ESM Release Notes

ISO 17799 standard-based best practice policies for Red Hat Linux 7.0 operating systems

ESM Release Notes -- Red Hat Linux 7.0 best practice policies
The software described in this book is furnished under a license agreement and may be used only in accordance with the terms of the agreement.

Copyright Notice
All Rights Reserved.

Copyright 2001-2002 Symantec Corporation.

Any technical documentation that is made available by Symantec Corporation is the copyrighted work of Symantec Corporation and is owned by Symantec Corporation. NO WARRANTY. The technical documentation is being delivered to you AS-IS and Symantec Corporation makes no warranty as to its accuracy or use. Any use of the technical documentation or the information contained therein is at the risk of the user. Documentation may include technical or other inaccuracies or typographical errors. Symantec reserves the right to make changes without prior notice. No part of this publication may be copied without the express written permission of Symantec Corporation, 20330 Stevens Creek Blvd., Cupertino, CA 95014.

Trademarks
Symantec, the Symantec logo, and Enterprise Security Manager are trademarks of Symantec Corporation. Microsoft, MS-DOS, Windows, and Windows NT are registered trademarks of Microsoft Corporation. Other product names mentioned in this manual may be trademarks or registered trademarks of their respective companies and are hereby acknowledged. Printed in the United States of America.

ESM Release Notes -- Red Hat Linux 7.0 Best Practice Policy
Introducing best practice policies ........................................................ 3 How best practice policies differ from ESM default policies ...... 4 How base policies differ from high-level policies ....................... 5 Industry research sources .............................................................. 6 Red Hat Linux 7.0 base policy ............................................................. 7 OS Patches checks and templates ................................................. 7 Password Strength checks ............................................................. 7 Startup Files checks and templates ............................................... 8 Red Hat Linux 7.0 high-level policy .................................................... 9 Account Integrity checks ............................................................... 9 File Attributes checks and templates .......................................... 11 File Find checks and templates ................................................... 12 File Watch checks and templates ................................................ 15 Login Parameters checks ............................................................. 16 Startup Files checks and templates ............................................. 17 User Files checks ......................................................................... 17 Policy installation procedures ............................................................ 19 Installation prerequisites .............................................................. 19 Installation steps .......................................................................... 19 Known restrictions .............................................................................. 21 Registration of new agents to ESM 5.1 managers ...................... 21

Service and support solutions

ESM Release Notes -- Red Hat Linux 7.0 Best Practice Policy

This manual documents base and high-level ISO 17799 standard-based best practice policies for Enterprise Security Manager (ESM) agents on Red Hat Linux version 7.0 operating systems. The documented policies are provided for ESM 5.1 and ESM 5.5 managers and agents that are running Security Update 9 or later module releases.

Introducing best practice policies

ESM best practice policies are configured by Symantecs security experts to protect specific applications and/or operating system platforms from security vulnerabilities that could compromise the confidentiality, integrity, and/or availability of data that is stored and transmitted on your computer network. Best practice policies are designed to enforce common best practices as described in the ISO/IEC 17799 international standard, Information technology - Code of practice for information security management, and defined through research by trusted security experts. Note: ESM best practice policies are based on sections of the ISO 17799 standard that address logical access controls and other security issues pertaining to electronic information systems. Symantec recommends that you review the ISO 17799 standard in its entirety to identify other issues, such as physical access controls and personnel training, that need to be addressed in your organizations information security policy.

ESM Release Notes -- Red Hat Linux 7.0 Best Practice Policy

How best practice policies differ from ESM default policies

The Phase 1, 2, and 3 default policies that are installed with ESM core product and Security Update releases are intended to be modified by users to enforce relaxed, cautious, and strict security policies in enterprises that include mixes of clients, servers, and applications that cannot be anticipated by ESM developers. Best practice policies are preconfigured by members of the Symantec Security Response team to harden specific operating system platforms and protect known combinations of applications and OS platforms. These policies use preconfigured values, name lists, templates, and word files that directly apply to the targeted applications and platforms. Best practice policies use the modules and templates from ESM Security Update releases to check OS patches, password settings, and other vulnerabilities on the targeted operating system. Best practice policies may also introduce new modules and templates to check conditions that are specifically related to the targeted application and/or OS platform. ESM best practice policies represent the collective wisdom of security experts, and they should not be modified by ESM users. In ESM 5.5, they are installed as read-only policies that cannot be edited. Warning: Do not attempt to modify an ESM best practice policy. Instead, copy and rename the policy, then edit the new version. This preserves the original best practice policy and also protects your customized policy from being overwritten by policy updates to the best practice policy.

