Scribd
Upload
115 views

Information For Hardening Supported Operating Systems: Connectivity

Swift OS Hardening

Uploaded by

HTM
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
115 views

Information For Hardening Supported Operating Systems: Connectivity

Swift OS Hardening

Uploaded by

HTM
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 17

Connectivity

Information for Hardening Supported


Operating Systems
Recommended Settings
This document explains how to implement "system hardening" on a SWIFT host. It is intended for customers who
use release 7.0 of the following Connectivity products: SWIFTNet Link, Alliance Gateway, Alliance Access, Alliance
Entry, Alliance Web Platform, Alliance Web Platform Server-Embedded, or WebSphere MQ Interface for Alliance
Access.

27 July 2012
Connectivity

Table of Contents
Preface .................................................................................................................................................3
1 Purpose of System Hardening ................................................................................................4
1.1 Overview of Recommended Actions .......................................................................................4
2 Listeners Installed for SWIFT Software .................................................................................5
2.1 SWIFTNet Link ........................................................................................................................5
2.2 Remote PED Workstation .......................................................................................................6
2.3 Alliance Gateway ....................................................................................................................6
2.4 Alliance Access and Alliance Entry .........................................................................................7
2.5 WebSphere MQ Interface for Alliance Access (MQSA) ..........................................................7
2.6 Alliance Web Platform .............................................................................................................8
2.7 Alliance Web Platform Server-Embedded ..............................................................................8
3 Accounts and Groups - UNIX and Linux ................................................................................9
3.1 SWIFTNet Link ........................................................................................................................9
3.2 Alliance Gateway ....................................................................................................................9
3.3 Alliance Web Platform and Alliance Web Platform Server-Embedded ...................................9
4 Accounts and Groups - Windows Server 2008 R2..............................................................10
4.1 SWIFTNet Link ......................................................................................................................10
4.2 Remote PED Workstation .....................................................................................................10
4.3 Alliance Gateway ..................................................................................................................10
4.4 Alliance Access and Alliance Entry .......................................................................................11
4.5 Alliance Web Platform and Alliance Web Platform Server-Embedded .................................11
5 List of Unused Services .........................................................................................................12
5.1 Oracle Solaris 10 Unused Services ......................................................................................12
5.2 AIX v6.1 Unused Services ....................................................................................................15
5.3 Windows Server 2008 R2 Unused Services .........................................................................15
5.4 Red Hat Enterprise Linux 5.7 ................................................................................................16
Legal Notices ....................................................................................................................................17

2 Information for Hardening Supported Operating Systems


Preface

Preface
Purpose
This document explains how to implement "system hardening" on a SWIFT host.
It is intended for customers who use the following Connectivity products:
· SWIFTNet Link 7.0
· Alliance Gateway 7.0
· Alliance Access 7.0
· Alliance Entry 7.0
· Alliance Web Platform 7.0
· Alliance Web Platform Server-Embedded 7.0
· WebSphere MQ Interface for Alliance Access 7.0

Audience
This document is intended for the following audience:
· Administrators of any of the above-listed Connectivity products
· System administrators for AIX, Oracle Solaris, Red Hat Enterprise Linux or Windows
operating systems

Significant changes
This document was updated to include information related to the Linux operating system.

Related documentation
The following documents are useful references:
· release letters for each of the above-listed Connectivity products
· Network Configuration Tables Guide
· security information for each of the relevant Connectivity products in the following guides:
- SWIFTNet Link Installation and Administration Guide
- Alliance Gateway Security Guide
- Alliance Access Installation and Administration Guide
- Alliance Access Security Guide
- Alliance Access System Management Guide
- Alliance Entry Installation and Administration Guide
- Alliance Entry Security Guide
- Alliance Entry System Management Guide
- WebSphere MQ Interface for Alliance Access Installation Guide
- WebSphere MQ Interface for Alliance Access User Guide
- Alliance Web Platform Installation Guide
- Alliance Web Platform Server-Embedded Installation Guide
- Alliance Web Platform Administration Guide

27 July 2012 3
Connectivity

1 Purpose of System Hardening


Purpose
The purpose of system hardening is to eliminate as many security risks as possible from a host
on which software is running.
SWIFT applications are designed to be secure, and a systems administrator can use the
information in this document to make the operating system of a SWIFT host more secure. It is
the customer’s responsibility to ensure that the SWIFT hosts are secure.
The SWIFT host is the machine on which SWIFT software is installed at a customer site. The
SWIFT hosts are business-critical systems. For example, SWIFTNet Link hosts process SWIFT
transactions and provide the entry point into the SWIFT network.
You can use system hardening to make the configuration of the SWIFT hosts more secure. In
most cases, you can achieve system hardening using the existing features of the system, which
entails little or no additional expense.

