDP
111
portmapper
SSH
Yes
TCP
22
SSH
NTP
No
UDP
123
NTP1)
HTTPS
Yes
PC => Main
TCP
443
CSA
JRMP/SSL
Yes
PC => Main
TCP
1098
CSA
JRMP/SSL
Yes
PC => Main
TCP
1099
CSA
CORBA/
IIOP
No
PC => Main
TCP
5000
Naming
Service
CORBA/
IIOP
No
TCP
5100
Notification
Service
HTTPS
Yes
TCP
5400
BlazeDS
...................................................................................................................................................................................................................................
Alcatel-Lucent 9959 NPO
Alcatel-Lucent Proprietary
2-1
9YZ-04669-0202-USZZA M5
Use pursuant to applicable agreements
Issue 3 July 2012
....................................................................................................................................................................................................................................
Protocol
Secured
Network
connections
TCP/UDP
Port range
Note
HTTPS
Yes
PC => Main
TCP
7979
Customer
Documentation
JCA/SSL
Yes
PC => Main
TCP
8093
CSA
HTTPS
Yes
PC => Main
TCP
8191
HTTPD
HTTPS
Yes
PC => Main
TCP
8443
HTTPD
HTTPS
Yes
PC => Main
TCP
9444
CSA
JRMP/SSL
Yes
PC => Main
TCP
14445
CSA
CORBA/
IIOP
No
PC => Main
TCP
3200032700
NPO
CORBA/
IIOP
No
TCP
3400034700
NPO
AJP/SSL
Yes
PC => Main
TCP
9009
CSA
JRMP/SSL
Yes
PC => Main
TCP
15500
CSA
JRMP
No
TCP
55555
PCMD
TLS
No
TCP
1521
Oracle
Listener2)
Local3)
TCP
390
LDAP
Local3)
TCP
636
LDAP/SSL
3)
TCP
2016
Oracle oraagent
3)
Local
TCP
5300
PMON IIOP
Local3)
TCP
5310
PMON
HSQLDB
Local3)
TCP
6010
X11
3)
Local
TCP
8006
Tomcat PMON
Local3)
TCP
8010
Tomcat PMON
Local3)
TCP
8444
Tomcat PMON
Local3)
TCP
8005
Tomcat MUSE
3)
TCP
8012
Tomcat MUSE
3)
Local
TCP
8445
Tomcat MUSE
Local3)
TCP
3873
NGSEC
Local3)
TCP
4444-4446
NGSEC
Local3)
TCP
8009
NGSEC
3)
TCP
8083
NGSEC
3)
TCP
9443
NGSEC
Local
Local
Local
Local
....................................................................................................................................................................................................................................
Alcatel-Lucent Proprietary
Alcatel-Lucent 9959 NPO
2-2
Use pursuant to applicable agreements
9YZ-04669-0202-USZZA M5
Issue 3 July 2012
....................................................................................................................................................................................................................................
Protocol
Secured
Network
connections
TCP/UDP
Port range
Local3)
TCP
Dynamic
ports
Note
The Oracle Listener is configured to accept only connections from NPO main or aux
servers.
3)
Ports indicated as local cannot be accessed from outside the server (local
firewalling)
This is the default list of opened ports on the NPO main server. If the customer has
specific applications or additional 3PP software installed on top of the NPO software,
then the system administrator may need to open additional ports. This can be done using
the IP filtering. Check IP filtering integration (p. 3-4) for more information.
A relevant example for these cases is the use of 3PP Centralized Backup Management
solutions. Refer to specific 3PP documentation for more information on port
requirements.
Information concerning the ports needed between the different instances of cluster is out
of the scope of this document.
The following table shows only the ports that are different in M5 versus M4.
Service
name
Service
used by
Local
HTTPS
Secure
Webserver
NAV
NavServer
IIOP
CORBA
AD
/MAAT
Auxiliary
X
X
Protocol
M5
Port
used
M4
Port
used
Additional
considerations
TCP
7001
Port 7001
used by
NPO for
html
properties
TCP
3399 3499
TCP
32000 32000
32700; 36000
34000
34700
Other
X
....................................................................................................................................................................................................................................