Introducing best practice policies

How base policies differ from high-level policies

ESM best practice policies are configured as base policies, as high-level policies, or as a set that includes one base policy and one high-level policy. Base policies are configured using the 80-20 rule of security. The 80-20 rule states that 80 percent of successful compromise comes from 20 percent of a systems vulnerabilities or misconfiguration. To detect critical system vulnerabilities, base policies are configured to:
I I I I

Identify unneeded services Identify missing OS patches Enforce password strength rules Check for application or platform-specific vulnerabilities that are deemed most critical by security experts

High-level policies incorporate checks for additional best practices that are prescribed by the ISO 17799 standard and recommended for specific application and OS platform combinations by trusted information security experts.

ESM Release Notes -- Red Hat Linux 7.0 Best Practice Policy

Industry research sources

Many of the security vulnerabilities that are addressed by the ISO 17799 standard and ESM best practice policies have been researched by security experts in our industry. Best practice recommendations that result from this research are posted to numerous Web sites and published as advisories by a variety of organizations that act as security information clearing houses. Research resources for ESM best practice policies include, but are not limited to, the following:
I I I I I I I I I I

Symantec Security Response team Symantec AntiVirus Research Center (SARC) CERT Coordination Center SANS Institute Computer Incident Advisory Center (CIAC) Center for Internet Security (CIS) National Infrastructure Protection Center (NIPC) National Security Agency (NSA) Information Systems Audit and Control Association (ISACA) Application and operating system vendors

Note: ESM best practice policies were researched using information that was released into the public domain by the organizations listed above. Recognition of these organizations does not indicate official endorsement of ESM best practice policies by any of these organizations.

Red Hat Linux 7.0 base policy

Red Hat Linux 7.0 base policy

The Red Hat Linux 7.0 base policy runs the following ESM security checks on Red Hat Linux 7.0 operating systems to ensure compliance with the best practices described below. See your ESM Security Update Users Guide for UNIX Modules for more information about specific security checks.

OS Patches checks and templates

Install all patches that are defined in the Linux patch.plx Patch template file for Red Hat Linux version 7.0 operating systems to harden your operating systems and remove or reduce security weaknesses. See ISO 17799 section 10.4.1. Note: Make sure that you are using the patch.plx template file that was installed by ESM Security Update 9 or later. If you have edited this template, you should restore it to its previous state.

Password Strength checks

I

Password = username, Password = any username, Password within GECOS field, and Password = wordlist word. Passwords that are used to log in to your Red Hat Linux operating systems should not match any user name on your system, any name in GECOS fields in the /etc/passwd file, or any commonly-used dictionary word. The Red Hat Linux 7.0 base policy checks all passwords against both upper and lowercase forms of user names and word list words and reports user accounts that require password changes. See ISO 17799 section 9.3.1(d)(2). Accounts without passwords. All user accounts on your Red Hat Linux operating systems should require passwords to log in to those systems. See ISO 17799 sections 9.3.1 and 9.5.3.

ESM Release Notes -- Red Hat Linux 7.0 Best Practice Policy

Startup Files checks and templates

I

Services. The Red Hat Linux 7.0 base policy checks your Linux operating systems for services that are defined in the rhlnx70b.slx Services template file. Install any Mandatory services that are reported as missing and remove any installed services that are reported as Forbidden to secure your Red Hat Linux operating systems. See ISO 17799 sections 8.1.5(c) and 8.3.

Report services not in template. Review all system-owned processes that are reported by this check, but are not listed in the Services template; and remove all unnecessary services from your Red Hat Linux operating systems. See ISO 17799 section 9.4.9.

Red Hat Linux 7.0 high-level policy

Red Hat Linux 7.0 high-level policy

The Red Hat Linux 7.0 high-level policy runs all of the security checks that are included in the base policy as well as the following checks to ensure compliance with the best practices that are described below. See your ESM Security Update Users Guide for UNIX Modules for more information about specific security checks.