Connectivity products
This document provides the information to implement system hardening on AIX, Oracle Solaris,
Red Hat Enterprise Linux and Windows operating systems for the following Connectivity
products:
· SWIFTNet Link 7.0
· Alliance Gateway 7.0
· Alliance Access 7.0
· Alliance Entry 7.0
· Alliance Web Platform 7.0
· Alliance Web Platform Server-Embedded 7.0
· WebSphere MQ Interface for Alliance Access 7.0

1.1 Overview of Recommended Actions


Topic Page How to use this information
Listeners Installed for 2 SWIFT software installs and uses several TCP/IP (or UDP)
SWIFT Software listeners.
You can identify the listeners that SWIFT uses so that you can
enhance your security monitoring.
Accounts and Groups - 3 You can identify the accounts and groups that are required and
UNIX and Linux created during the installation of SWIFT software, to identify any
Accounts and Groups - unnecessary accounts or groups.
4
Windows Server 2008 It is good practice to delete or disable any unnecessary accounts
R2 on a critical system.
List of Unused Services 5 You can identify the services that are not required by the
SWIFTNet Link, Alliance Gateway, Alliance Access, Alliance
Entry, Alliance Web Platform, or Alliance Web Platform Server-
Embedded host. You can disable these unnecessary services
without impacting the operation of these products.
Every service has the potential of being an entry point into a
system if its security is vulnerable. Therefore, SWIFT
recommends that you disable any unnecessary services even if
there is no obvious way to exploit them or there was no problem
reported previously for the service.

You can find information about network filtering in the Network Configuration Tables Guide.

4 Information for Hardening Supported Operating Systems


Listeners Installed for SWIFT Software

2 Listeners Installed for SWIFT Software


This section outlines the listeners that the following products install and use: SWIFTNet Link,
Alliance Gateway, Alliance Access, Alliance Entry, Alliance Web Platform, and Alliance Web
Platform Server-Embedded.
You can monitor the usage of the listeners that the SWIFT Connectivity products use.
For every listener, the default TCP or UDP port is provided. If another port is selected instead of
the default port that is outlined below, then you must ensure that the default port is closed and
that the new specified port is open.

2.1 SWIFTNet Link


The following listeners are used on Windows, Linux and UNIX:

Listener Port (default) Bound to Comment


localhost only
Tuxedo GwtDomain 49168/tcp Yes This listening port is needed
for Tuxedo Gateway start-up.
No inbound connection is
made to this port.
Tuxedo GwtDomain 49169/tcp Yes This listening port is needed
for Tuxedo Gateway start-up.
No inbound connection is
made to this port.
Ldapproxy 48004/tcp Yes
ftla_ctrl 48003/tcp Yes When Alliance Gateway is
installed, this port is also
bound to the IP of sagta_ra
omslogd 48991/udp Yes
Security Server 48308-48311/tcp Yes
HSM Proxy 48321/tcp Yes For HSM Box Remote PED
only - Used to receive
Remote PED connection
requests from the HSM box.
HSM API Server 48330/tcp Yes New with SWIFTNet Link 7.0.
The listening port is required
to accept HSM API requests.
SNL Event Daemon 48000/udp Yes New with SWIFTNet Link 7.0.
Used for event recording and
forwarding
SNL Event Daemon 48326/tcp Yes New with SWIFTNet Link 7.0
HTTPS Gateway 15443/tcp No New with SWIFTNet Link 7.0
(Linux). The listener is
configured only if Fast
FileAct feature is activated.
HTTPS Gateway 48085/tcp Yes New with SWIFTNet Link 7.0
(Linux). The listener is
configured only if Fast
FileAct feature is activated.
ftla_server 48086 - 48089/tcp Yes New with SWIFTNet Link 7.0
(Linux). The listener is
configured only if Fast
FileAct feature is activated.

27 July 2012 5
Connectivity

In addition to the list above, the following listener is also used on Windows.

Listener Port (default) Bound to Comment


localhost only
BEAProcMgr 3050/tcp Yes
(Windows)

2.2 Remote PED Workstation


This applies only if an HSM Box Remote PIN Entry Device (PED) has been installed at a Remote
PED Workstation.