Alcatel-Lucent 9959 NPO
Alcatel-Lucent Proprietary
2-3
9YZ-04669-0202-USZZA M5
Use pursuant to applicable agreements
Issue 3 July 2012
....................................................................................................................................................................................................................................
Service
name
Service
used by
CSA
Security
Protocol
M5
Port
used
TCP
M4
Port
used
Additional
considerations
9080
Client to
server
15500 15500
15600
Server to
client
SUN-RPC
portmapper
TCP
111
SUN-RPC
portmapper
UDP
111
NTP
NPO
UDP
123
HTTPS
CSA
aaplication
TCP
443
JRMP
PCMD
application
TCP
55555
TLS
Oracle
Listener
TCP
1521
Oracle
listener is
configured
to accept
only
connections
from NPO
main or
AUX
servers
NPO only
acts as a
NTP client
LDAP/SSL
TCP
636
1)
Oracle
oraagent
TCP
2016
1)
X11
TCP
6010
1)
Tomcat
PMON
TCP
8444
1)
Tomcat
MUSE
TCP
8005
1)
Tomcat
MUSE
TCP
8012
1)
Tomcat
MUSE
TCP
8445
1)
NGSEC
TCP
3873
1)
....................................................................................................................................................................................................................................
Alcatel-Lucent Proprietary
Alcatel-Lucent 9959 NPO
2-4
Use pursuant to applicable agreements
9YZ-04669-0202-USZZA M5
Issue 3 July 2012
....................................................................................................................................................................................................................................
Service
name
Service
used by
Protocol
M5
Port
used
M4
Port
used
Additional
considerations
NGSEC
TCP
4444
4446
1)
NGSEC
TCP
8009
1)
NGSEC
TCP
8083
1)
NGSEC
TCP
9443
1)
TCP
Dynamic
ports
1)
Note: 1) Ports indicated as local cannot be accessed from outside the server
Linux NPO Aux server
Secured
Network
connections
TCP/UDP
Port range
Note
SUN-RPC
No
TCP
111
port mapper
SUN-RPC
No
UDP
111
port mapper
SSH
Yes
TCP
22
SSH
NTP
No
UDP
123
NTP1)
No
TCP
5000
Naming service
CORBA/
IIOP
No
TCP
5300
Process
monitoring
CORBA/
IIOP
No
TCP
3200032700
NPO
CORBA/
IIOP
No
TCP
3400034700
NPO
Local2)
TCP
390
LDAP
2)
Local
TCP
443
CSA
Local2)
TCP
636
CSA
LDAP/SSL
....................................................................................................................................................................................................................................
Alcatel-Lucent 9959 NPO
Alcatel-Lucent Proprietary
2-5
9YZ-04669-0202-USZZA M5
Use pursuant to applicable agreements
Issue 3 July 2012
....................................................................................................................................................................................................................................
Protocol
Secured
Network
connections
TCP/UDP
Port range
Note
Local2)
TCP
5310
PMON
HSQLDB
Local2)
TCP
6010
X11
2)
TCP
8006
Tomcat PMON
2)
Local
TCP
8010
Tomcat PMON
Local2)
TCP
8444
Tomcat PMON
Local2)
TCP
8443
HTTPD
Local2)
TCP
8191
HTTPD
2)
TCP
Dynamic
ports
Local
Local
Ports indicated as local cannot be accessed from outside the server (local
firewalling)
Secured
Network
connections
TCP/UDP
Port range
Note
RMI
Yes
Main => PC
TCP
1550015600
CSA callbacks
CORBA/
IIOP
No
Main => PC
TCP
3200036000
CORBA NPO
components
Local
TCP
3399-3499
NAV
....................................................................................................................................................................................................................................
Alcatel-Lucent Proprietary
Alcatel-Lucent 9959 NPO
2-6
Use pursuant to applicable agreements
9YZ-04669-0202-USZZA M5
Issue 3 July 2012
....................................................................................................................................................................................................................................
Authentication
1. Account set-up and public key exchange on MME is described in the PCMD
reference guide 1.3 and 1.4.
Note: There is no connection from MME back to NPO server.
Connection to EMS (incoming connections for EMS):
The NPO connects to OMC-R, WMS and SAM depending on deployed technology. All
connections are initiated by NPO (Main and Aux servers) using below documented ports.