Account Integrity checks

I

Illegal login shells and Nonexistent login shells. Make sure that all user accounts on your Red Hat Linux operating systems have user login shells that are defined in the /etc/shells file and that exist on your Linux agents. See ISO 17799 section 9.2.1. Setuid login shells and Setgid login shells. Remove setuid and setgid privileges from all user login shells on your Red Hat Linux operating systems. See ISO 17799 section 9.2.2. Changed accounts and Changed groups. Review all changes to the /etc/passwd and /etc/group files since the last snapshot updates on your Red Hat Linux operating systems to ensure that unauthorized access is not granted to your systems. See ISO 17799 section 9.2.4. Note: The Account Integrity module creates and maintains user and group snapshot files on each ESM agent where the module runs. Run the module one time to create the snapshot files. Then periodically rerun the Red Hat Linux 7.0 high-level policy to detect user and group account changes.

Duplicate IDs. Review all user and group accounts that share the same UIDs or GIDs in the /etc/passwd or /etc/group files to ensure that only authorized users and groups have access to files that are owned by other users and groups. See ISO 17799 section 9.2.2. Privileged users and groups. Review all user and group accounts that are listed with super-user privileges in the /etc/passwd or /etc/ group files to ensure that only authorized accounts are granted privileged access to system files on your Red Hat Linux operating systems. See ISO 17799 section 9.2.2. Report excessive number of accounts. Limit the number of non-system accounts on your Red Hat Linux operating systems to five accounts or less. See ISO 17799 sections 9.2 and 9.4.

ESM Release Notes -- Red Hat Linux 7.0 Best Practice Policy

Accounts that must be disabled. Make sure that the following user accounts are disabled on your Red Hat Linux operating systems. See ISO 17799 sections 9.2 and 9.4 adm bin ftp games gopher halt lp news operator shutdown sync uucp Note: Successful execution of the Accounts that must be disabled check on Red Hat Linux operating systems requires that the system be configured to use the shadow password file. When the shadow password file is not used, the check reports the message, Password not disabled, for all accounts in the checks name list.

Password in /etc/passwd. Make sure that no password data is stored in the /etc/passwd file when your Red Hat Linux operating system is using or has access to shadow password files. See ISO 17799 section 9.2.3.

10

Red Hat Linux 7.0 high-level policy

File Attributes checks and templates

I

New (SU3+) Template File List. The Red Hat Linux 7.0 high-level policy uses the rhlnx70h.li New File template file to identify Mandatory and Forbidden files and expected attributes for system files that are installed by the Red Hat Linux 7.0 operating system. Restore any Mandatory system files that are reported as missing and remove any files that are reported as Forbidden to ensure the integrity of your system. See ISO 17799 section 8.3.1(d). Note: The File Attributes module creates and maintains a snapshot file on each ESM agent where you run the module to detect changes to file creation and modification times, file sizes, and CRC and MD5 checksum signatures. Run the module one time to create the snapshot. Then periodically rerun the Red Hat Linux 7.0 high-level policy to detect changes.

Check File User Ownership and Check File Group Ownership. Carefully review ownership changes to reported files to determine whether the integrity of the file system has been compromised. See ISO 17799 sections 5.1, 8.3, 10.4.1, and 10.5.4. You can update the New File templates from the ESM console grid to include changes that were authorized by your system administrator.

Check File Permissions. Carefully review all permissions changes for reported files to determine whether the integrity of the file system has been compromised. See ISO 17799 sections 8.3, 10.4.1, and 10.5.4. You can update the New File templates from the ESM console grid to include changes that were authorized by your system administrator.

Check File Creation Time, Check File Modification Time, and Check File Size. Carefully review all reported file attribute changes since the agents last snapshot update to determine whether the integrity of the file system has been compromised. See ISO 17799 sections 8.3, 10.4.1, and 10.5.4. You can update file attributes that are stored in the agents snapshot file from the ESM console grid to include changes that were authorized by your system administrator.

Perform Checksum Check (CRC/MD5). Carefully review changes to combined CRC and MD5 checksum signatures for all reported files to determine whether the integrity of the file system has been compromised. See ISO 17799 sections 8.3, 10.4.1, and 10.5.4.