Listener Port (default) Bound to Comment


localhost only
HSM Remote PED 48322/tcp Yes Used to receive connections
Server from the SWIFTNet Link host

2.3 Alliance Gateway


Listener Port (default) Bound to Comment
localhost only
sagta_wf 48001/tcp Yes Configurable during
Alliance Gateway
installation
sagta_ra 48002/tcp No

ftla_ctrl 48003/tcp No

HTTPS listener 48005/tcp No Configurable during


Alliance Gateway-Web
Services (SOAP) Host
Adapter (WSHA) installation
Internal HTTPS listener 48443/tcp No Configurable by means of
over MV-SIPN internal tool
Application Server First available port from No (yes on Configurable by means of
(Remote Method 23891/tcp onwards Linux) public tools
Invocation - RMI)
(CORBA - ORB on
Linux)
Database listener First available port from Yes Not configurable
1561/tcp onwards

6 Information for Hardening Supported Operating Systems


Listeners Installed for SWIFT Software

2.4 Alliance Access and Alliance Entry


Listener Port Bound to Comment
(default) localhost only
SWRPC.swa_boot 48009/tcp No
SWRPC.<instance>.BS_lsys
<hostname> 48100/tcp No
SWRPC.<instance>.SNIS_TA 48101/tcp Yes
SWRPC.<instance>.BSS:BS_rmq 48102/tcp No
SWRPC.<instance>.BSS:BS_config 48103/tcp No
SWRPC.<instance>.BSS:BS_search 48104/tcp No
SWRPC.<instance>.MXS_HA 48105/tcp Yes
SWRPC.<instance>.SIS_TA 48106/tcp Yes
saarp.rmiRegistry 48107 No
saarp.rmiServer 48108 No
saarp.ssh 48109 No
saarp.http 48110 No
saaip.rmiRegistry 48111 No
saaip.rmiServer 48112 No
saaip.ssh 48113 No
saaip.http 48114 No
<instance>.messenger1 48200/tcp No For HTTPS connections via
Alliance Web Platform or
Web Services
<instance>.messengerA 48201/tcp No For Web Platform internal
communications
Application Server (Remote Method 48202/tcp No
Invocation - RMI)
<instance>.messengerB
MPConn1-MPConn5 5101 - No Only if package 18:CAS
5105/tcp TCP-IP is licensed, and if
(CAS) Interactive TCP/IP
message partners use
these ports
Database listener 1551/tcp Yes Not configurable

2.5 WebSphere MQ Interface for Alliance Access


(MQSA)
Listener Port (default) Bound to Comment
localhost only
SMQSFromMQSeries 5200/udp No
SMQSToMQSeries 5201/udp No

27 July 2012 7
Connectivity

2.6 Alliance Web Platform


Listener Port (default) Bound to Comment
localhost only
Database listener 1521/tcp No The
swp_configdbconnection
tool can be used to change
the value of this port. It can
also be used to restrict the
hosts from which a
connection can be
established.

2.7 Alliance Web Platform Server-Embedded


Listener Port (default) Bound to Comment
localhost only
Database listener First free port in the range Yes Not configurable
1531-1630/tcp (if all are in
use port 1531 is used)
Application Server First available port in the No Configurable via the
(Remote Method range: 23991-24090/tcp (if command swp_config -
Invocation - RMI) all are in use, then port changeport -rmi
23991 is used)
Application Server First available port in the No
(administration port) range: 23992-24092/tcp (if
all are in use, then port
23992 is used)
Embedded HTTP 48600/tcp No Configurable through the
Proxy Web Platform
Administration GUI.
HTTPS listener 2443/tcp on UNIX No Configurable via the
443/tcp on Windows command swp_config -
changeport -https

8 Information for Hardening Supported Operating Systems


Accounts and Groups - UNIX and Linux

3 Accounts and Groups - UNIX and Linux


This section outlines the accounts and groups that are defined for AIX, Oracle Solaris, or Red
Hat Enterprise Linux operating systems.

3.1 SWIFTNet Link


Account Name Comments Policy
SNL_OWNER user defined
(for example, swnet)
Group Name Comments
SWNETG_GROUP SNL_OWNER (swnet) must have as a primary group the
(for example, swnetg) SWNETG_GROUP.
Only SNL_OWNER (swnet) must be a member of SWNETG_GROUP
group (for example, swnetg).