For EMS releases not supporting secured connections (B11, UA7), the NPO will use FTP
connecting either on TCP/port 20 or on TCP/port 21.
By default, the NPO will use SSH/SFTP connecting on TCP/port 22.
In the particular SAM case (LTE), SAM-O interface is accessed either using HTTP
TCP/port 8080 (non-secured mode) or HTTPS TCP/port 8443 (secured mode). For more
information, refer to NPO and SAM-O documentation regarding connection configuration
and authentication settings.
Note: There is no connection from EMS back to NPO server.
Details for SAM case:
CM data: Main NPO server connects on Main SAM, SFTP is used to retrieve the
snapshot file. Snapshot file generation is scheduled every day on SAM server during
installation. In redundancy case, SAM-O/HTTP is used to identify which SAM server is
active.
NUART data: Main NPO server connects on main SAM, SAM-O/HTTP is used to
generate the file(s), SFTP is used to retrieve the resulting file(s). In redundancy case,
SAM-O/HTTP is used to identify which SAM server is active.
ENB PM data: QoS Aux NPO server (Main if no Aux) connects on Aux SAM (Main if no
Aux), SSH is used to list files, SFTP is used to retrieve files. In redundancy case,
SAM-O/HTTP is used to find active SAM Aux (or Main).
MME PM data: it is the same as for ENB PM data. In redundancy case, SAM-O/HTTP is
used to find active SAM server.
HTTP is on port 8080. All SSH things (ssh, sftp, scp) are on port 22.
....................................................................................................................................................................................................................................
Alcatel-Lucent 9959 NPO
Alcatel-Lucent Proprietary
2-7
9YZ-04669-0202-USZZA M5
Use pursuant to applicable agreements
Issue 3 July 2012
....................................................................................................................................................................................................................................
Cachefs
Desktop Management Interface (DMI)
Kerberos Key Distribution Center (KDC)
Line printer (LP)
UUCP server
Character generator
Comsat
Daytime
Discard
Echo
Finger
Kernel statistics server
Network rwall server
....................................................................................................................................................................................................................................
Alcatel-Lucent Proprietary
Alcatel-Lucent 9959 NPO
2-8
Use pursuant to applicable agreements
9YZ-04669-0202-USZZA M5
Issue 3 July 2012
....................................................................................................................................................................................................................................
Remote login
Remote quota server
The following is a list of services that are deactivated or not installed on the NPO Solaris:
Automount
Buttons and Dials Stream
RPC 100235
Kerberos V5 warning messages daemon
Comsat
Daytime
Discard
....................................................................................................................................................................................................................................
Alcatel-Lucent 9959 NPO
Alcatel-Lucent Proprietary
2-9
9YZ-04669-0202-USZZA M5
Use pursuant to applicable agreements
Issue 3 July 2012
....................................................................................................................................................................................................................................
Echo
Finger
Talk
Trivial name server
Telnet
NFS (Network File System) (refer to the following note).
Note: The NFS is still enabled for 2xV490 ASM configurations.
....................................................................................................................................................................................................................................
Alcatel-Lucent Proprietary
Alcatel-Lucent 9959 NPO
2-10
Use pursuant to applicable agreements
9YZ-04669-0202-USZZA M5
Issue 3 July 2012
Overview
Purpose
This section describes how to define and ensure security on NPO products.
Contents
OS hardening integration
3-1
IP filtering integration
3-4
Auditing
3-7
3-9
OS hardening integration
OS hardening
ALUoshmain
ALUsst
All services present in 3.2 services that are closed on the NPO are verified and disabled if
they are installed.
crontab entries for the following system accounts are locked and removed:
listen
nobody4
...................................................................................................................................................................................................................................
Alcatel-Lucent 9959 NPO
Alcatel-Lucent Proprietary
3-1
9YZ-04669-0202-USZZA M5
Use pursuant to applicable agreements
Issue 3 July 2012
OS hardening integration
....................................................................................................................................................................................................................................
nuucp
smmsp
uucp
/var/adm/emerglog file to track the critical error that original sent to console and
root mail
....................................................................................................................................................................................................................................
Alcatel-Lucent Proprietary
Alcatel-Lucent 9959 NPO
3-2
Use pursuant to applicable agreements
9YZ-04669-0202-USZZA M5
Issue 3 July 2012
OS hardening integration
....................................................................................................................................................................................................................................