11

ESM Release Notes -- Red Hat Linux 7.0 Best Practice Policy

You can update the file checksum signatures that are stored in the agents snapshot file from the ESM console grid to reflect changes that were authorized by your system administrator.

File Find checks and templates

I

Setuid files and Setgid files. Review all reported files with setuid or setgid attributes to make sure that these files do not provide read, write, or escape to shell privileges to unauthorized users. See ISO 17799 sections 9.2.2 and 9.4.1. Note: The File Find module creates and maintains an agent snapshot file that stores information about files with setuid and setgid properties. Run the module one time to create the snapshot. Then periodically rerun the Red Hat Linux 7.0 high-level policy to detect files with setuid and setgid property changes.

New setuid files and New setgid files. Carefully examine all reported files with setuid or setgid property changes. Use the chmod command to change properties if appropriate, or update the snapshot file to include authorized changes from the ESM console grid. See ISO 17799 section 9.2.2 and 9.4.1. Uneven file permissions. Review all reported files with uneven permissions and change permissions that give others more access than user access or group access. You should also change permissions that give groups more access than users. You can use the Correct function in the ESM console grid to correct reported file permissions errors. See ISO 17799 section 9.2.2 and 9.4.1. Unowned directories and files. Correct all reported directory or file ownerships that cannot be associated with user or group names on your Red Hat Linux operating systems. See ISO 17799 sections 5.1, 8.3, 10.4.1, and 10.5.4.

12

Red Hat Linux 7.0 high-level policy

File content search. The Red Hat Linux 7.0 high-level policy enables the rhlnx70h.fcs File Content Search template file to verify that your Red Hat Linux operating systems are securely configured. The following best practices are enforced by file content search checks for commands that are set in Red Hat Linux system files:
I

Add the following command lines to the top of the /etc/pam.d/su file to restrict users who can use the su command to access the root account to members of the wheel group. See ISO section 9.2.2. auth sufficient /lib/security/pam_rootok.so debug auth required /lib/security/pam_wheel.so group=wheel

Add the TMOUT = 7200 to the /etc/profile file to enable automatic logout of any user who leaves the Linux console unattended for 7200 seconds (2 hours). See ISO section 9.3.2. Add the following command to the /etc/sysctl.conf file to disable acceptance of ICMP redirect packets, then restart your network to effect the change. See ISO sections 9.4.2 and 9.4.8. net.ipv4.conf.all.accept_redirects = 0 Add the command nospoof on to the /etc/host.conf file to enable IP spoofing protection for the xinetd service. See ISO 17799 section 9.4.3. Add the following command to the /etc/sysctl.conf file to enable kernel-level IP spoofing protection. See ISO 17799 section 9.4.3. net.ipv4.conf.all.rp_filter = 1 Add the timeout=00 command to the /etc/lilo.conf file to keep the LILO boot loader program from waiting for user input before booting to the default selection. See ISO 17799 section 9.4.7. Add the following command to the /etc/sysctl.conf file to enable network error message protection. See ISO 17799 section 9.4.8. net.ipv4.icmp_ignore_bogus_error_responses = 1 Add the following command lines to the /etc/lilo.conf file to require a password before the Linux operating system boots into single user mode. See ISO 17799 section 9.4.7. restricted password=<password>

13

ESM Release Notes -- Red Hat Linux 7.0 Best Practice Policy

Set resource limitations for all users to protect your Linux systems from denial of service attacks. See ISO 17799 sections 9.2 and 9.4. Add the following commands to the /etc/security/limits.conf file: hard core 0 hard rss 5000 hard nproc 20 Then add the following command to the end of the /etc/pam.d/ login file: session required /lib/security/pam_limits.so