3.2 Alliance Gateway


Account Name Comments Policy
SAG_OWNER The SAG_OWNER must be the same as the user defined
(for example, swnet) SNL_OWNER (by default, swnet)

Group Name Comments


SWNETG_GROUP Only SAG_OWNER (swnet) must be a member of SWNETG_GROUP
(for example, swnetg) group (for example, swnetg).

sagsnlg Only SAG_OWNER (swnet) must be a member of sagsnlg group unless


Alliance Gateway coexists with Alliance Access, Alliance Web Platform, or
Alliance Web Platform Server-Embedded.

3.3 Alliance Web Platform and Alliance Web Platform


Server-Embedded
Account Name Comments Policy
SWP_OWNER SWP_OWNER must be part of the sagsnlg group. user defined
(for example, You can create the group before installation, or
swpowner) the Alliance Web Platform installer creates it
during installation and adds the SWP_OWNER
account to it.

Group Name Comments


sagsnlg Only SWP_OWNER must be a member of the sagsnlg group, unless
Alliance Web Platform or Alliance Web Platform Server-Embedded
coexists with either Alliance Gateway or Alliance Access.

27 July 2012 9
Connectivity

4 Accounts and Groups - Windows Server


2008 R2
This section outlines the accounts and groups that are required for the Windows Server 2008 R2
operating system.

4.1 SWIFTNet Link


Account Name Comments Policy
SNL_OWNER This user must be a member of the Local user defined
(for example, swnet) Administrators group.

4.2 Remote PED Workstation


Account Name Comments Policy
PED_OWNER This user must be a member of the Local user defined
Administrators group. This user is used to install
and use Remote PED server.

4.3 Alliance Gateway


Account Name Comments Policy
SAG_OWNER The SAG_OWNER must be the same as the user defined
(for example, swnet) SWIFTNet Link instance owner (by default,
swnet).
This user must be a member of the Local
Administrators group.

RA_OWNER It is recommended but not mandatory that this user defined


(for example, ra_user) user is a member of the Local Administrators
group only for installation.

Group Name Comments


ORA_<SAG_ID>_DBA The group is created during installation and the SAG_OWNER account is
(for example, added to it. Only SAG_OWNER must be a member of this group.
ORA_Sag1_DBA)
ORA_DBA The group is the database administrator group created during installation.
The ORA_DBA group should ideally remain empty. If it contains an
account, it should only be the account(s) of the Alliance software owners
installed on the host.

10 Information for Hardening Supported Operating Systems


Accounts and Groups - Windows Server 2008 R2

4.4 Alliance Access and Alliance Entry


The Alliance Access or Alliance Entry installer does not create accounts. The ALLIANCE_ADMIN
account is used to install the software.

Account Name Comments Policy


ALLIANCE_ADMIN This user must be a member of the Local user defined
(for example, all_adm) Administrators group.

Group Name Comments


ORA_<INSTANCE>_DBA The group is created during installation and the ALLIANCE_ADMIN
(for example, account is added to it. Only ALLIANCE_ADMIN must be part of this
ORA_ACCESS_DBA) group.
<INSTANCE> is the Oracle instance name: ACCESS.
ORA_DBA The group is the database administrator group created during
installation. The ORA_DBA group should ideally remain empty. If it
contains an account, it should only be the account(s) of the Alliance
software owners installed on the host.

4.5 Alliance Web Platform and Alliance Web Platform


Server-Embedded
Account Name Comments Policy
SWP_OWNER This user must be part of the user defined
(for example, swpowner) ORA_<SWP_INSTANCE>_DBA group.
This user must be a member of the Local
Administrators group.
Group Name Comments
ORA_<SWP_INSTANCE> The Alliance Web Platform installer creates the group during installation
_DBA and adds the SWP_OWNER account to it. Only SWP_OWNER must be
(for example, part of this group.
ORA_SWP01_DBA)
ORA_DBA The group is the database administrator group created during
installation. The ORA_DBA group should ideally remain empty. If it
contains an account, it should only be the account(s) of the Alliance
software owners installed on the host.

27 July 2012 11
Connectivity

5 List of Unused Services


This section outlines the unused operating systems services and helps you to identify the
services that you can disable without impacting the products: SWIFTNet Link, Alliance Gateway,
Alliance Access, Alliance Entry, Alliance Web Platform, or Alliance Web Platform Server-
Embedded.

Note The lists in this section are valid for each of the products.