....................................................................................................................................................................................................................................
Alcatel-Lucent 9959 NPO
Alcatel-Lucent Proprietary
3-3
9YZ-04669-0202-USZZA M5
Use pursuant to applicable agreements
Issue 3 July 2012
IP filtering integration
....................................................................................................................................................................................................................................
IP filtering integration
Default approach on Solaris
Pre-configured set of IP filtering rules is delivered with the product to ensure that only
required IP communication from and to the NPO Server is valid
Alcatel-Lucent service team must be able to customize the default set of rules
Can be used to restrict access to weak services, that have to be enabled (i.e. not
disabled by OS hardening since required by the NPO application).
network/ipfilter
The IP Filter provides packet-filtering capabilities on a Solaris system. On a properly
setup system, it can be used to build a firewall.
network/pfil
The pfil framework allows for a specified function to be invoked, for every incoming
or outgoing packet, for a particular network I/O stream. These hooks may be used to
implement a firewall or perform packet transformations.
There are two configuration files: one for ipfiltetr and one for pfil.
The configuration file for pfil is located in /etc/ipf/pfil.ap and contains mainly the
interfaces on which pfil will be applied.
The configuration file for the ipfilter is located in /etc/ipf/ipf.conf which contains
the filtering rules for ports, interfaces, protocols, etc. The filtering rules implemented, for
each configured interface, are:
First, block and log everything by default, then allow specific services
Spoofing prevention
Reject any unroutable address
Reject land attack DoS
....................................................................................................................................................................................................................................
Alcatel-Lucent Proprietary
Alcatel-Lucent 9959 NPO
3-4
Use pursuant to applicable agreements
9YZ-04669-0202-USZZA M5
Issue 3 July 2012
IP filtering integration
....................................................................................................................................................................................................................................
It is possible to define individual rules. Mainly each rule is based on the following
parameters
<action><in-out><object>
For example, to block acces to this server on the ce0 interface from the 192.169.1.34 ip
address:
For the changes made in /etc/ipf/ipf.conf to be taken into account, you must
restart ipfilter (svcadm restart ipfilter).
When adding a new rule in /etc/ipf/ipf.conf, ensure that the new rule does not
conflict with an existing rule.
For more complex rules, refer to and also to the System Administration Guide IP Services
(http://docs.sun.com/app/docs/doc/816-4554).
Default approach on Linux
Pre-configured set of IP filtering rules is delivered with the product to ensure that only
required IP communication from and to the NPO Server is valid
Alcatel-Lucent service team must be able to customize the default set of rules
Can be used to restrict access to weak services, that have to be enabled (i.e. not
disabled by OS hardening since required by the NPO application).
....................................................................................................................................................................................................................................
Alcatel-Lucent 9959 NPO
Alcatel-Lucent Proprietary
3-5
9YZ-04669-0202-USZZA M5
Use pursuant to applicable agreements
Issue 3 July 2012
IP filtering integration
....................................................................................................................................................................................................................................
Spoofing prevention
Reject any unroutable address
Allow NPO applications on TCP and UDP
Allow HTTPS, SSH, NTP, AUTH
The list of NPO ports on main and AUX servers:
NPO main server:
TCP: 1098 1099 1521 5000 5100 7979 8443 8191 9444 10050 14445 34000 34013
UDP: 67
NPO AUX server:
TCP: 1098 1099 5000 5100 7979 8443 8191 9444 14445 34000 34013
UDP: 67
It is possible to define individual rules. Mainly each rule is based on the following
parameters
iptables -[AD] chain rule-specification [options]
....................................................................................................................................................................................................................................
Alcatel-Lucent Proprietary
Alcatel-Lucent 9959 NPO
3-6
Use pursuant to applicable agreements
9YZ-04669-0202-USZZA M5
Issue 3 July 2012
Auditing
....................................................................................................................................................................................................................................
Auditing
Default approach on Solaris
Solaris auditing is enabled in NPO, in order to provide logs on user activity on the file
system.
This script (parse_os_audit.sh) is used to view the audit logs.
Auditing can be performed at different levels in order to reduce the space and the used
resources:
Only level 1 can be enabled full time. Enabling level 2 and level 3 will have an impact
over the performance and must be enabled only for short periods of time. The NPO
performance is not guaranteed when level 2 and level 3 are enabled.