Remove or comment out all tty*device names except tty1 in the /etc/securetty file to restrict root logins to only one tty device. See ISO 17799 sections 9.2.2 and 9.4.7. Add the following command line to the /etc/sysctl.conf file to enable TCP SYN cookie protection and protect your Linux operating system from denial of service attacks. See ISO 17799 section 9.4.7. net.ipv4.tcp_syncookies = 1 Add the following command line to the /etc/sysctl.conf file to disable IP source routing. See ISO 17799 9.4.8. net.ipv4.conf.all.accept_source_route = 0 Add the following command line to the /etc/sysctl.conf file to enable logging of spoofed packets, source routed packets, and redirect packets; then restart your network to effect changes. See ISO 17799 sections 9.4.3 and 9.7.1. net.ipv4.conf.all.log_martians = 1 Add the following command line to the /etc/sysctl.conf file to prohibit your Linux operating system from responding to broadcast requests. See ISO 17799 section 9.4.7. net.ipv4.icmp_echo_ignore_broadcasts = 1 Add the following command line to the /etc/sysctl.conf file to prohibit your Linux operating system from responding to ping requests. See ISO 17799 section 9.4.7. net.ipv4.icmp_echo_ignore_all = 1 Remove or comment out the ca::ctrlaltdel:/sbin/shutdown command line in the /etc/inittab file to prevent system shutdowns and reboots with the CTRL-ALT-DELETE commands on the computer keyboard. See ISO 17799 section 9.5.2.

14

Red Hat Linux 7.0 high-level policy

Add the following line to the /etc/hosts.deny file to deny service requests to all hosts that are not specifically allowed access by the /etc/hosts.allow file. See ISO 17799 section 9.4.7. ALL:ALL@ALL, PARANOID Add the following command lines to the /etc/profile file to limit the number of previously entered command lines that is stored on your Linux operating system to 20. See ISO 17799 section 9.5.2. HISTSIZE = 20 HISTFILESIZE = 20

File Watch checks and templates

I

Files/directories to watch. The Red Hat Linux 7.0 high-level policy uses the rhlnx70h.fw File Watch template file to enable monitoring of changes to files in the following directories and all levels of subdirectories beneath them. See ISO 17799 section 10.2.2.2. /bin /lib /sbin /usr/bin /usr/lib /usr/sbin

Enable ownership checks. This check reports files in the watched directories and subdirectories with ownership changes since the agent snapshot file was created or last updated. You should carefully investigate all reported ownership changes to determine whether the integrity of the file system has been compromised. If reported changes were authorized, you can update the snapshot file from the ESM console grid. See ISO 17799 sections 5.1 and 10.2.2.2. Note: You must run the File Watch module in the Red Hat Linux 7.0 high-level policy one time to create a baseline snapshot file on each Red Hat Linux operating system that will be watched before you periodically rerun the policy to detect changes.

Enable permissions checks. This check reports files in the watched directories and subdirectories with file permissions changes since the agent snapshot file was created or last updated. Carefully review all changes to determine whether the integrity of the file system has been compromised. If reported changes were authorized, you can update the agent snapshot file from the ESM console grid. See ISO 17799 sections 9.2.2 and 10.2.2.2.
15

ESM Release Notes -- Red Hat Linux 7.0 Best Practice Policy

Enable signature checks against snapshot. This check reports files in the watched directories and subdirectories with combined CRC and MD5 file signature changes since the agent snapshot file was created or last updated. Carefully investigate all reported file signature changes to determine whether the integrity of the file system has been compromised. If reported changes were authorized, you can update the snapshot file from the ESM console grid. See ISO 17799 sections 10.2.2.2 and 10.3.3. Enable new file checks and Enable removed file checks. These checks report files that have been added to or removed from the watched directories and subdirectories since the agent snapshot file was created or last updated. Carefully investigate all reported file changes to determine whether the integrity of the file system has been compromised. If reported changes were authorized, you can update the snapshot file from the ESM console grid. See ISO 17799 sections 8.3, 10.4.1, and 10.5.4.

Login Parameters checks

I

Inactive accounts. Review all reported accounts that have not been logged into within the past 30 days and remove all accounts that are no longer required to prohibit unauthorized access to your system. See ISO 17799 section 9.2.1(h). Note: Successful execution of the Inactive accounts check on a Red Hat Linux operating system requires that the system be configured to use the shadow password file.

Login failures. Carefully review all failed login attempts within the past 15 days to identify any break-in attempts on your system. See ISO 17799 sections 8.3 and 9.5.2(e). Remote root logins. Make sure the root account on your Red Hat Linux operating system cannot be accessed remotely through rlogin or telnet. The root account should be accessed only through the system console. See ISO 17799 sections 9.2.2 and 10.5.4.