5.1 Oracle Solaris 10 Unused Services


You can disable the Oracle Solaris 10 services listed in the following table.

Note If access to a CD or DVD is required, then do not disable the services indicated by 'ü'
in the following table. Ensure that these services are enabled during the installation
process or for the upload of the quarterly BIC Directory.

Oracle Solaris 10 Service Names CD/DVD


rpcbind (svc:/network/rpc/bind:default) ü
secure RPC (svc:/network/rpc/keyserv:default) ü
NIS server (svc:/network/nis/server:default)
NIS server (svc:/network/nis/passwd:default)
NIS server (svc:/network/nis/update:default)
NIS server (svc:/network/nis/xfr:default)
NIS client (svc:/network/nis/client:default)
NIS+ (svc:/network/rpc/nisplus:default)
LDAP cache mgr (svc:/network/ldap/client:default)
Kerberos server (svc:/network/security/kadmin:default)
Kerberos server (svc:/network/security/krb5kdc:default)
Kerberos server (svc:/network/security/krb5_prop:default)
Kerberos client (svc:/network/security/ktkt_warn:default)
GSS (svc:/network/rpc/gss:default) ü
volume manager (svc:/network/rpc/smserver:default) ü
NFS server (svc:/network/nfs/server:default)
NFS server (svc:/network/nfs/cbd:default) ü
NFS server (svc:/network/nfs/mapid:default) ü
rquota (svc:/network/nfs/rquota:default)
NFS client (svc:/network/nfs/client:default) ü
NFS client/server (svc:/network/nfs/status:default) ü
NFS client/server (svc:/network/nfs/nlockmgr:default) ü
auto mount (svc:/system/filesystem/autofs:default)
telnet server (svc:/network/telnet:default)
FTP server (svc:/network/ftp:default)
remote login server (svc:/network/login:rlogin)
remote shell server (svc:/network/shell:default)

12 Information for Hardening Supported Operating Systems


List of Unused Services

Oracle Solaris 10 Service Names CD/DVD


boot service (svc:/network/rpc/bootparams:default)
boot service (svc:/network/rarp:default)
DHCP server (svc:/network/dhcp-server:default)
DNS client (svc:/network/dns/client:default)
print servers (svc:/application/print/server:default)
print servers (svc:/application/print/rfc1179:default)
Apache web server (svcadm disable svc:/network/http:apache2)
Apache web server (/etc/rc3.d/S50apache)
Apache web server (/etc/rc2.d/S42ncakmod)
Apache web server (/etc/rc2.d/S94ncalogd)
Solaris Volume Manager (software RAID)services (svc:/system/metainit:default)
Solaris Volume Manager (software RAID)services (svc:/platform/sun4u/mpxio-
upgrade:default)
Solaris Volume Manager (software RAID) services (svcadm disable
svc:/system/mdmonitor:default)
Solaris Volume Manager GUI services (svc:/network/rpc/mdcomm:default)
Solaris Volume Manager GUI services (svc:/network/rpc/meta:default)
Solaris Volume Manager GUI services (svc:/network/rpc/metamed:default)
Solaris Volume Manager GUI services (svc:/network/rpc/metamh:default)
svc:/network/chargen:dgram
svc:/network/chargen:stream
svc:/network/daytime:dgram
svc:/network/daytime:stream
svc:/network/discard:dgram
svc:/network/discard:stream
svc:/network/echo:dgram
svc:/network/echo:stream
svc:/network/inetd-upgrade:default
svc:/network/ipfilter:default
svc:/network/ntp:default
svc:/network/time:dgram
svc:/network/time:stream
svc:/network/rpc/rex:default
svc:/network/rexec:default
svc:/network/uucp:default
svc:/network/comsat:default
svc:/network/rpc/spray:default
svc:/network/rpc/wall:default
svc:/network/tname:default
svc:/network/talk:default