The history in level 2 and level 3 cannot be predicted, because it depends on the activity
on the server, disk space will decrease rapidly.
Usage:
parse_os_audit.sh [--after datetime] [--before datetime] [-class <C>] [--event (E)] [--user <U>] <AUDIT_FILE_NAME> [>
<OUTPUT_FILE_NAME>]
are to be used.
minfree specifies the percentage of free space that must be present in the file system
....................................................................................................................................................................................................................................
Alcatel-Lucent 9959 NPO
Alcatel-Lucent Proprietary
3-7
9YZ-04669-0202-USZZA M5
Use pursuant to applicable agreements
Issue 3 July 2012
Auditing
....................................................................................................................................................................................................................................
The <OUTPUT_FILE_NAME> is the name of the file where the result of parsing is put. It is
optional, but it is recommended to use this file since the output of the parsing command is
usually large.
Configuration provided by ALU on Solaris
The auditing level can be changed using BSMrun (the server must be booted in single
user mode - init 1). Refer to the following procedure Manage Solaris Audit Logs
(../npoplug/npopl304.htm)
Default approach on Linux
Linux auditing can be enabled in NPO, in order to provide logs on user activity on file
system.
This script (parse_os_audit.sh), located in the /usr/sbin/ directory, is used to
view the audit logs.
Auditing is performed at different levels in order to reduce the space and the used
resources:
Only level 1 can be enabled full time. NPO is dimensioned to store 10 files of 100 Mb
which correspond to 90 days of normal utilization of NPO in levels 1.
Enabling level 2 and level 3 will have an impact over the performance and must be
enabled only for short periods of time. The NPO performance is not guaranteed when
level 2 and level 3 are enabled.
The history in level 2 and level 3 cannot be predicted, because it depends on the activity
of the server, disk space will decrease rapidly (disk will be full in a matter of hours in
level 2 and minutes in level 3).
Usage:
parse_os_audit.sh [--after datetime] [--before datetime] [-class <C>] [--event (E)] [--user <U>] [<AUDIT_FILE_NAME>] [>
<OUTPUT_FILE_NAME>]
The audit logs are located in /var/log/audit . The log file rotation is performed
automatically by the auditd demon. The configuration file of the auditd demon is
/etc/audit/auditd.conf. <AUDIT_FILE_NAME> is optional and it is used only in
case a different file is parsed.
....................................................................................................................................................................................................................................
Alcatel-Lucent Proprietary
Alcatel-Lucent 9959 NPO
3-8
Use pursuant to applicable agreements
9YZ-04669-0202-USZZA M5
Issue 3 July 2012
Auditing
....................................................................................................................................................................................................................................
With this configuration file, the disk space usage of audit log files can be configured. For
example, you may have the following parameters inside the file:
log_file = /var/log/audit/audit.log
max_log_file = 5
max_log_file_action = ROTATE
log_file specifies the full path name to the log file where audit records will be stored.
max_log_file specifies the maximum file size in megabytes. When this limit is
reached, it will trigger a configurable action (max_log_file_action).
max_log_file_action tells the system what action to take when the system has
detected that the maximum file size limit has been reached. Valid values are ignore,
syslog, suspend, rotate and keep_logs. The rotate option will cause the audit
The auditing level can be changed using BSMrun. Refer to the following procedure
Manage Linux Audit Logs (../npoplug/linaudit.htm)
This vulnerability scanner serves a key role in the test process. It scans for known security
problems that are common in IP applications. The test suite is continually enhanced as
new problems are discovered and the latest tests can be downloaded from the Internet.
Customized tests can easily be added to the suite using the NASL scripting language.
Up to date Nesus tool is always used for scanning the servers.
The plugin domains used by Nesus tool are:
CGI abuses
Databases
Default Unix Accounts
Denial of Service
DNS
Finger abuses
Firewalls
FTP
Gain a shell remotely
....................................................................................................................................................................................................................................
Alcatel-Lucent 9959 NPO
Alcatel-Lucent Proprietary
3-9
9YZ-04669-0202-USZZA M5
Use pursuant to applicable agreements
Issue 3 July 2012
....................................................................................................................................................................................................................................