16

Red Hat Linux 7.0 high-level policy

Startup Files checks and templates

I

Services. The Red Hat Linux 7.0 high-level policy checks your Linux operating systems for services that are defined in the rhlnx70h.slx Services template file. Install any Mandatory services that are reported as missing and remove any installed services that are reported as Forbidden to secure your Red Hat Linux operating systems. See ISO 17799 sections 8.1.5(c) and 8.3.

Report duplicate services. Review all reported, system-owned services, processes, or commands that are duplicated on your system (i.e., found in the process table more than once) and stop any processes that are not authorized. See ISO 17799 sections 8.3 and 10.2.2.2. Report services not in template. Review all system-owned processes that are reported by this check, but are not listed in the Services template; and remove all unnecessary services from your Red Hat Linux operating systems. See ISO 17799 section 9.4.9.

User Files checks

I

File ownership. Review all reported files in the users directory tree that are not owned by the user. Incorrect file ownership can allow unauthorized access to files and deny access to authorized users. Use the Correct function in the ESM console grid to restore correct ownership. See ISO 17799 sections 5.1 and 8.3. World writable files. Review all reported, world-writable files to ensure that world write access is necessary for these files. Use the Correct function in the ESM console grid to remove write permissions for others if appropriate. See ISO 17799 sections 8.3, 9.2.2, and 10.5.4. Set UID or GID. Review all reported files with setuid or setgid properties. These files set the UID or GID of users executing the files to the UID or GID of the file owner or others and may provide unauthorized access to your system. Use the Correct function in the ESM console grid to change the setuid or setgid properties of reported files. See ISO 17799 sections 8.3, 9.2.2, and 10.5.4. Check startup file contents. Review all reported accounts with .rhosts files (which allow remote logins without passwords) or .netrc files (which store user passwords). Make sure that all accounts are authenticated by passwords and that unencrypted passwords are not stored on the system. See ISO 17799 sections 9.3.1 and 9.5.4(i).

17

ESM Release Notes -- Red Hat Linux 7.0 Best Practice Policy

Check startup file protection. Make sure that the following startup files are owned by the user and are not executable or writable by groups or others. See ISO 17799 sections 8.3 and 10.5.4. .cshrc .exrc .forward .login .mailrc .netrc .newsrc .nodes .profile .rhosts .Xdefaults

Suspicious file names. Remove all reported files with suspicious file names that match a user name on the system or a system command in the system man pages to protect your system from unauthorized access. See ISO 17799 sections 8.3 and 10.5.4. Device files. Remove all reported block-special or character-special (device) files from user home directories to protect your system from unauthorized access. See ISO 17799 sections 8.3 and 10.5.4. Mount points. Remove all device mount points from user home directories to protect your system from unauthorized access. See ISO 17799 sections 8.3 and 10.5.4.

18

Policy installation procedures

Policy installation procedures

ESM best practice policies should be installed on the ESM managers that will run the policies on ESM agents with the applications and operating system platforms that are targeted by specific best practice policies.

Installation prerequisites
Before you install the best practice policies that are documented in this manual, you must complete the following prerequisites:
I

Upgrade all ESM manager and agent systems that will use the best practice policies to ESM version 5.1 or later. Upgrade the UNIX modules on all ESM manager and agent systems that will use the best practice policies to Security Update 9 or later. Download the BestPractice_Red_Hat_7.0_Linux executable file on the Symantec Security Response Web site at: http://securityresponse.symantec.com Identify the ESM account name, the ESM account password, and the communication port that are used by each ESM manager that you intend to install.

Installation steps
1

Run the BestPractice_Red_Hat_7.0_Linux executable file from a Windows 2000, Windows NT, or Windows XP system that has network access to the ESM manager you want to install. Click Next to close the InstallShield Welcome dialog box. Click Yes to accept the Symantec Corporation Software License Agreement. If the installation program does not find the required Java 2 Runtime libraries on your system, you will be prompted to install the Java 2 Runtime Environment. Click Yes to start the installation, click Yes to accept the Software License Agreement, and then click Next to install the Java 2 Runtime Environment. Click Yes to continue installation of the best practice policies.