27 July 2012 13
Connectivity

Oracle Solaris 10 Service Names CD/DVD


svc:/network/finger:default
svc:/network/rpc/rstat:default
svc:/network/rpc/rusers:default
svc:/network/rpc/ocfserv:default
svc:/network/login:eklogin
svc:/network/login:klogin
svc:/network/shell:kshell
svc:/system/power:default
svc:/system/sar:default
svc:/system/rcap:default
svc:/network/slp:default
svc:/application/management/webmin:default
svc:/system/consadm:default
svc:/system/webconsole:console
svc:/system/filesystem/volfs:default ü
svc:/application/gdm2-login:default
svc:/application/print/ipp-listener:default
svc:/application/management/dmi:default
svc:/application/cde-printinfo:default
svc:/application/graphical-login/cde-login:default ü
svc:/application/management/wbem:default
svc:/system/name-service-cache:default
svc:/network/apocd/udp:default
svc:/application/x11/xfs:default
svc:/application/font/stfsloader:default
svc:/network/rpc-100235_1/rpc_ticotsord:default
svc:/network/samba:default
svc:/network/rpc/cde-calendar-manager:default
svc:/network/cde-spc:default
svc:/network/rpc/cde-ttdbserver:tcp
svc:/network/smtp:sendmail
/etc/rc2.d/S40llc2
/etc/rc2.d/S47pppd
/etc/rc2.d/S70uucp
/etc/rc2.d/S72autoinstall
/etc/rc2.d/S73cachefs.daemon
/etc/rc2.d/S89bdconfig
/etc/rc2.d/S89PRESERVE
/etc/rc3.d/S16boot.server
/etc/rc3.d/S52imq

14 Information for Hardening Supported Operating Systems


List of Unused Services

Oracle Solaris 10 Service Names CD/DVD


/etc/rc3.d/S84appserv
/etc/rc3.d/S80mipagent

5.2 AIX v6.1 Unused Services


You can disable the following AIX v6.1 services.

AIX v6.1 Service Name


telnet ttdbserver routed
shell dtspc gated
kshell comsat timed
login bootps rwhod
klogin tftp mrouted
exec talk snmpd
uucp ntalk hostmibd
finger rquotad dpid2
systat rstatd lpd
netstat rusersd portmap
rexd rwalld autoconf6
echo sprayd ndpd-router
discard pcnfsd ndpd-host
chargen cmsd piobe
daytime sendmail i4ls
time NIS server httpdlite
instsrv NIS client pmd
imap2 NFS server writesrv
pop3 NFS client imqss
wsmserver GUI login
qdaemon uprintfd

5.3 Windows Server 2008 R2 Unused Services


You can disable all or some of the following Windows Server 2008 R2 services.

Note Do no disable the Print Spooler service for Alliance Access and Alliance Entry.

Windows Server 2008 R2 Service Name


Fax Service Remote Procedure Call (RPC) Locator
(RpcLocator)
File Replication Remote Registry
FTP Publishing Service Remote Storage Notification
Help and Support Remote Storage Server
IIS Admin Service Simple Mail Transfer Protocol (SMTP)
(SMTPSVC)

27 July 2012 15
Connectivity

Indexing Service Simple Network Management Protocol (SNMP)


Service
License Logging Service SNMP Trap
Microsoft POP3 Service Telephony (TapiSrv)
Print Server for Macintosh Telnet (TlntSvr)
Print Spooler Terminal Services (TermService)
Remote Access Auto Connection Manager
Remote Access Connection Manager (RasMan) WLAN AutoConfig
Remote Administration Service Wireless Configuration
Remote Desktop Help Session Manager World Wide Web Publishing Services (W3SVC)
(RDSessMgr)

5.4 Red Hat Enterprise Linux 5.7


You can disable all or some of the following services on the base installation of Red Hat
Enterprise Linux 5.7

Red Hat Enterprise Linux 5.7 Service Name

sendmail hidd

anacron ip6tables

avahi-daemon iscsi

avahi-dnsconfd iscsid

autofs pcscd

bluetooth rpcgssd

firstboot rpcidmapd

gpm xfs

16 Information for Hardening Supported Operating Systems


List of Unused Services

Legal Notices
Copyright
SWIFT © 2012. All rights reserved.
You may copy this publication within your organisation. Any such copy must include these legal notices.

Confidentiality
This publication contains SWIFT or third-party confidential information. Do not disclose this publication outside your
organisation without the prior written consent of SWIFT.

Disclaimer
SWIFT supplies this publication for information purposes only. The information in this publication may change from
time to time. You must always refer to the latest available version on www.swift.com.

Translations
The English version of SWIFT documentation is the only official version.

Trademarks
SWIFT is the trade name of S.W.I.F.T. SCRL. The following are registered trademarks of SWIFT: SWIFT, the SWIFT
logo, 3SKey, Innotribe, Sibos, SWIFTNet, SWIFTReady, and Accord. Other product, service, or company names in
this publication are trade names, trademarks, or registered trademarks of their respective owners.

27 July 2012 17

You might also like