General
HP-UX Local Security Checks
Misc
Peer-To-Peer File Sharing
Policy Compliance
Port scanners
Red Hat Local Security Checks
RPC
Service detection
SMTP problems
SNMP
Solaris Local Security Checks
Web Servers.
CIS
The CIS Configuration Assessment Tool is used to test the operating system configuration
against industry best practices. Alcatel-Lucent has license to use all CIS benchmark tools
and documents. The tool can be downloaded from the QA&CC STO website or from the
CIS website directly.
McAfee Foundstone Enterprise
These black-box DoS testing tools implement known network flood attacks (TCP flood,
Naptha, Ping flood, ICMP Echo Reply flood, IP TTL=0 flood) and logic/software attacks
(Land, Ping of Death, Teardrop). To simplify their usage, a generic CLI framework is
provided.
Protocol robustness tools
TBC.
....................................................................................................................................................................................................................................
Alcatel-Lucent Proprietary
Alcatel-Lucent 9959 NPO
3-10
Use pursuant to applicable agreements
9YZ-04669-0202-USZZA M5
Issue 3 July 2012
Overview
Purpose
This section describes the classes, event names and actions that can be used to ensure
security;
Contents
Audit log level for Solaris
4-1
4-4
Event Name
Action
al1
AUE_login
login - local
al1
AUE_logout
logout
al1
AUE_telnet
login - telnet
al1
AUE_rlogin
login - rlogin
al1
AUE_rshd
rsh access
al1
AUE_su
su
al1
AUE_rexecd
rexecd
al1
AUE_passwd
passwd
al1
AUE_rexd
rexd
al1
AUE_ftpd
ftp access
al1
AUE_ftpd_logout
ftp logout
al1
AUE_ssh
login - ssh
al1
AUE_role_login
role login
...................................................................................................................................................................................................................................
Alcatel-Lucent 9959 NPO
Alcatel-Lucent Proprietary
4-1
9YZ-04669-0202-USZZA M5
Use pursuant to applicable agreements
Issue 3 July 2012
....................................................................................................................................................................................................................................
Class
Event Name
Action
al1
AUE_prof_cmd
profile command
al1
AUE_newgrp_login
newgrp login
al1
AUE_admin_authenticate
admin login
al2
AUE_EXIT
exit(2)
al2
AUE_FORK
fork(2)
al2
AUE_CREAT
creat(2)
al2
AUE_LINK
link(2)
al2
AUE_UNLINK
unlink(2)
al2
AUE_EXEC
exec(2)
al2
AUE_MKNOD
mknod(2)
al2
AUE_CHMOD
chmod(2)
al2
AUE_ACCESS
access(2)
al2
AUE_KILL
kill(2)
al2
AUE_SYMLINK
symlink(2)
al2
AUE_READLINK
readlink(2)
al2
AUE_EXECVE
execve(2)
al2
AUE_CHROOT
chroot(2)
al2
AUE_VFORK
vfork(2)
al2
AUE_SETGROUPS
setgroups(2)
al2
AUE_SETPGRP
setpgrp(2)
al2
AUE_FCHOWN
fchown(2)
al2
AUE_FCHMOD
fchmod(2)
al2
AUE_RENAME
rename(2)
al2
AUE_MKDIR
mkdir(2)
al2
AUE_RMDIR
rmdir(2)
al2
AUE_UTIMES
utimes(2)
al2
AUE_STATFS
statfs(2)
al2
AUE_MOUNT
mount(2)
al2
AUE_OPEN_RC
open(2) - read,creat
al2
AUE_OPEN_RT
open(2) - read,trunc
al2
AUE_OPEN_RTC
open(2) - read,creat,trunc
al2
AUE_OPEN_W
open(2) - write
al2
AUE_OPEN_WC
open(2) - write,creat
al2
AUE_OPEN_WT
open(2) - write,trunc
....................................................................................................................................................................................................................................
Alcatel-Lucent Proprietary
Alcatel-Lucent 9959 NPO
4-2
Use pursuant to applicable agreements
9YZ-04669-0202-USZZA M5
Issue 3 July 2012
....................................................................................................................................................................................................................................