2 3 4

19

ESM Release Notes -- Red Hat Linux 7.0 Best Practice Policy

Enter requested ESM Manager Information, then click Next. Note: If the modules installed on the specified manager system have not been upgraded to Security Update 9 or later, the install program returns an error message and aborts the installation of the best practice policies. Upgrade the manager to SU9 or later and rerun the install program.

Click Finish to exit the installation program after a successful installation.

20

Known restrictions

Known restrictions
Registration of new agents to ESM 5.1 managers
When you register an ESM 5.1 agent with an operating system that was not registered to your ESM 5.1 manager before you installed a best practice policy, the new agents operating system inaccurately displays in the policys expanded module lists in the ESM Enterprise tree. For example, if you install the Red Hat Linux 7.0 base or high-level policy on an ESM 5.1 manager where only UNIX agents are registered, then register a Windows 2000 agent to that manager, the WIN2000 agent listing displays in the module lists. This is misleading, because these policies do not run on Windows 2000 agents. Reinstall the policies to correct the module listings. These are cosmetic errors that are fixed in the ESM 5.5 console release. If you are using the ESM 5.1 console, remember that each ESM best practice policy is intended to run only on ESM agents that are running the applications and/or operating system versions that are targeted by the policy.

21

ESM Release Notes -- Red Hat Linux 7.0 Best Practice Policy

22

Service and support solutions

Symantecs Technical Support Group of skilled Technical Engineers can provide platform-specific information about Symantec products. Our staff has in-depth expertise in both client/server computing and information security technology.

Contacting Technical Support

To contact Symantecs technical support:

North America, Latin America, or Asia Pacific

Telephone:(888) 727-8671 Web:http://www.symantec.com/techsupp/

Outside North America but supported from the United States (i.e., APLA)
Telephone:(781) 663-2686 Web:http://www.symantec.com/techsupp/

Europe, Middle East, Africa, (EMEA)

Telephone:+44 (0) 1372 214321 FAX:+44 (0) 1372 751815 E-mail:eurbox_epsom@symantec.com

23

Service and support solutions

Licensing
Telephone:(888) 584-3925 FAX:(781) 487-9818 E-mail:license@symantec.com

World Wide Web Site

Web:http://www.symantec.com/techsupp/

24

Service and support offices

North America
Symantec Corporation 175 W. Broadway Eugene, OR 97401 U.S.A. Automated Fax Retrieval http://www.symantec.com/ Fax: (541) 984-8020

(800) 554-4403 (541) 984-2490

Argentina, Chile, and Uruguay

Symantec Region Sur Cerrito 1054 - Piso 9 1010 Buenos Aires Argentina http://www.symantec.com/region/mx +54 (11) 4315-0889 Fax: +54 (11) 4314-3434

Asia/Pacific Rim
Symantec Australia Pty. Ltd. 408 Victoria Road Gladesville, NSW 2111 Australia http://www.symantec.com/region/reg_ap/ +61 (2) 9850 1000 Fax: +61 (2) 9817 4550

Brazil
Symantec Brasil Market Place Tower Av. Dr. Chucri Zaidan, 920 12 andar So Paulo - SP CEP: 04583-904 Brasil, SA http://www.symantec.com/region/br/ +55 (11) 3048-7515 Fax: +55 (11) 3048-7510

Colombia, Venezuela, the Caribbean, and Latin America

Symantec Corporation 175 W. Broadway Eugene, OR 97401 U.S.A. http://www.symantec.com/region/mx/ +1 (541) 334-6054 (U.S.A.) Fax: (541) 984-8020 (U.S.A.)

25

Service and support solutions

Europe, Middle East, and Africa

Symantec Customer Service Center P.O. Box 5689 Dublin 15 Ireland Automated Fax Retrieval http://www.symantec.com/region/reg_eu/ +353 (1) 811 8032 Fax: +353 (1) 811 8033 +31 (71) 408-3782

Mexico
Symantec Mexico Blvd Adolfo Ruiz Cortines, No. 3642 Piso 14 Col. Jardines del Pedregal Ciudad de Mxico, D.F. C.P. 01900 Mxico http://www.symantec.com/region/mx +52 (5) 661-6120

Every effort has been made to ensure the accuracy of this information. However, the information contained herein is subject to change without notice. Symantec Corporation reserves the right for such change without prior notice. October 2000

26