Class
Event Name
Action
al2
AUE_OPEN_WTC
open(2) - write,creat,trunc
al2
AUE_OPEN_RW
open(2) - read,write
al2
AUE_OPEN_RWC
open(2) - read,write,creat
al2
AUE_OPEN_RWT
open(2) - read,write,trunc
al2
AUE_OPEN_RWTC
open(2) - read,write,creat,
trunc
al2
AUE_CORE
al2
AUE_SETUID
old setuid(2)
al2
AUE_UTIME
old utime(2)
al2
AUE_SETGID
old setgid(2)
al2
AUE_MUNMAP
munmap(2)
al2
AUE_LCHOWN
lchown(2)
al2
AUE_FORK1
fork1(2)
al2
AUE_ACLSET
al2
AUE_UMOUNT2
umount2(2)
al2
AUE_cron_invoke
cron-invoke
al2
AUE_crontab_create
crontab-crontab created
al2
AUE_crontab_delete
crontab-crontab deleted
al2
AUE_halt_solaris
halt(1m)
al2
AUE_init_solaris
init(1m)
al2
AUE_uadmin_solaris
uadmin(1m)
al2
AUE_poweroff_solaris
poweroff(1m)
al2
AUE_crontab_mod
crontab-modify
al2
AUE_filesystem_add
add filesystem
al2
AUE_filesystem_delete
delete filesystem
al2
AUE_filesystem_modify
modify filesystem
al2
AUE_network_add
al2
AUE_network_delete
al2
AUE_network_modify
al2
AUE_allocate_succ
allocate-device success
al2
AUE_allocate_fail
allocate-device failure
al2
AUE_deallocate_succ
deallocate-device success
al2
AUE_deallocate_fail
deallocate-device failure
al2
AUE_listdevice_succ
....................................................................................................................................................................................................................................
Alcatel-Lucent 9959 NPO
Alcatel-Lucent Proprietary
4-3
9YZ-04669-0202-USZZA M5
Use pursuant to applicable agreements
Issue 3 July 2012
....................................................................................................................................................................................................................................
Class
Event Name
Action
al2
AUE_listdevice_fail
al2
AUE_create_user
create user
al2
AUE_modify_user
modify user
al2
AUE_delete_user
delete user
al2
AUE_disable_user
disable user
al2
AUE_enable_user
enable user
al2
AUE_smserverd
smserverd
al3
AUE_CHDIR
chdir(2)
al3
AUE_STAT
stat(2)
al3
AUE_LSTAT
lstat(2)
al3
AUE_FCNTL
fcntl(2)
al3
AUE_OPEN_R
open(2) - read
al3
AUE_CLOSE
close(2)
Level
Event Name
Actions
ALL
CWD
PATH
al1
LOGIN
al1
USER_AUTH
al1
USER_ACCT
al1
CRED_ACQ
al1
CRED_DISP
al1
CRED_REFR
al1
USER_START
al1
USER_END
al1
USER_AUTH
al1
USER_ERR
al1
USER_LOGIN
al1
USER_LOGOUT
....................................................................................................................................................................................................................................
Alcatel-Lucent Proprietary
Alcatel-Lucent 9959 NPO
4-4
Use pursuant to applicable agreements
9YZ-04669-0202-USZZA M5
Issue 3 July 2012
....................................................................................................................................................................................................................................
Level
Event Name
Actions
al1
USER_CHAUTHTOK
al2
CONFIG_CHANGE
al2
EXECVE
al2
OBJ_PID
al2
SYSCALL
exit
al2
SYSCALL
fork
al2
SYSCALL
kill
al2
SYSCALL
execve
al2
SYSCALL
vfork
al3
SYSCALL
chdir
al3
SYSCALL
stat
al3
SYSCALL
lstat
al3
SYSCALL
fcntl
al3
SYSCALL
open
al3
SYSCALL
close
....................................................................................................................................................................................................................................
Alcatel-Lucent 9959 NPO
Alcatel-Lucent Proprietary
4-5
9YZ-04669-0202-USZZA M5
Use pursuant to applicable agreements
Issue 3 July 2012
....................................................................................................................................................................................................................................
....................................................................................................................................................................................................................................
Alcatel-Lucent Proprietary
Alcatel-Lucent 9959 NPO
4-6
Use pursuant to applicable agreements
9YZ-04669-0202-USZZA M5
Issue 3 July 2012